|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use Requirements (and security issue with iSCSI boot deployment)>At the least it should be noted in Security Considerations that vendors >should consider providing a mechanism for vendor-to-booter verification >of a boot image. Such a thing already exists. It's part of the PXE specification and involves storing on the PC a public key that is used to sign the boot image. >It would be really nice if iSCSI-boot suggested a mechanism, so that >it could be built into ROMs by manufacturers that are implementing >iSCSI-boot and so that the hardware manufacturer could not use the >mechanism to lock out alternative operating systems. This capability is already built into PXE-compliant boot ROMs. In fact, you may already have purchased a NIC that implements PXE! I should note that there are some interesting issues that arise when using PXE to do secure iSCSI boot, but I'll leave that issue to another discussion.
Home Last updated: Tue Sep 04 01:05:32 2001 6315 messages in chronological order |