Comment by user3939382

> Establishing a trust boundary as early as possible to force possible attackers into userspace as much as possible (where it can be more easily removed and remediated) is significantly important in modern operating system security

I notice you omitted the BSDs and with OpenBSD in particular I’d argue your point is correct for the majority school of thought but not necessarily most correct whatever that means. Correct for a certain set of priorities.

Modern OS attack surface is an insane nightmare. The concept of securing it at all is.. idk what it is. OpenBSD default install you run ps you get 12 processes. You can reason about the OS. You focus on you boundary. You don’t admit scenarios where your attacker is poking around usedland. That’s game over on these byzantine OSes we have now. Even better NetBSD where the arch is the security. The SELinux idea makes the best with what we have where you need Linux for driver whatever support. So I’m not disagreeing necessarily but adding context. As far as generating certs users are better off with piv yubikey etc for pki so it’s in their hands, literally