[gPXE-devel] Trusted boot for gPXE

Alessandro Salvatori sandr8 at gmail.com
Thu Jun 3 18:21:03 EDT 2010 

does any image format mind if you append a few extra "signature" bytes
beyond the end of the image?

i guess in most cases it might be safe to assume no...

thanks!
-Alessandro

On Thu, Jun 3, 2010 at 15:09, Stefan Hajnoczi <stefanha at gmail.com> wrote:
> On Thu, Jun 3, 2010 at 10:14 PM, Alessandro Salvatori <sandr8 at gmail.com> wrote:
>>> What use cases does this design satisfy? For example, how can a NIC vendor
>>> ship a trusted boot enabled gPXE in ROM? I'm hoping that the main use cases
>>> can use this design.
>>>
>>> Weaknesses/holes in this design:
>>> * initramfs/initrd and multiboot modules are currently not verified,
>>> easy to fix
>>> * trusted SAN boot not supported
>>
>>   to me it looks like appending a signature to the kernel image and
>> storing the public key with gpxe would allow to satisfy the
>> requirements many more use cases. And would require far less
>> maintenance: there would be no need to go and store the individual
>> image checksums in each script...
>
> Signing a Linux kernel image (possibly with an embedded initramfs) is
> a solution for Linux.  gPXE supports other image formats, such as
> multiboot (Solaris, VMware ESX), PXE NBP, SYSLINUX COMBOOT, and gPXE
> scripts.  It also supports SAN boot protocols like iSCSI and
> ATA-over-Ethernet where a block device is booted via a boot sector.
> All of these boot methods need to be secured so I think restricting
> ourselves to Linux images does not cover enough use cases.
>
>> it would be nice to have a similiar patch in grub, so that we'd have
>> the same guarantee upon a local boot.
>
> Following standards would be nice.  It's something that has been
> mentioned in off-list feedback, too.  The demo I posted was something
> I cooked up from scratch in a day.  Fully thinking this through
> involves investigating executable signing standards and if other
> software already has a solution that we can interoperate with.
>
> Thanks for sharing your ideas, I hope we can get a secure booting
> solution in gPXE in the future :).
>
> Stefan
>

More information about the gPXE-devel mailing list