Re: [Etherboot-developers] Securing bootup
Brought to you by:
marty_connor,
stefanhajnoczi
Menu
▾
▴
Re: [Etherboot-developers] Securing bootup
|
From: Jason A. P. <pat...@pc...> - 2003-03-28 15:21:30
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric W. Biederman wrote: > As I understand encryption most encryption techniques fail to > be effective about disguising a message if you send the same > message over and over again. With network booting this is the > case. Loading an image that was authenticated at some point > in time is a reasonable problem. Beyond that the code is complicated > and it really does not help. So, you would see signing a kernel+initial ramdisk package 'a good thing' so that the client will always boot authenticated code. So even if a hacker were to send it anything, they would have to send the client the exact same code, which would hopefully help to prevent them from succeeding in their attempt or making it much more difficult. - -- Jason A. Pattie pat...@xp... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+hGhtuYsUrHkpYtARAmLeAJ9cPN/6VGsorpw1My0lcJU8hQ4MwgCeJ1kf yDHO8aWwrxNVHmVjUext5OE= =6QOp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |
