Encryption on transports protects from man in the middle and sniffing. At rest protects evil maid exploits, which for these systems is more about preventing malicious software being swapped in place of trusted software.
The same applies to encryption of links like pcie and memory with the time of transport and rest changing.
AV is a joke. Best thing is ephemerality. No persistence
Immutable, ephemerable, granularly permissioned, and encrypt EVERYTHING to enforce said permissions.
1000x better than software signature hunting
It’s all fun and games until some asshole slips something into your trusted package manager.
Exploits are the deal pain
Yep SLSA is more than just a trusted end point. Package signatures, reproducible builds, SBOMs, signed commits and more!
You lost me at the encryption part. How does encrypting enforce permissions?
Enforces confidentiality and integrity.
Encryption on transports protects from man in the middle and sniffing. At rest protects evil maid exploits, which for these systems is more about preventing malicious software being swapped in place of trusted software.
The same applies to encryption of links like pcie and memory with the time of transport and rest changing.
deleted by creator