As part of some work I am doing at the moment, I am looking at being
able to securely bootstrap (nearly) diskless machines over an
untrusted network.
Now, the best way that I have, off hand, been able to figure doing this
is to have a key on each client machine and use that to decrypt an image
downloaded from the boot image server on the client.
This does address my needs, at this stage, and is certainly something
that I can implement inside GRUB. I would propose a new command as
follows
grub> root (nd)
grub> kernel /tftproot/kernel.image
grub> decrypt 12345678 # decrypt <key>
grub> module /tftproot/module.image
grub> decrypt 87654321 # Need not be the same key
grub> boot
The decrypt command would then apply the decrypt routine (probably
blowfish or twofish) with the supplied key, to the last module or buffer
downloaded.
I can happily implement the support for this myself, but would like some
advice from the maintainers on a few issues.
Firstly, could this code be accepted into GRUB at all? I am more than
happy to sign over rights on the code to the FSF and intend to use only
free algorithms in the implementation.
I am also an Australian citizen and do not, as it stands, have any
restrictions that would make it impossible for me to export, write or
use this code.
Secondly, specific advice on my proposed API would be nice: is it the
right way to do this, or would you suggest some other method for doing
this?
Thanks,
Daniel
--
Life is a process of becoming, a combination of states we have to go
through. Where people fail is that they wish to elect a state and remain in
it. This is a kind of death.
-- Anais Nin
