Late Night Thinking

Fri, 21 Jul 2006

Netbooting Idea

One issue with netbooting computers is that the standard processes --- get a network address, get a bootloader somehow, load a kernel, pull down an image --- are all pretty unauthenticated. You are trusting that the thing answering your dhcp query or the thing supplying you with an image is the thing you want to be talking to. For client machines this is bad enough, but what if you are wanting to deploy simple services? You want some greater degree of assurance.

What if you had some local store into which you could put some sort of credentials, say, a pgp key, or a certificate? It could be simple --- a compact flash plugged into the ide chain, or a usb keydrive plugged into an internal usb port. It could either contain your bootloader, or your firmware bootloader could use that credential to authenticate and encrypt bits of data. So, do a dhcp request, get a network address. Ask for a kernel with an embedded disk image. Take a couple hashes of what you get handed, use the certificate to securely query a service to verify that the hashes match. Start loading stuff. After the kernel boots, it could use that certificate to get other sensative data: pull down kerberos keytabs, ssh keys, etc. etc, from which more conventional methods of getting sensative data can be grabbed.

This seems to solve a few problems with the conventional method of doing netbooting:

• How do I know I'm not getting trojaned binaries?

  All you are trusting is dhcp. After that, you are verifying what you are getting through secure channels, and even if you use something like, say, nfs for the rest of your stuff, you can use this secure channel to set up ipsec or an ssl tunnel to the file service.

• How do I even know I'm talking to the correct service to set up that initial channel, get the proper kernel, etc?

  As long as you take reasonable steps to physically lock the machine (padlock the case shut, lock the machine to something, use a sane bios that prevents booting from any other device), there's no place where you could insert anything that would allow you to compromise the credentials. I can see a long chance if you could power up the machine but prevent it from doing anything else you might be able to plug in an external usb device and use the computer basically as an expensive usb hub and steal the credentials. If you limit yourself to the cf-ide solution, or make sure that you are plugged into a usb bus that does not leave the inside of the case, you should be able to limit that.

Ideas? Potential flaws?

Posted at: 01:14 | category: /computers/netboot | Link

Links

• My main site
• The print zine Late Night Thinking

Archives

2020-Mar
2019-Nov
2019-Apr
2019-Feb
2018-Dec
2018-Jul
2018-Feb
2018-Jan
2017-Nov
2017-Sep
2017-Aug
2017-Jul
2017-May
2016-Nov
2016-Sep
2016-Apr
2016-Mar
2016-Jan
2015-Dec
2015-Nov
2015-Oct
2015-Sep
2015-Aug
2015-Jun
2015-May
2015-Mar
2015-Feb
2015-Jan
2014-Jun
2014-Mar
2014-Jan
2013-Oct
2013-Aug
2013-Jul
2013-Jan
2012-Nov
2012-Oct
2012-Sep
2012-Aug
2012-Jun
2012-May
2012-Apr
2012-Mar
2012-Feb
2011-Nov
2011-Sep
2011-Aug
2011-Jun
2011-May
2011-Apr
2011-Mar
2011-Feb
2010-Oct
2010-Sep
2010-Aug
2010-May
2010-Feb
2010-Jan
2009-Dec
2009-Oct
2009-Sep
2009-Aug
2009-Jun
2009-Apr
2009-Mar
2009-Feb
2009-Jan
2008-Dec
2008-Nov
2008-Oct
2008-Sep
2008-Aug
2008-Jul
2008-May
2008-Apr
2008-Mar
2008-Feb
2008-Jan
2007-Dec
2007-Nov
2007-May
2006-Aug
2006-Jul
2006-Jun
2006-Apr
2006-Jan
2005-Dec
2005-Aug
2005-Jul