Re: [Etherboot-developers] Securing bootup
Brought to you by:
marty_connor,
stefanhajnoczi
Menu
▾
▴
Re: [Etherboot-developers] Securing bootup
|
From: <ke...@us...> - 2003-03-27 23:05:48
|
>An idea struck me today as I was thinking about a way to more securely Hope it wasn't too painful. :-) >verify that the client that is booting via Etherboot is actually >downloading the kernel/code that you really want it to. Use a preshared >key built into the Etherboot code that is flashed onto the bootrom to >validate the kernel image/code. So, in order for the client to >successfully boot, the image it downloads has to be digitally signed and >that signature has to match when signed by the clients Etherboot key. >Otherwise the client refuses to boot. There could be a number of ways >to go about this, from having a default "Etherboot" maintained key and >signature to a site-by-site basis where the administrator/deployer would >build there own version of Etherboot to embed their own key for their >own thin client workstations. Or a key in a USB dongle. There is/was a uni project working on secure booting in general, don't have the URL handy, Eric has it. Eric's got a hook in 5.1 that verifies download integrity using a checksum over the image. Verifying a signature is an obvious extension. >Another possibility that this presents is to not only authenticate the >connection but also be able to create an encrypted tunnel using >Diffie-Hellman key exchange. This may be a rather involved process just >to get a secure boot layer, but it may open up the doors to a larger >audience and wider acceptance of Etherboot. Tunnels are much harder. Etherboot only implements UDP. >What do you all think? Great idea, looking forward to seeing your code soon. :-) But seriously, it's a good idea worth developing further, but as always implementation depends on someone keen enough to contribute some time to do it. |
