Protecting endpoints is hard. Understatement of the millennium, right?

Protecting unmanaged endpoints is even harder. Doubtful that surprises anyone.

Protecting mission-critical, unmanaged endpoints? Well, saying it's impossible is a stretch, but superlatives are warranted.

One of the most common goals in system security is maintaining system integrity. Knowing what is running (or can run) on the deployed system is critical, especially in embedded and unmanaged use cases.

Enterprise and managed endpoints are not immune from these concerns either.

The countless servers and devices that drive the modern world and economy require the same assurances; the difference being the enterprise world usually has more infrastructure and connectivity to achieve these goals.

If we roll back the clocks to early 2018, maintaining system integrity was already a…

Adding SHA256 Digests to RPMs

The RPM package format, as used by RedHat Linux, CentOS and others provides multiple mechanisms for verifying package integrity and authenticity before installation. Mechanisms for integrity and authenticity include:

MD5 and SHA1 hashes of the rpm header (and optionally payload); and
GPG signatures of the package.