|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use Requirements (and security issue with iSCSI bootdeployment)One should note that iSCSI-boot does not use PXE during the actual boot process - PXE may be used to load the minimum iSCSI initiator software necessary for the boot process. The iSCSI booting process, given its raw block access to a disk as opposed to a specified image in BOOTP variants, may involved the sequential loading of multiple images whose identities are known only at run time. For example, in a PC boot you dont know whether the first image you are loading is lilo or ntldr until you examine the boot disk. Short of digitally signing every block, a practical way out is to for each loaded image to verify the integrity of the subsequent image to be loaded (if any). Another way may be Julian's solution but I am unware of the details. Comments appreciated, ----------------------------------------------------------------------------------------------------------------------------------------------------------------- >At the least it should be noted in Security Considerations that vendors >should consider providing a mechanism for vendor-to-booter verification >of a boot image. Such a thing already exists. It's part of the PXE specification and involves storing on the PC a public key that is used to sign the boot image. >It would be really nice if iSCSI-boot suggested a mechanism, so that >it could be built into ROMs by manufacturers that are implementing >iSCSI-boot and so that the hardware manufacturer could not use the >mechanism to lock out alternative operating systems. This capability is already built into PXE-compliant boot ROMs. In fact, you may already have purchased a NIC that implements PXE! I should note that there are some interesting issues that arise when using PXE to do secure iSCSI boot, but I'll leave that issue to another discussion.
Home Last updated: Tue Sep 04 01:05:32 2001 6315 messages in chronological order |