> How could a build be verified to be the same code without some kind of signature? You cant just validate a SHA, that could be faked from a client.
This depends on how far down the rabbit hole you want to go, if it was secureboot, only signed processes can run, would that make you feel better ? If it doesn't.. what would ?