Note that the term "unreal mode" is already historically taken to refer to running an x86 processor in realmode with unlimited segment limits (http://en.wikipedia.org/wiki/Unreal_mode ).
What I find most interesting about all these protections is that they theoretically could be defeated completely with a series of small single-byte changes, since ultimately everything rests on a series of decisions (conditional jumps) - "is the certificate valid?" "is the certificate trusted?" "is the user allowed to do X?" - and all that you have to do is make that decision always go one way or the other. It doesn't matter how much crypto is behind that verification, it all rests on that one decision, literally a one-bit difference in the output of a gate in the CPU at runtime. Even if the OS itself doesn't allow this, as long as there is no real decryption involved, you can boot a LiveCD or remove the drive and plug it into another machine. "Secure boot" and TPM just require going a bit deeper into modifying the BIOS itself, but the same principle of changing the decision applies.
The content of this presentation is very interesting, but it just serves to illustrate a distressing slide into the non-ownership of your own devices. Apple has thankfully not gone too far down this path (beyond gatekeeper at least).
Why should I give up control of my own devices just so media that'll end up pirated at some point regardless of the level of protection that Microsoft throws at the PC can have its own dedicated path to a video card?
What I find most interesting about all these protections is that they theoretically could be defeated completely with a series of small single-byte changes, since ultimately everything rests on a series of decisions (conditional jumps) - "is the certificate valid?" "is the certificate trusted?" "is the user allowed to do X?" - and all that you have to do is make that decision always go one way or the other. It doesn't matter how much crypto is behind that verification, it all rests on that one decision, literally a one-bit difference in the output of a gate in the CPU at runtime. Even if the OS itself doesn't allow this, as long as there is no real decryption involved, you can boot a LiveCD or remove the drive and plug it into another machine. "Secure boot" and TPM just require going a bit deeper into modifying the BIOS itself, but the same principle of changing the decision applies.