Idea: Signing software with stuff like ssl certs
Raj J Putari
jmaharaj2013 at gmail.com
Fri Oct 2 02:10:39 UTC 2020
No code yet, I don’t want to use qemu because I heard its fast, but really hacky, but I’m working on buying parallels on the third with my SSI money because my dad bought me a mac pro 2013 off amazon (which is amazing by the way)
For ports and packages, a package distributor signs the software with an encrypted key, and in the kernel we check it and decrypt it on the fly, or store information in the swap (which can be encrypted as well), or in a directory, I suggest in the /var or possible /usr directory, but I don’t really want to break heirachy for systematic reasons
In the kernel, probably in some directory, we have a source file that loads, checks, and does various checks on the cert and checks it, and if it passes the tests, it loads it into memory and executes it, using conventional programming
Failing that, and I can work on this later, but I prefer if someone else did, we can just have a userland application that generates a key and signs it (not sure how, I haven’t really googled or checked on it)
Also we need some kind of web site and possible a protocol (welcome back 90s) that deals with issuing certificates for software such as applications, software, and device drivers, kind of like letsencrypt
My logic is that if you cannot access a resource due to encryption, you cannot hack it
I honestly suggest. Fork, since if you encrypt the entire kernel, theres going to be problems, so I strongly suggest everyone team up with their associates and make a fork, or possibly implement it in openbsd
What does everyone think? When I get my check, im going to cludge around in FBSD13-CURRENT
More information about the freebsd-hackers
mailing list