Date: Fri, 2 Oct 2020 07:50:21 +0400 From: Gleb Popov <arrowd@freebsd.org> To: Raj J Putari <jmaharaj2013@gmail.com> Cc: freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: Idea: Signing software with stuff like ssl certs Message-ID: <CALH631=hhwwt%2BbkV3xqBe5UhRgw8%2BNUrfuaR3=TyjHZ8gB8Nzg@mail.gmail.com> In-Reply-To: <BYAPR05MB63115BE732604EBC3696824AFA310@BYAPR05MB6311.namprd05.prod.outlook.com> References: <BYAPR05MB63115BE732604EBC3696824AFA310@BYAPR05MB6311.namprd05.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 2, 2020, 06:10 Raj J Putari <jmaharaj2013@gmail.com> wrote: > No code yet, I don=E2=80=99t want to use qemu because I heard its fast, b= ut really > hacky, but I=E2=80=99m working on buying parallels on the third with my S= SI money > because my dad bought me a mac pro 2013 off amazon (which is amazing by t= he > way) > > For ports and packages, a package distributor signs the software with an > encrypted key, and in the kernel we check it and decrypt it on the fly, o= r > store information in the swap (which can be encrypted as well), or in a > directory, I suggest in the /var or possible /usr directory, but I don=E2= =80=99t > really want to break heirachy for systematic reasons > > In the kernel, probably in some directory, we have a source file that > loads, checks, and does various checks on the cert and checks it, and if = it > passes the tests, it loads it into memory and executes it, using > conventional programming > > Failing that, and I can work on this later, but I prefer if someone else > did, we can just have a userland application that generates a key and sig= ns > it (not sure how, I haven=E2=80=99t really googled or checked on it) > > Also we need some kind of web site and possible a protocol (welcome back > 90s) that deals with issuing certificates for software such as > applications, software, and device drivers, kind of like letsencrypt > > My logic is that if you cannot access a resource due to encryption, you > cannot hack it > > I honestly suggest. Fork, since if you encrypt the entire kernel, theres > going to be problems, so I strongly suggest everyone team up with their > associates and make a fork, or possibly implement it in openbsd > > What does everyone think? When I get my check, im going to cludge around > in FBSD13-CURRENT > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= " > No offense, but the message looks like it was autogenerated using some neural network algorithm. Sorry if I'm mistaken. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALH631=hhwwt%2BbkV3xqBe5UhRgw8%2BNUrfuaR3=TyjHZ8gB8Nzg>