[gPXE-devel] Trusted boot for gPXE
Alessandro Salvatori
sandr8 at gmail.com
Fri Jun 4 01:50:35 EDT 2010
exactly what i was dreaming off when I stumbled into your patch!!!
hopefully your patch is already doing 99.9999999% of the work...
stripping the hash from the tail of the image instead of the gpxe
script shouldn't be a big change, right?
thank you!
-Alessandro
On Thu, Jun 3, 2010 at 22:39, Stefan Hajnoczi <stefanha at gmail.com> wrote:
> On Thu, Jun 3, 2010 at 11:21 PM, Alessandro Salvatori <sandr8 at gmail.com> wrote:
>> does any image format mind if you append a few extra "signature" bytes
>> beyond the end of the image?
>>
>> i guess in most cases it might be safe to assume no...
>
> If gPXE strips the extra bytes off and doesn't treat them as part of
> the image data, then the client program never knows that those bytes
> were there. Your idea is interesting because the user doesn't need to
> manage hashes - a tool could be used to sign any file.
>
> Stefan
>
More information about the gPXE-devel
mailing list