Computing systems including hardware systems, software systems, and combinations thereof may interact with configuration items including bootstrap configuration files. These configuration items may provide information including desired security levels, values for configuration parameters, and so on. Typically these items are files that may be edited by anyone with an editor and write access. Thus, these files have become favorite targets for unscrupulous individuals like hackers and discontented system administrators. Thus, various approaches to protecting systems that interact with these files have been undertaken.
The conventional approaches include only accepting digitally signed configuration files, only accepting configuration files from certain providers, periodically taking snapshots of configuration files to determine whether they have been changed, and so on. However, these conventional approaches are either reactive, expose the computing system to the providers and thus place the burden of examining the configuration files on the computing system, and/or provide only a single level of security.