At his 2017 Open
Source Summit North America talk, Matthew Garrett looked at the state
of cryptographic signing and verification of programs for Linux. Allowing
policies that would restrict Linux from executing programs that are not
signed would provide a measure of security for those systems, but there is
work to be done to get there.
started by talking about “binaries”, but programs come in other forms
(e.g. scripts) so any solution must look beyond simply binary executables.