The goal of this series is to make it possible to use iPXE with security features, such as HTTPS, in enterprise environments where rebuilding from sources is not an option and connecting to external services is not desired. An ideal iPXE binary for this environment:
1) Does not use any cross-cert server by default. It can be configured at runtime but is not required at build time (PATCH 1). 2) Does not contain any trusted certificate fingerprints. They can be configured at runtime but the binary may have nothing embedded in it (PATCH 5). 3) Allows trusted root certificate fingerprints to be changed by trusted images (PATCH 3, 4). 4) Assumes initrd, kernel command line, and images embedded in iPXE to be trusted (PATCH 2). The particular scenario I am interested in is ipxe.lkrn booted locally from ISOLINUX and passed a script as initrd. The script is trusted and should be able to configure crypto as needed before chaining into an HTTPS-downloaded image. Thanks! [PATCH 1/5] [crypto] Fail fast if cross-certificate source is empty [PATCH 2/5] [image] Make initrd, cmdline, and embedded images trusted [PATCH 3/5] [settings] Make settings applicators aware of the setting [PATCH 4/5] [crypto] Allow trusted certificates to be set by trusted [PATCH 5/5] [crypto] Allow ALLOW_TRUST_OVERRIDE to be overriden by src/arch/x86/core/runtime.c | 4 ++++ src/core/settings.c | 10 +++++----- src/crypto/certstore.c | 2 +- src/crypto/privkey.c | 2 +- src/crypto/rootcert.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------ src/image/embedded.c | 1 + src/include/ipxe/settings.h | 3 ++- src/net/80211/net80211.c | 4 ++-- src/net/ipv4.c | 2 +- src/net/tcp/syslogs.c | 2 +- src/net/udp/dns.c | 2 +- src/net/udp/syslog.c | 2 +- src/net/udp/tftp.c | 2 +- src/net/validator.c | 6 ++++++ 14 files changed, 78 insertions(+), 33 deletions(-) _______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
