Re: [Etherboot-developers] Securing bootup
Brought to you by:
marty_connor,
stefanhajnoczi
Menu
▾
▴
Re: [Etherboot-developers] Securing bootup
|
From: <ebi...@ln...> - 2003-03-31 20:11:33
|
"Jason A. Pattie" <pat...@pc...> writes: > Eric W. Biederman wrote: > > As I understand encryption most encryption techniques fail to > > be effective about disguising a message if you send the same > > message over and over again. With network booting this is the > > case. Loading an image that was authenticated at some point > > in time is a reasonable problem. Beyond that the code is complicated > > and it really does not help. > > So, you would see signing a kernel+initial ramdisk package 'a good > thing' so that the client will always boot authenticated code. So even > if a hacker were to send it anything, they would have to send the client > the exact same code, which would hopefully help to prevent them from > succeeding in their attempt or making it much more difficult. Correct. If you want to proceed down that direction feel free. Eric |
