If you're willing to go a bit further you can also do GPG signing with ECDSA, though it requires a patched GPG due to bugs and a patched SSH agent that allows raw signing. We have a packaged version with a macOS UI [0], but the same backend [1] works on Linux using the tpm via PKCS#11.
We have a blog post on this, but I guess it was never made public, but the only difference between GPG and SSH is the way in which keys and signatures are wrapped and listed through the various layers -- it's all just fundamentally ECDSA with a named curve.
There is a good reason though, right? My understanding is that local ordinances require very frequent window inspections (following a highly publicized death), so to perform those inspections they need the scaffolding to protect the under-walking pedestrians from the inspectors. Because they are so frequent, it's cheaper to just leave the scaffolding up and take it down and put it up for every inspection.
With drones becoming more common and robust, though, it will hopefully soon be easier and faster to do the inspections and so the scaffolding may become cheaper to remove and replace each cycle
The inspection rules are kind of extreme, supported by the people who do the work and the scaffold companies. Once you “start work” (put up the scaffolding) the clock stops. You see buildings with scaffolding for years with little to non actual work.
In Linux it also needs mprotect() to change the permissions on the page so it can write it. The OpenBSD man page[0] indicate that it supports this as well, though notes that not all implementations are guaranteed to allow it, but my guess is it would generally work.
It's not required on linux, if the ELF headers are set up such that the page is mapped rwx to begin with. (but rwx mappings are generally frowned upon from a security perspective)
It's more like doing Linux services the UNIX(TM) way since it's more similar to other UNIX service managers like SMF from Solaris or SRC from AIX in the integration -- NT's service manager requires an active event loop which responds to messages.
As an aside, the reason I don't like systemd is because it's inferior to its UNIX counterparts -- especially SMF -- for system management.
