On Tuesday 07 Aug 2012 19:31:25 Oliver Rath wrote: > If i load ipxe via undionly.kpxe (per tftp), the certificate could > be read by each who is able to sniff the network, so imho https is only > senseful if i burn ipxe into nic-rom. Do I see this right?
Sort of. Being able to read the certificate isn't a problem; certificates are by definition public information anyway. The problem is that the initial TFTP transfer isn't secured in any way, so an attacker with access to your LAN could inject a malicious image. If you use undionly.kpxe then you are effectively declaring that the local network is trusted. You can still sensibly exploit the security offered by HTTPS to download over a WAN. For example, you may trust your local network but want to boot over the (untrusted) Internet: in this scenario it is still useful to utilise undionly.kpxe with HTTPS. If you have iPXE in ROM, then all of these issues go away, and you don't need to trust anything on your local network. > So, for true security - if i dont burn ipxe into nic-rom - the > certificate should be stored into the computer who uses pxe. Is there a > possibility for this? I.e. CMOS, BISO or a kind of TPM-Chip? That wouldn't help. The initial TFTP download would still be untrusted. Michael _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
