alt Hacker News>We are building cryptographically verifiable integrity into Linux systems. Every system starts in a verified state and stays trusted over time.
What problem does this solve for Linux or people who use Linux? Why is this different from me simply enabling encryption on the drive?
Replies
Nextgrid • yesterday at 8:22 PM
It prevents malware that obtained root access once from forever replacing your kernel/initrd and achieving persistence that way.
➕ show 1 reply
Drive encryption is only really securing your data at rest, not while the system is running. Ideally image based systems also use the kernels runtime integrity checking (e.g. dm-verity) to ensure that things are as they are expected to be.