> "At boot time, a unique kernel is built and installed for the next boot"
Therefore, if the building code is itself trusted it can make a checksum and sign it. So each boot can verify the next boot, in a blockchain-ish way.
[1]: https://news.ycombinator.com/item?id=14711983
If you are in a position to replace the kernel, can't you also replace the code that does this verification?
That is exactly how games are cracked, as I understand.
> "At boot time, a unique kernel is built and installed for the next boot"
Therefore, if the building code is itself trusted it can make a checksum and sign it. So each boot can verify the next boot, in a blockchain-ish way.
[1]: https://news.ycombinator.com/item?id=14711983