Re: [Etherboot-developers] Securing bootup

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ken Yap wrote:
>>An idea struck me today as I was thinking about a way to more securely
>
> Hope it wasn't too painful. :-)

Just fried a few brain cells...  :D

>>verify that the client that is booting via Etherboot is actually
>>downloading the kernel/code that you really want it to.  Use a preshared
>>key built into the Etherboot code that is flashed onto the bootrom to
>>validate the kernel image/code.  So, in order for the client to
>>successfully boot, the image it downloads has to be digitally signed and
>>that signature has to match when signed by the clients Etherboot key.
>>Otherwise the client refuses to boot.  There could be a number of ways
>>to go about this, from having a default "Etherboot" maintained key and
>>signature to a site-by-site basis where the administrator/deployer would
>>build there own version of Etherboot to embed their own key for their
>>own thin client workstations.
>
>
> Or a key in a USB dongle.

Does Etherboot initialize USB and read this key?

> There is/was a uni project working on secure booting in general, don't
> have the URL handy, Eric has it.
>
> Eric's got a hook in 5.1 that verifies download integrity using a
> checksum over the image. Verifying a signature is an obvious extension.
>
>
>>Another possibility that this presents is to not only authenticate the
>>connection but also be able to create an encrypted tunnel using
>>Diffie-Hellman key exchange.  This may be a rather involved process just
>>to get a secure boot layer, but it may open up the doors to a larger
>>audience and wider acceptance of Etherboot.
>
>
> Tunnels are much harder. Etherboot only implements UDP.

Perfect!  IPSec implements key exchanges on UDP port 500.

>>What do you all think?
>
>
> Great idea, looking forward to seeing your code soon. :-)
>
> But seriously, it's a good idea worth developing further, but as always
> implementation depends on someone keen enough to contribute some time to
> do it.

Heh.  I haven't even looked at the source code in any serious way for
Etherboot.  And definitely not any of the later versions.  I usually go
to Rom-o-Matic.net to download one whenever I need an image.

- --
Jason A. Pattie
pat...@xp...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+g4bZuYsUrHkpYtARAuHGAJ9D/WGqZng9CRIKRuPQ1d5JD9eBGgCeIKlR
IqHyhBnVKYyDtsiqTqxcTGo=
=pAEG
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.