The only point where the user could give meaningful input would be when changing distros or changing bootloaders, right? Or are you talking about bootloader configuration files that are user-editable, like kernel commandline flags?
So how would that attacker get that signed binary on the machine of any user? You need code exec as root on the machine, network MITM, or physical access, right? Which of these are you trying to defend against?
-
-
It sounds like you don't want to guard against malicious network or code exec as root - in which case, wouldn't you get the same level of protection by automatically signing installed updates with a private key that's on the computer's LUKS-encrypted filesystem?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.