[ipxe-devel] True security? Re: Problem "Invalid Magic Sighature"

Oliver Rath rath at mglug.de
Tue Aug 7 19:31:25 BST 2012


Hi Michael,

Am Tue, 7 Aug 2012 19:15:30 +0100
schrieb Michael Brown <mbrown at fensystems.co.uk>:

[..]
> iPXE now validates HTTPS server certificates.  (Previously, any
> certificate would be accepted.)
[..]

If i load ipxe via undionly.kpxe (per tftp), the certificate could
be read by each who is able to sniff the network, so imho https is only
senseful if i burn ipxe into nic-rom. Do I see this right?

So, for true security - if i dont burn ipxe into nic-rom - the
certificate should be stored into the computer who uses pxe. Is there a
possibility for this? I.e. CMOS, BISO or a kind of TPM-Chip?

Tfh!

Oliver


More information about the ipxe-devel mailing list