A comment ignorant of all things said so far..
I'm ignorant of both low kernel level science and the silicon infrastructure that runs it; but even I can maybe comment on crazy ideas on how to mitigate it, at least some more. Maybe they need a section of the CPU, or perhaps even something placed at a tactical bus monitoring all digital traffic, that runs a read only AI program that checks all logic results running in the CPU, and maybe even I/O ports, that looks for activity that could change the state of root privileges. Or maybe something similar to steady state invented to prevent compromise of disk memory; only it would be a steady state architecture that monitored the CPU to keep it at one state of permissions and only that one state. It would be the changes that would suck - because it would naturally have to be difficult to manually change administrative permissions at that level. Maybe the AI chip could keep a read only snap shot of the true state, and when it changes, reset the CPU to the former state, so that operations could continue normally.
Bear in mind, I'm ignorant, but I like to brainstorm none the less - it would seem like such a scheme - when under attack would show evidence not only to the AI chip but to anyone using the machine or services. They would hopefully be nothing more that blips in operation, but plenty noticeable enough that IT personnel could react to the attack. Perhaps the introduction of a laser programming device plugged into the machine would be the only way to change the kernel level permissions in the AI as a singular way to rewrite the permissions at that level, and from then on, it would only be necessary to detect a change in that state - maybe using the term "Advanced Intelligence" is overkill, it might not have to be that advanced at all.
I remember when protecting the state of recorded memory of spinning magnetic discs was done with steady state boards plugged into the mother board to control snap shots of the former state of memory in the disc - if users noticed an attack or compromise any time during operation, they could simply reboot and recover back to the former state, and no malware or subsequent changes to memory were in existence any more. Microsoft invented Steady State for 2000 and XP using only code operations, I assume at the master boot record level, or perhaps a partition created for such duty, with no need of hardware. But it wasn't perfect and could be compromised, so they abandoned it when Vista came out. There are still coders out there that claim they can still do it right, but I've not tested any of their claims, but one made by Faronics(years ago), and it met the claims at that time. I'm not even sure they work on the new UEFI scheme and/or Windows 10 now. Libraries still used something like it - last I checked. Faronics used to use "Deep Freeze" successfully for years doing the same thing.
My coat is the one with the pocket protector in the breast pocket.
Biting the hand that feeds IT
