I'm not sure about binaries in general - having secure boot as an anchor at least makes the exercise less futile - but there an interesting point brought up here:
Not sure if it would work on Linux - and you'd might want to prevent running unsigned binaries. Not sure if that's a thing on OpenSolaris. Still, being able to verify a binary might help with handling random downloads, I suppose.
Yeah, module signing but not turned on by any distro. I can't even imagine not having driver signing on windows in 2020. There is IMA in Linux too. Even package signing barely started catching up in the last few years on most non-mainstream distros. It's practically unthinkable to have script signing too.
> Modules built and shipped by Canonical with the official kernels are signed by the Canonical UEFI key and as such, are trusted. Custom-built modules will require the user to take the necessary steps to sign the modules before they loading them is allowed by the kernel.
I'm not sure about binaries in general - having secure boot as an anchor at least makes the exercise less futile - but there an interesting point brought up here:
https://stackoverflow.com/questions/1732927/signed-executabl...
Dynamic linker, dynamic libraries and dlopen.
I see solaris has elfsign - and it appears to be in OpenSolaris too: https://github.com/joyent/illumos-joyent/blob/master/usr/src...
Not sure if it would work on Linux - and you'd might want to prevent running unsigned binaries. Not sure if that's a thing on OpenSolaris. Still, being able to verify a binary might help with handling random downloads, I suppose.