Re[4]: [Etherboot-developers] RFC: Safe booting concept
Brought to you by:
marty_connor,
stefanhajnoczi
Menu
▾
▴
Re[4]: [Etherboot-developers] RFC: Safe booting concept
|
From: Anselm M. H. <an...@ho...> - 2003-04-26 15:14:57
|
Hello Ken, Saturday, April 26, 2003, 5:06:33 PM, you wrote: > Eric already has code in 5.1 that will call the checksum routine on data > blocks as they are loaded. You only need to use those hooks. I will have a look. >>I'm not too sure (yet) how to specify something to be put in an >>"unused" portion of ROM, but I will have a look at it. >>Having a (lateron #ifdef'ed) call to safeboot_loadpublickey() would be >>what you want, right? Perhaps even something like keyboard-interactive >>as a fallback-method - I think I will initially only need /rom and >>/keyboard support. > You should only need to modify the build rules that take a .zimg file to > a .zrom file. Maybe makerom can be modified to do the job. That way you > can change the key without having to recompile the source. You may need > to be able to read the ROM at the mapped address, not sure if this is > possible on all NICs. Problem is that SafeBoot also could make sense when etherboot is loaded from harddisk (floppy even, in some circumstances). I think when I'm so far, I will find a solution for that. > The motivation is weaker, you want to prevent the wrong clients from > running an image, as opposed to preventing the wrong server from > providing an image. That is, you indicate by keying the image to the > clients whether it's legal for those clients to run it. You could simply > not provide the wrong filename to the clients I suppose. I don't think > it's something important to have. OK, skipping that client key stuff for now. Best regards, Anselm mailto:an...@ho... |
