Hi Michael, Am Tue, 7 Aug 2012 19:15:30 +0100 schrieb Michael Brown <[email protected]>:
[..] > iPXE now validates HTTPS server certificates. (Previously, any > certificate would be accepted.) [..] If i load ipxe via undionly.kpxe (per tftp), the certificate could be read by each who is able to sniff the network, so imho https is only senseful if i burn ipxe into nic-rom. Do I see this right? So, for true security - if i dont burn ipxe into nic-rom - the certificate should be stored into the computer who uses pxe. Is there a possibility for this? I.e. CMOS, BISO or a kind of TPM-Chip? Tfh! Oliver _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
