[ipxe-devel] [PATCH v2 0/2] [crypto] Relax root certificate restrictions

Ladi Prosek lprosek at redhat.com
Wed Sep 20 09:52:15 UTC 2017


This is a simplified version of the series discussed back in March:
http://lists.ipxe.org/pipermail/ipxe-devel/2017-March/005475.html

Instead of allowing only trusted scripts to set the root cert, this
version's only restriction is that the root of trust can be set at
most once, as suggested in:
http://lists.ipxe.org/pipermail/ipxe-devel/2017-March/005481.html

---

The goal of this series is to make it possible to use iPXE with security
features, such as HTTPS, in enterprise environments where rebuilding
from sources is not an option and connecting to external services is not
desired. An ideal iPXE binary for this environment:

1) Does not use any cross-cert server by default. It can be configured
at runtime but is not required at build time (PATCH 1).

2) Does not contain any trusted certificate fingerprints. They can be
configured at runtime but the binary may have nothing embedded in it
(PATCH 2).

The particular scenario I am interested in is ipxe.lkrn booted locally
from ISOLINUX and passed a script as initrd. The script is trusted and
should be able to configure crypto as needed before chaining into an
HTTPS-downloaded image. Thanks!

[PATCH v2 1/2] [crypto] Fail fast if cross-certificate source is
[PATCH v2 2/2] [crypto] Allow TRUST to be overriden by scripts

 src/crypto/rootcert.c | 55 +++++++++++++++++++++++++++++++++++++++++++--------
 src/net/validator.c   |  6 ++++++
 2 files changed, 53 insertions(+), 8 deletions(-)




More information about the ipxe-devel mailing list