[ipxe-devel] True security? Re: Problem "Invalid Magic Sighature"
Oliver Rath
rath at mglug.de
Tue Aug 7 18:31:25 UTC 2012
Hi Michael,
Am Tue, 7 Aug 2012 19:15:30 +0100
schrieb Michael Brown <mbrown at fensystems.co.uk>:
[..]
> iPXE now validates HTTPS server certificates. (Previously, any
> certificate would be accepted.)
[..]
If i load ipxe via undionly.kpxe (per tftp), the certificate could
be read by each who is able to sniff the network, so imho https is only
senseful if i burn ipxe into nic-rom. Do I see this right?
So, for true security - if i dont burn ipxe into nic-rom - the
certificate should be stored into the computer who uses pxe. Is there a
possibility for this? I.e. CMOS, BISO or a kind of TPM-Chip?
Tfh!
Oliver
More information about the ipxe-devel
mailing list