I wonder if this will be the end of unsupported devices being able to update.
There'll always be ways to run on VM's -- emulated hardware can get round pretty well any "Physical" restrictions --the cost might be performance though on "Unsupported" hardware such as "Emulated CPU's" or "TPM's". However IBM's emulated TPM is quite robust and I doubt whether even a company the size of Microsoft could "Break" IBM's emulation.
Anybody who has ever worked with older IBM mainframes when it was known as "Big Blue" must have heard of RACF (Resource Access Control Facility --their security system) which unless you had insider access to the OS really was "Unhackable". The only way to do it was to get your "Friendly system programmer" to add an extra "SVC" Supervisor Call" module to the kernel usually 1 instruction -- in the old asembly language BR 0 which meant branch and start executing the code starting at the address contained in Reg 0 and do a "Nucleus generation" to add SVC 255 (IGC255).
You could model your malicious "User Code" on something like this
MYPROG CSECT ,
CLASS_A CATTR RMODE(31)
BASR 12,0 Set base register
USING *,12 Addressability for this element
- - -
* Address of CLASS_B segment assumed to be returned in register 8
- - -
A 8,BDATAOff Add offset of BDATA in CLASS_B
USING BDATA,8
- - -
BDATAOff DC Q(BDATA) Offset of BDATA
- - -
CLASS_B CATTR DEFLOAD,RMODE(ANY) Define deferred-load class
- - -
BDATA DS F Data in deferred-load class
Use Reg 0 for the address and simply execute say SVC 255 and your code will start executing at your address in supervisor mode -- just alter psw status word and "You are in business". However this can't be done from Outside the system.
Now you are in "supervisor mode and have the "Keys of the kingdom".
"Hacking Mainframes --101"
I'm sure there are a myriad ways of getting at the Windows kernel so a VM wouldn't have problems "emulating required hardware".
Cheers
jimbo
