You are assuming that the signed code can be trusted, which is a bad assumption. The signed code is from a vendor; how many vendors ship code with broken security; how many vendors would you expect to happily sign code with broken security, in the PC world? Answer: all of them :-)
This development should not be a surprise to anyone, but evidently it is. We've been trying to warn people about this possibilty for 10 years; nobody seemed to care. I am hoping they care more now.
I still feel the only solution to building PC systems you can trust is to turn to open code bases for ALL BIOS code. It's just too easy to hide some very nasty things in a 1 Mbyte binary blob.
BTW, this BIOS exploit is the tip of the iceberg. Check this one out: http://en.wikipedia.org/wiki/Intel_Active_Management_Technology. How can your work around that one? It may be the only way to build machines we can trust is to get ouf of the x86 world entirely.
ron

not really. Source code analysis goes just so far. Multiplied by 1M, it goes less far still. And then there's this little issue: http://en.wikipedia.org/wiki/Halting_problem
ron

We will probably approach MS at some point, if it appears to be necessary, and see if they are interested. I do have friends there who might be interested in what we're doing.
The biggest limit we've found on the VM side is memory footprint of the VM guests, and it's very easy to control that with Linux; harder with Windows. We have some ideas in that area too, but it's way too early to speculate on them.
But from my point of view, it is a lot easier to do this kind of work in Linux than in Windows (I have done NT drivers in a past life), not least because of the openness of the environment. Hence, I'd rather try to find a way to make it all work on Linux.
Consider this work the beginning of the story; it's not even chapter 1, maybe it's the preface. There's a lot of work left to do. There's a lot we still don't know.
thanks
ron

Hi, Ron here. Just thought I would mention a few things.
I love the "life imitates xkcd" aspect. :-)
We're well aware that Wine is not quite enough to run many windows bots. Until a year or so ago, however, there was a researcher in North Carolina running Storm under Wine, but he told me that that effort ended when Storm added a kernel driver. We've got some ideas in that area. We expect that implementing them will cost less than 1 million Vista licenses.
I was surprised to find I have become a cybersecurity expert! What I really am is an HPC expert who is using HPC tools and resources to build a system for studying cybersecurity phenomena on a millions-of-nodes scale.
Doing anything with a million of something gets interesting fast. There's a lot of interesting challenges.
Thanks
ron