Idea: Signing software with stuff like ssl certs
Gleb Popov
arrowd at freebsd.org
Fri Oct 2 03:50:33 UTC 2020
On Fri, Oct 2, 2020, 06:10 Raj J Putari <jmaharaj2013 at gmail.com> wrote:
> No code yet, I don’t want to use qemu because I heard its fast, but really
> hacky, but I’m working on buying parallels on the third with my SSI money
> because my dad bought me a mac pro 2013 off amazon (which is amazing by the
> way)
>
> For ports and packages, a package distributor signs the software with an
> encrypted key, and in the kernel we check it and decrypt it on the fly, or
> store information in the swap (which can be encrypted as well), or in a
> directory, I suggest in the /var or possible /usr directory, but I don’t
> really want to break heirachy for systematic reasons
>
> In the kernel, probably in some directory, we have a source file that
> loads, checks, and does various checks on the cert and checks it, and if it
> passes the tests, it loads it into memory and executes it, using
> conventional programming
>
> Failing that, and I can work on this later, but I prefer if someone else
> did, we can just have a userland application that generates a key and signs
> it (not sure how, I haven’t really googled or checked on it)
>
> Also we need some kind of web site and possible a protocol (welcome back
> 90s) that deals with issuing certificates for software such as
> applications, software, and device drivers, kind of like letsencrypt
>
> My logic is that if you cannot access a resource due to encryption, you
> cannot hack it
>
> I honestly suggest. Fork, since if you encrypt the entire kernel, theres
> going to be problems, so I strongly suggest everyone team up with their
> associates and make a fork, or possibly implement it in openbsd
>
> What does everyone think? When I get my check, im going to cludge around
> in FBSD13-CURRENT
>
>
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
No offense, but the message looks like it was autogenerated using some
neural network algorithm. Sorry if I'm mistaken.
>
More information about the freebsd-hackers
mailing list