This is an old revision of the document!
===== Derek Pryor, gPXE Secure Network Booting ===== == Some useful links == * [[derekpryor-proposal|My Project Proposal]] ---- == Update (2006/06/25) == So I have been looking through the SSL protocol setup communication. It looks like the client is not required to have an [[http://en.wikipedia.org/wiki/X.509|X.509 Certificate]] and private key. This allows us to do one of two things: - Remove code that deals with handling the client key and certificate - Insert the code (from #1) and allow the server to verify the identity of the client that is booting == Basic Idea == I am working on adding security into gPXE. There are several different ways to do this. At the moment I am working on adding the ability to use SSL with different connection methods (TCP/UDP/etc.) to create a secure connection over which you can download the needed files. I will be using MatrixSSL as the bases for my SSL library. == Design == To make sure that this SSL implementation is as connection independent as it can be, I will be making several functions that will construct the SSL messages in a supplied buffer. Then it will be up to programmer to send the buffer throught the used connection. There will also be functions to encode and decode data that is being sent over the connection. Since these function will use minimal internal memory and the programmer provides the buffers, the footprint for the library will be minimal. == Timeline (Till Aug 21) == * //Saturday June 24// - Finish mapping MatrixSSL design. Have communication flow layout. Finish setting up a testing setup, including a framework for testing code. * //Wednesday July 5// - Finish SSL key handling code. * //Saturday July 15// - Finish SSL handshake code. * //Wednesday July 26// - Finish SSL encode / decode code. * //Saturday August 5// - Finish SSL teardown code. * //Wednesday August 16// - Debug, Clean up code, etc. * //Monday August 21// - Buffer. == Timeline (Till end of SOC06) == * Integrate SSL Library into gPXE code base. * Create HTTPS (or similar) protocol, that used the SSL Library to create a secure network connection.