First post here!
Reading rc23629 saw an interesting reference to a new security technology that maybe could be useful to the scene. It's called NSCB. Technet
Q: Are the keys stored on the SSC renewable?
A: No, but neither are they retrievable in any practical way. It is technically conceivable that a dedicated hacker could physically pull the SSC from the motherboard and attack it in a way that would produce the key, provided he or she had access to the hardware. However, this would be an extreme case and even then would only affect the single machine (i.e., it would not be a break once, break everywhere, or "BOBE" attack).
A: This is simply not true. The nexus-aware security chip (the SSC) and other NGSCB features are not involved in the boot process of the operating system or in its decision to load an application that does not use the nexus. Because the nexus is not involved in the boot process, it cannot block an operating system or drivers or any nexus-unaware PC application from running. Only the user decides what nexus-aware applications get to run. Anyone can write an application to take advantage of new APIs that call to the nexus and related components without notifying Microsoft or getting Microsoft's approval.
It will be possible, of course, to write applications that require access to nexus-aware services in order to run. Such an application could implement access policies that would require some type of cryptographically signed license or certificate before running. However, the application itself would enforce that policy and this would not impact other nexus-aware applications. The nexus and NCAs isolate applications from each other, so it is not possible for an individual nexus-aware application to prevent another one from running.
Hope this light the path a little.... Maybe they're answering our existential questions