Its too bad I am not in Gainesville anymore. It seems like there are some good activities going on. Anyway, since we have such renowned security expert(s) ;-) on the list I would like to pose a question. There has been much talk of lower level rootkits like the Blue Pill that subvert the kernel using virtualization and ones that hide in the motherboard BIOS or peripheral BIOS. How can one be sure that nothing sneaks in the boot phase before control is handed to the OS? I have read about secure booting that uses a mostly encrypted, custom BIOS to compare hashes of the peripheral firmware and HDD boot sectors (e.g., http://www.cs.umd.edu/~waa/pubs/oakland97.pdf). I am thinking a TPM would also be a viable solution?