SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements (and security issue with iSCSI bootdeployment)



    
    
    One should note that iSCSI-boot does not use PXE during the actual boot
    process - PXE may
    be used to load the minimum iSCSI initiator software necessary for the boot
    process.
    
    The iSCSI booting process, given its raw block access to a disk as opposed
    to a specified
    image in BOOTP variants, may involved the sequential loading of multiple
    images whose
    identities are known only at run time. For example, in a PC boot you dont
    know whether
    the first image you are loading is lilo or ntldr until you examine the boot
    disk.
    
    Short of digitally signing every block, a practical way out is to for each
    loaded image
    to verify the integrity of the subsequent image to be loaded (if any).
    Another way may
    be Julian's solution but I am unware of the details.
    
    Comments appreciated,
    
    -----------------------------------------------------------------------------------------------------------------------------------------------------------------
    
    >At the least it should be noted in Security Considerations that vendors
    >should consider providing a mechanism for vendor-to-booter verification
    >of a boot image.
    
    Such a thing already exists. It's part of the PXE specification and
    involves storing on the PC a public key that is used to sign the boot
    image.
    
    >It would be really nice if iSCSI-boot suggested a mechanism, so that
    >it could be built into ROMs by manufacturers that are implementing
    >iSCSI-boot and so that the hardware manufacturer could not use the
    >mechanism to lock out alternative operating systems.
    
    This capability is already built into PXE-compliant
    boot ROMs. In fact, you may already have purchased a NIC that
    implements PXE!
    
    I should note that there are some interesting issues that arise when
    using PXE to do secure iSCSI boot, but I'll leave that issue to another
    discussion.
    
    
    
    


Home

Last updated: Tue Sep 04 01:05:32 2001
6315 messages in chronological order