Idea: Signing software with stuff like ssl certs

[Raj J Putari]

No code yet, I don’t want to use qemu because I heard its fast, but really hacky, but I’m working on buying parallels on the third with my SSI money because my dad bought me a mac pro 2013 off amazon (which is amazing by the way)

For ports and packages, a package distributor signs the software with an encrypted key, and in the kernel we check it and decrypt it on the fly, or store information in the swap (which can be encrypted as well), or in a directory, I suggest in the /var or possible /usr directory, but I don’t really want to break heirachy for systematic reasons

In the kernel, probably in some directory, we have a source file that loads, checks, and does various checks on the cert and checks it, and if it passes the tests, it loads it into memory and executes it, using conventional programming

Failing that, and I can work on this later, but I prefer if someone else did, we can just have a userland application that generates a key and signs it (not sure how, I haven’t really googled or checked on it)

Also we need some kind of web site and possible a protocol (welcome back 90s) that deals with issuing certificates for software such as applications, software, and device drivers, kind of like letsencrypt

My logic is that if you cannot access a resource due to encryption, you cannot hack it

I honestly suggest. Fork, since if you encrypt the entire kernel, theres going to be problems, so I strongly suggest everyone team up with their associates and make a fork, or possibly implement it in openbsd

What does everyone think? When I get my check, im going to cludge around in FBSD13-CURRENT