Hi Stefan, > What use cases does this design satisfy? For example, how can a NIC vendor > ship a trusted boot enabled gPXE in ROM? I'm hoping that the main use cases > can use this design. > > Weaknesses/holes in this design: > * initramfs/initrd and multiboot modules are currently not verified, > easy to fix > * trusted SAN boot not supported
to me it looks like appending a signature to the kernel image and storing the public key with gpxe would allow to satisfy the requirements many more use cases. And would require far less maintenance: there would be no need to go and store the individual image checksums in each script... also, i think you are covered with the initramfs that are specified at kernel compile time and hence embedded directly into the kernel image. modules can be signed on their own, once you have the guarantee that the kernel has not been tampered with, and hence will verify them against the desired public key(s) it would be nice to have a similiar patch in grub, so that we'd have the same guarantee upon a local boot. thank you very much! -Alessandro _______________________________________________ gPXE-devel mailing list [email protected] http://etherboot.org/mailman/listinfo/gpxe-devel
