|
|
|
|
|
|
by eqvinox
1097 days ago
|
|
|
> FWIW I'm pretty sure this is how Microsoft does it. Verifier is in userland and signs programs post-verification. Almost. Yes the verifier is in userland, but it doesn't sign things — it's a trusted component of the system, there's no need for a signature on this step. It simply says "OK". But the verifier itself is covered by the usual system integrity mechanisms. |
|
|