> In either case, you just need root to update targeted binaries.
My understanding is that the difference is you would need to boot with a kernel with veriexec disabled to replace binaries and regenerate hashes. Root alone isn't sufficient, and you can't disable veriexec as root in strict mode.
My understanding is that the difference is you would need to boot with a kernel with veriexec disabled to replace binaries and regenerate hashes. Root alone isn't sufficient, and you can't disable veriexec as root in strict mode.