generated from MrSphay/codex-agent-repository-kit
41 lines
1.2 KiB
Markdown
41 lines
1.2 KiB
Markdown
# MrTrust Security Model
|
|
|
|
MrTrust is a trust bootstrapper, not a security bypass.
|
|
|
|
## Allowed Behavior
|
|
|
|
- Import a public MrSphay certificate into Windows certificate stores after explicit user approval.
|
|
- Sign MrSphay build artifacts with a private code-signing certificate kept outside git.
|
|
- Provide an uninstall script that removes the same certificate again.
|
|
|
|
## Disallowed Behavior
|
|
|
|
- Disabling Microsoft Defender.
|
|
- Disabling SmartScreen.
|
|
- Silently modifying certificate stores.
|
|
- Installing private keys on user machines.
|
|
- Hiding certificate installation inside unrelated app actions.
|
|
- Shipping `.pfx` files or signing passwords in a repository or release.
|
|
|
|
## Recommended Stores
|
|
|
|
For normal users:
|
|
|
|
```text
|
|
Cert:\CurrentUser\Root
|
|
Cert:\CurrentUser\TrustedPublisher
|
|
```
|
|
|
|
For managed PCs or all-user installs:
|
|
|
|
```text
|
|
Cert:\LocalMachine\Root
|
|
Cert:\LocalMachine\TrustedPublisher
|
|
```
|
|
|
|
The LocalMachine stores require administrator approval.
|
|
|
|
## Residual Windows Warnings
|
|
|
|
Even after MrTrust is installed, Windows can still block suspicious software. SmartScreen reputation, Defender detections, enterprise security policy, and downloaded-file mark-of-the-web behavior are separate from Authenticode trust.
|