This is a simplified version of the series discussed back in March: http://lists.ipxe.org/pipermail/ipxe-devel/2017-March/005475.html
Instead of allowing only trusted scripts to set the root cert, this version's only restriction is that the root of trust can be set at most once, as suggested in: http://lists.ipxe.org/pipermail/ipxe-devel/2017-March/005481.html --- The goal of this series is to make it possible to use iPXE with security features, such as HTTPS, in enterprise environments where rebuilding from sources is not an option and connecting to external services is not desired. An ideal iPXE binary for this environment: 1) Does not use any cross-cert server by default. It can be configured at runtime but is not required at build time (PATCH 1). 2) Does not contain any trusted certificate fingerprints. They can be configured at runtime but the binary may have nothing embedded in it (PATCH 2). The particular scenario I am interested in is ipxe.lkrn booted locally from ISOLINUX and passed a script as initrd. The script is trusted and should be able to configure crypto as needed before chaining into an HTTPS-downloaded image. Thanks! [PATCH v2 1/2] [crypto] Fail fast if cross-certificate source is [PATCH v2 2/2] [crypto] Allow TRUST to be overriden by scripts src/crypto/rootcert.c | 55 +++++++++++++++++++++++++++++++++++++++++++-------- src/net/validator.c | 6 ++++++ 2 files changed, 53 insertions(+), 8 deletions(-) _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
