Secure Infrastructure [Crypto signed ISO images]
David Christensen
dpchrist at holgerdanske.com
Sun Mar 9 01:19:16 UTC 2014
On 03/08/2014 02:31 PM, grarpamp wrote:
> Until the FreeBSD project ...
> (1) moves to a repository ... [that] has an internal crypto hash structure ...
> (2) has and uses deterministic reproducible builds for everything flowing downstream from that ...
> ... signing the periphery may look good to the casual observer, but
it is ultimately untraceable in any cryptographic sense to the code from
which those periphery elements are purported to come from.
What about the processor microcode, device(s) firmware, BIOS, extension
ROM(s), boot managers, boot loaders, kernels, operating systems,
installed software, etc., of the machines used to serve the repository
and do the builds?
David
More information about the freebsd-questions
mailing list