[duaneb]

Ahh, ok. Might actually be enough to, say, copy an encryption key out of kernel memory then?

[limmeau]

Most of the techniques described in the slides require ring-0 privileges (replacing descriptor tables and page tables etc). If you have those privileges, you can copy what you want anyway.

Unless the encryption key is guarded by something with SMM privileges -- has that been done?

[duaneb]

Well the original idea was a rootkit, which traditionally requires ring-0 privileges to install in the first case.