> Let's say you're building some form of appliance on top of general purpose x86 hardware. You want to be able to verify the software it's running hasn't been tampered with. What's the best approach with existing technology?
Why can we not use something like Guix by declaratively setting up a system [0] and for extra safety have it run in a container [1]?
Why can we not use something like Guix by declaratively setting up a system [0] and for extra safety have it run in a container [1]?
[0] https://framagit.org/tyreunom/guix/-/blob/99f47b53f755f0a6cb...
[1] https://guix.gnu.org/en/blog/2017/running-system-services-in...