kmd wrote:and other question:lolwut?
if you read ESET article about gapz they mentioned ELAM is bad in relation to bootkits.
I didn't noticed it earlier.
ELAM was created for ISV, so they will be able load their drivers before "boot" drivers and ISV be able to control other boot drivers loading, in simple words: give the safe, documented way to start first in drivers booting chain. It wasn't designed to fight against bootkits. He stated this and can stop at this point. But no, next you can see an example of crappy AV promotion -> security researcher from AV company shows OS vendor as if it is lacking of security in their newly implemented security feature. Yes, they are all idiots, and only in ESET are real specialists.
ELAM was designed to be a part of Windows NT 6.2 secured boot architecture. Not a standalone feature. "Secure boot" protocol which is part of UEFI 2.3.1 is what was designed to address bootkits.
Overall I suggest author RTFM next time before posting such crappy AV article.