generated from MrSphay/codex-agent-repository-kit
Add MrTrust GUI and Gitea release build
Some checks failed
Build MrTrust / build-windows (push) Has been cancelled
Some checks failed
Build MrTrust / build-windows (push) Has been cancelled
This commit is contained in:
MrSphay
40
docs/security-model.md
Normal file
40
docs/security-model.md
Normal file
@@ -0,0 +1,40 @@
|
||||
# MrTrust Security Model
|
||||
|
||||
MrTrust is a trust bootstrapper, not a security bypass.
|
||||
|
||||
## Allowed Behavior
|
||||
|
||||
- Import a public MrSphay certificate into Windows certificate stores after explicit user approval.
|
||||
- Sign MrSphay build artifacts with a private code-signing certificate kept outside git.
|
||||
- Provide an uninstall script that removes the same certificate again.
|
||||
|
||||
## Disallowed Behavior
|
||||
|
||||
- Disabling Microsoft Defender.
|
||||
- Disabling SmartScreen.
|
||||
- Silently modifying certificate stores.
|
||||
- Installing private keys on user machines.
|
||||
- Hiding certificate installation inside unrelated app actions.
|
||||
- Shipping `.pfx` files or signing passwords in a repository or release.
|
||||
|
||||
## Recommended Stores
|
||||
|
||||
For normal users:
|
||||
|
||||
```text
|
||||
Cert:\CurrentUser\Root
|
||||
Cert:\CurrentUser\TrustedPublisher
|
||||
```
|
||||
|
||||
For managed PCs or all-user installs:
|
||||
|
||||
```text
|
||||
Cert:\LocalMachine\Root
|
||||
Cert:\LocalMachine\TrustedPublisher
|
||||
```
|
||||
|
||||
The LocalMachine stores require administrator approval.
|
||||
|
||||
## Residual Windows Warnings
|
||||
|
||||
Even after MrTrust is installed, Windows can still block suspicious software. SmartScreen reputation, Defender detections, enterprise security policy, and downloaded-file mark-of-the-web behavior are separate from Authenticode trust.
|
||||
Reference in New Issue
Block a user