|
|
|
|
|
|
by A1kmm
1043 days ago
|
|
|
Could you not have a tiny certified kernel program with an embedded public key that reads the main program, hashes it, checks the signature, and executes it (providing the keys to the main program). Obviously, if you change the kernel program, you would change the keys, but you could change the main program. Anyone with the private key then has the power... they could migrate by running a new kernel (while the TKey is under their physical control) and generate a keypair (deterministically from the new secret key) and export the public key. Then the controller of the private key could sign a program to run under the old kernel that will encrypt that old key with the new public key. |
|
|