[gPXE-devel] Trusted boot for gPXE
Alessandro Salvatori
sandr8 at gmail.com
Thu Jun 3 17:14:46 EDT 2010
Hi Stefan,
> What use cases does this design satisfy? For example, how can a NIC vendor
> ship a trusted boot enabled gPXE in ROM? I'm hoping that the main use cases
> can use this design.
>
> Weaknesses/holes in this design:
> * initramfs/initrd and multiboot modules are currently not verified,
> easy to fix
> * trusted SAN boot not supported
to me it looks like appending a signature to the kernel image and
storing the public key with gpxe would allow to satisfy the
requirements many more use cases. And would require far less
maintenance: there would be no need to go and store the individual
image checksums in each script...
also, i think you are covered with the initramfs that are specified at
kernel compile time and hence embedded directly into the kernel image.
modules can be signed on their own, once you have the guarantee that
the kernel has not been tampered with, and hence will verify them
against the desired public key(s)
it would be nice to have a similiar patch in grub, so that we'd have
the same guarantee upon a local boot.
thank you very much!
-Alessandro
More information about the gPXE-devel
mailing list