I have a question that I was hoping someone might be able to help me with.
I have a computer lab where groups of computers can be in either Linux
mode/Windows mode at any particular time. I would like to be able to
control the operating system that will load when the machines boot. I
am able to do this with pxelinux alone since all of the machines support
PXE, and by dynamically adjusting the configuration file on the server,
I can adjust which operating system will be booted when the machine is
turned on or restarted.
Unfortunately, while my solution seems to be the most basic, and it
definately works, there's a real problem that I'm trying to solve.
Going fully the PXE route means that a student could unplug one of our
machines from our network, plug it into their laptop, and send a rogue
pxelinux.0 with configuration for doing nasty things like formatting the
hard disk. Unfortunately, the problem is that there is no way to
authenticate the image that is sent from PXE to ensure that it is from
the intended server. This is where (I hope) etherboot comes into the
picture.
At present, PXE loads pxelinux.0 which loads the appropriate
pxelinux.cfg file, and there is no authentication at any point,
especially since the PXE client is in the BIOS, and there is no control
over it. I wonder if I might be able to insert etherboot somehow into
this sequence in such a way that etherboot would be able to authenticate
that the PXE module actually came from our server, and then boot it....
Please pardon my sketchiness...
(I also note that there is a method for doing this directly with
syslinux and comboot modules, but unfortunately, I can't find the
details I need (at this time) to write the module I would need, so I'm
looking for alternatives that might be more "out of the box").
Jason.
|
