For now (and I haven't seen an annoucement of a coming change about it), only tr... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Harvesterify on July 26, 2022 | parent | context | favorite | on: The Dangers of Microsoft Pluton

For now (and I haven't seen an annoucement of a coming change about it), only trustlets signed by Microsoft can be executed in the VSM (Virtual Secure Mode), so you won't be able to write a malware or a rootkit that leverages it to hide the execution flow.

badrabbit on July 26, 2022 [–]

Thanks for clarifying. With drivers they get around that by using vulnerable drivers, but this isn't regular kernel mode code execution, and MS will probably revoke certs for future vulnerable trustlets? (Or not, since that can cause outages). Sounds like a whole new area of research.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact