[ipxe-devel] [gPXE] Server verification

Michael Brown mbrown at fensystems.co.uk
Mon Mar 19 23:43:48 UTC 2012


On Monday 19 Mar 2012 19:46:36 Paul Kuntke wrote:
> I would like to use PXE-Booting in our PC-pool to choose remotely which OS
> should be booted. Since it would be quite easy to set up an own DHCP-Server
> and thus to bring in an own OS illegally, I would like to know if it is
> possible to verify if the TFTP (or something else) Server is the right one.
> 
> I've seen in the mailinglist that there's been an patch by David Michael on
> Jul, 9th 2010. This patch seems to be just what I want, but I don't know
> how to embed an Signature to the lkrn-Image.
> 
> I would be grateful if anyone could help me.

gPXE is no longer maintained.  Please upgrade to iPXE (http://ipxe.org).

iPXE now (as of about 30 minutes ago) supports HTTPS server certificate 
verification.  You can use this to ensure that only trusted servers are allowed 
to provide boot images.

Support for signed binaries will be added within the next few weeks.

Michael



More information about the ipxe-devel mailing list