Date: Fri, 2 Oct 2020 02:10:32 +0000 From: Raj J Putari <jmaharaj2013@gmail.com> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Idea: Signing software with stuff like ssl certs Message-ID: <BYAPR05MB63115BE732604EBC3696824AFA310@BYAPR05MB6311.namprd05.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
No code yet, I don=92t want to use qemu because I heard its fast, but reall= y hacky, but I=92m working on buying parallels on the third with my SSI mon= ey because my dad bought me a mac pro 2013 off amazon (which is amazing by = the way) For ports and packages, a package distributor signs the software with an en= crypted key, and in the kernel we check it and decrypt it on the fly, or st= ore information in the swap (which can be encrypted as well), or in a direc= tory, I suggest in the /var or possible /usr directory, but I don=92t reall= y want to break heirachy for systematic reasons In the kernel, probably in some directory, we have a source file that loads= , checks, and does various checks on the cert and checks it, and if it pass= es the tests, it loads it into memory and executes it, using conventional p= rogramming Failing that, and I can work on this later, but I prefer if someone else di= d, we can just have a userland application that generates a key and signs i= t (not sure how, I haven=92t really googled or checked on it) Also we need some kind of web site and possible a protocol (welcome back 90= s) that deals with issuing certificates for software such as applications, = software, and device drivers, kind of like letsencrypt My logic is that if you cannot access a resource due to encryption, you can= not hack it I honestly suggest. Fork, since if you encrypt the entire kernel, theres go= ing to be problems, so I strongly suggest everyone team up with their assoc= iates and make a fork, or possibly implement it in openbsd What does everyone think? When I get my check, im going to cludge around in= FBSD13-CURRENT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BYAPR05MB63115BE732604EBC3696824AFA310>