Re: Re[2]: [Etherboot-developers] RFC: Safe booting concept
Brought to you by:
marty_connor,
stefanhajnoczi
Menu
▾
▴
Re: Re[2]: [Etherboot-developers] RFC: Safe booting concept
|
From: <ke...@us...> - 2003-04-26 15:06:45
|
>Problem of this is that the data has to be examined not only in >checksum generation process (which is easy, with MG's md5.c from >etherboot 5.0), but also more intense. I'll have a look into ELF >format later. Eric already has code in 5.1 that will call the checksum routine on data blocks as they are loaded. You only need to use those hooks. >I'm not too sure (yet) how to specify something to be put in an >"unused" portion of ROM, but I will have a look at it. >Having a (lateron #ifdef'ed) call to safeboot_loadpublickey() would be >what you want, right? Perhaps even something like keyboard-interactive >as a fallback-method - I think I will initially only need /rom and >/keyboard support. You should only need to modify the build rules that take a .zimg file to a .zrom file. Maybe makerom can be modified to do the job. That way you can change the key without having to recompile the source. You may need to be able to read the ROM at the mapped address, not sure if this is possible on all NICs. >> The authentication the other way might be worth thinking about, how to >> make sure that the appropriate clients are booting the image (not >> reading, you can't stop clients from TFTPing the image). Perhaps a >> client key (which might be a group key to reduce the number of distinct >> keys) might be used to verify a different signed hash in the image. Not >> sure if this is useful. The motivation is weaker, you want to prevent the wrong clients from running an image, as opposed to preventing the wrong server from providing an image. That is, you indicate by keying the image to the clients whether it's legal for those clients to run it. You could simply not provide the wrong filename to the clients I suppose. I don't think it's something important to have. |
