Trust system write-up
Ian Lepore
ian at freebsd.org
Mon Oct 23 16:14:59 UTC 2017
On Sun, 2017-10-22 at 18:14 -0400, Eric McCorkle wrote:
> Hello everyone,
>
> The following is a write-up of my current design for a public-key trust
> system:
>
> https://www.metricspace.net/files/freebsd_trust.pdf
>
> Some of you are certainly familiar with some or all of this;
> I've discussed parts of it before on -hackers and -security, and I
> discussed it in greater detail in BoF sessions at vBSDCon. It seems
> things are heating up in this direction, so I'd like to get this out
> there and get discussion and feedback.
>
> I plan on undertaking work on this in the very near future, especially
> since the commit-train for GELI EFI is ready to arrive in HEAD.
>
> A bit about the format: this is sort of the "meat" of what I hope will
> be a paper some day, but it's still an initial draft. Moreover, it
> talks about things I'm planning as if they exist, mainly because I don't
> want to have to go back and rewrite everything in the future. In
> reality, most of what I talk about is just a proposal at this point,
> with a few bits being implemented as a PoC here and there.
>
> Please read and consider the designs I've proposed. I welcome any
> feedback and suggestions. I'll give it a week minimum from today before
> I resume any work on this stuff.
>
>
> Note: Apologies for the external link; I had originally included this as
> an attachment, but it was too large.
> _______________________________________________
Any thoughts on how to validate executables which are not elf binaries,
such as shell scripts, python programs, etc?
-- Ian
More information about the freebsd-arch
mailing list