[ipxe-devel] [PATCH 0/5] [crypto] Relax root certificate restrictions
Ladi Prosek
lprosek at redhat.com
Mon Jul 25 16:14:28 UTC 2016
The goal of this series is to make it possible to use iPXE with security
features, such as HTTPS, in enterprise environments where rebuilding
from sources is not an option and connecting to external services is not
desired. An ideal iPXE binary for this environment:
1) Does not use any cross-cert server by default. It can be configured
at runtime but is not required at build time (PATCH 1).
2) Does not contain any trusted certificate fingerprints. They can be
configured at runtime but the binary may have nothing embedded in it
(PATCH 5).
3) Allows trusted root certificate fingerprints to be changed by trusted
images (PATCH 3, 4).
4) Assumes initrd, kernel command line, and images embedded in iPXE to
be trusted (PATCH 2).
The particular scenario I am interested in is ipxe.lkrn booted locally
from ISOLINUX and passed a script as initrd. The script is trusted and
should be able to configure crypto as needed before chaining into an
HTTPS-downloaded image. Thanks!
[PATCH 1/5] [crypto] Fail fast if cross-certificate source is empty
[PATCH 2/5] [image] Make initrd, cmdline, and embedded images trusted
[PATCH 3/5] [settings] Make settings applicators aware of the setting
[PATCH 4/5] [crypto] Allow trusted certificates to be set by trusted
[PATCH 5/5] [crypto] Allow ALLOW_TRUST_OVERRIDE to be overriden by
src/arch/x86/core/runtime.c | 4 ++++
src/core/settings.c | 10 +++++-----
src/crypto/certstore.c | 2 +-
src/crypto/privkey.c | 2 +-
src/crypto/rootcert.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------
src/image/embedded.c | 1 +
src/include/ipxe/settings.h | 3 ++-
src/net/80211/net80211.c | 4 ++--
src/net/ipv4.c | 2 +-
src/net/tcp/syslogs.c | 2 +-
src/net/udp/dns.c | 2 +-
src/net/udp/syslog.c | 2 +-
src/net/udp/tftp.c | 2 +-
src/net/validator.c | 6 ++++++
14 files changed, 78 insertions(+), 33 deletions(-)
More information about the ipxe-devel
mailing list