Hard to verify the integrity of the tool #11
Comments
|
That would still leave you having to trust Intel's and the vendor's unverifiable hardware and software (and the rest of your software stack)... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for what seems like a really great tool! However, putting my tinfoil hat on I realize that I at least have to trust github to not serve me a version that takes over my machine when I run it as root (I guess I could learn more C, learn the relevant parts of the kernel module and try to understand everything that the tool does, but I'm sadly quite lazy and would rather not).
Given the original author's track record I would therefore be very happy if either the commits of the repository could be signed with pgp, or if a release could be made that is signed.
Thanks in advance!
The text was updated successfully, but these errors were encountered: