Re: Re[4]: [Etherboot-developers] RFC: Safe booting concept
Brought to you by:
marty_connor,
stefanhajnoczi
Menu
▾
▴
Re: Re[4]: [Etherboot-developers] RFC: Safe booting concept
|
From: <ebi...@ln...> - 2003-04-26 19:27:51
|
Anselm Martin Hoffmeister <an...@ho...> writes: > Hello Ken, > > Saturday, April 26, 2003, 5:06:33 PM, you wrote: > > > Eric already has code in 5.1 that will call the checksum routine on data > > blocks as they are loaded. You only need to use those hooks. > > I will have a look. A couple of little nits. The checksum is calculated just before the image is executed not as it downloads. The checksum is not calculated over the entire ELF image instead it is calculated over the significant parts. The ELF header The ElF program header The ELF PT_LOAD segments. The note segment (where the checksum is kept) is deliberately left out of the calculation. This should help with the signing process as well. > >>I'm not too sure (yet) how to specify something to be put in an > >>"unused" portion of ROM, but I will have a look at it. > >>Having a (lateron #ifdef'ed) call to safeboot_loadpublickey() would be > >>what you want, right? Perhaps even something like keyboard-interactive > >>as a fallback-method - I think I will initially only need /rom and > >>/keyboard support. > > > You should only need to modify the build rules that take a .zimg file to > > a .zrom file. Maybe makerom can be modified to do the job. That way you > > can change the key without having to recompile the source. You may need > > to be able to read the ROM at the mapped address, not sure if this is > > possible on all NICs. > > Problem is that SafeBoot also could make sense when etherboot is > loaded from harddisk (floppy even, in some circumstances). > I think when I'm so far, I will find a solution for that. One question worth looking into is how is IPsec supposed to work for key distribution. > > The motivation is weaker, you want to prevent the wrong clients from > > running an image, as opposed to preventing the wrong server from > > providing an image. That is, you indicate by keying the image to the > > clients whether it's legal for those clients to run it. You could simply > > not provide the wrong filename to the clients I suppose. I don't think > > it's something important to have. > > OK, skipping that client key stuff for now. Yep one piece at a time. Eric |
