# Code signing & signed kernels.



## Alain De Vos (Apr 29, 2021)

Do singed kernels are more secure than unsinged? Or do they give a real or false fealing of security ? Or are "loaders" taking over.
Just like position independent code i feel signing kernels does not much inprove security.
(To write a virus I would use javascript in a pdf file and then hide in the Recycler.bin of an NTFS filesystem.)


----------



## ShelLuser (Apr 29, 2021)

Kernels are signed now?  I fail to understand your question, there's only one FreeBSD kernel.

Ah, offtopic forum. Not talking about Linux again I guess?


----------



## Alain De Vos (Apr 29, 2021)

So I return to freebsd.
There is periodic, there is a check for files with setuid and a mail to root.
pkg check -sa 
Is this worth-full or not ?


----------



## Criosphinx (Apr 29, 2021)

¿Do you mean secure boot?






						FreeBSD UEFI Secure Boot | FreeBSD Foundation
					

1. Introduction Secure boot provides a way to ensure that only authorized EFI binaries are loaded by a computer's firmware. This ensures that no malicious code can run before the operating system is loaded. This document describes one method of securing FreeBSD's boot process. FreeBSD's regular...




					freebsdfoundation.org
				




On my PCs I disable it, I remember it being controversial  when it was introduced in Windows but never bothered to read more about it.


----------



## Alain De Vos (Apr 29, 2021)

The BIOS in my HP PC thinks I only use Windows. 
I  don't even want to upgrade the BIOS because then I need to first install Windows , upgrade the BIOS, change video cards, configure bios, and then change video cards back. It's a form of vendor-lock-in. By making stuff complicated. I use legacy-boot.


----------



## jardows (Apr 30, 2021)

Alain De Vos said:


> The BIOS in my HP PC thinks I only use Windows.
> I  don't even want to upgrade the BIOS because then I need to first install Windows , upgrade the BIOS, change video cards, configure bios, and then change video cards back. It's a form of vendor-lock-in. By making stuff complicated. I use legacy-boot.


I have encountered several HP computers that do not play well with FreeBSD UEFI boot.  It is better to stay with legacy BIOS boot and to not worry about secure boot on them.


----------

