On Tue, May 18, 2010 at 3:17 PM, charles blundell <[email protected]> wrote: > hey stefan! > > this is cool! i think there are some issues: > - MD5 is no good: it's basically broken for these purposes. > - RSA 512-bit is too small. > > you might find: > http://csrc.nist.gov/groups/ST/toolkit/index.html > useful. in particular: > http://csrc.nist.gov/publications/drafts/800-131/draft-800-131_transition-paper.pdf > seems to be pretty sage advice. in particular, use sha-1 at least, RSA > of key size >1024 bits.
Thanks for the links. gPXE has an SHA-1 implementation and using larger RSA keys should be possible too. > can you put comments in a gpxe script? if so, maybe you could just > embed an openpgp signature? > > these signatures cannot expire (except if the key expires). so there's > a simple attack: record the gpxe boot script (and kernel, etc). wait > until a kernel vulnerability is found, wait for a reboot, replay what > you recorded. now you have a vulnerable host running a trusted kernel. Good point. The demo I posted would allow someone with a copy of old signed files to replay them. > do you have any thoughts about key management? e.g., could you just > give the verisign root CA cert to gpxe > and have everything signed with it accepted? or how about getting keys from > gpg? Currently there is no X.509 certificate verification in gPXE. Perhaps this is the way to go instead of using raw RSA. > if the signature is missing and TRUSTED_BOOT is enabled, the image is > rejected, right? Yes, that is the intent. Images start without the IMAGE_TRUSTED flag. Attempts to exec an image will be rejected unless IMAGE_TRUSTED has been set (using imgdigest or a script signature). > can a trusted script load an untrusted image? e.g., if i miss out an > imgdigest line, what happens? The image execution will fail if IMAGE_TRUSTED is not set on the loaded image. > is there any special syntax that you can put in the #!gpxe line? (i > assume you strip the signature out of the script pretty carefully, i > can imagine a lot going wrong here.) At the moment there is no syntax other than the signature. However, if additional options are added (e.g. #!gpxe --debug) then parsing the signature and calculating the hash of the script without the signature becomes more tricky. In a proper patch for mainline gPXE I'd like to keep the #!gpxe line extensible and would need to be more careful. Stefan _______________________________________________ gPXE-devel mailing list [email protected] http://etherboot.org/mailman/listinfo/gpxe-devel
