undefined | Better HN

0 pointseqvinox2y ago0 comments

> FWIW I'm pretty sure this is how Microsoft does it. Verifier is in userland and signs programs post-verification.

Almost. Yes the verifier is in userland, but it doesn't sign things — it's a trusted component of the system, there's no need for a signature on this step. It simply says "OK". But the verifier itself is covered by the usual system integrity mechanisms.

0 comments

insanitybit2y ago

I see, thanks.

j / k navigate · click thread line to collapse

0 pointseqvinox2y ago0 comments

> FWIW I'm pretty sure this is how Microsoft does it. Verifier is in userland and signs programs post-verification.

Almost. Yes the verifier is in userland, but it doesn't sign things — it's a trusted component of the system, there's no need for a signature on this step. It simply says "OK". But the verifier itself is covered by the usual system integrity mechanisms.

0 comments

insanitybit2y ago

I see, thanks.

j / k navigate · click thread line to collapse