For files whose contents do not change, or change very rarely, the integrity of the file can be monitored. To do this, a hash value and a digital signature of the file are determined and stored in the TSD. If Trusted Execution is enabled (TE=ON) and file content verification is enabled (CHKEXEC=ON and/or CHKSCRIPT=ON), the file contents are checked before executables and/or scripts are executed (and, depending on the configuration, the execution is also prevented).

To add such a file to the TSD, a private key file and a certificate file with the corresponding public key are required. The certificate file must be stored on the system in the /etc/security/certificates directory.