| From: R. Russell Reiter <rreiter91@gmail.com> | Here's a link to a talk on secure boot exploits etc. There's a bit on | exploits which come in over the video aperture in order to flip the bits | and get write permission on the secured stack, which I found | interesting. An interesting video, thanks. But it is nothing actually to do with video. It is all to do with the many different ways memory addresses get mapped in the x86 architecture and how each of them can create ways of addressing physical resources that need to be protected. Many protection mechnisms work on limiting address ranges and various address mappings, if not carefuly restricted themselves, can evade the primary protections. In the cases he mentioned. System Management Mode code and data is protected by some address restriction method. But if the apperture is set to point into the SMM area, certain ops can clobber SMM memory. The details are technical and I have not retained them in the few hours since I saw it. This just emphasizes that complexity is the enemy of security. All the systems that they attacked seemed complicated to me. Sometimes because of how the x86 has evolved as a set of interlocking hacks. I wonder if we can use the A20 gate to fool some of these checks. Now there is cruft.