Re: Announce: initrd-tftp 0.1

From: Hans de Goede (hans@highrise.nl)
Date: Sun Jan 09 2000 - 20:04:11 EST


Alan Cox wrote:
 
<lots of stuff>

Okay, I thought this over, and I might have jumped into this discussion
to fast, the initrd way might be better, since it offers more
flexibility to use scp for the ramdisk for example etc.

And a few people rightfully asked me wether or not I have ever tried it
(the initrd way) and I didn't, so I stand corrected untill I try it ;)

I have however used the root-over-nfs support (with bootp) a lott, and I
don't think I would like to loose that, although one could argue that it
is the task of the loader to pass an ip / netmask /default gateway/
server to the kernel, since it needs it anyways to get the kernel
(assuming the kernel is loaded from the net too, which it is in all
cases where I use it)

So one request of mine is, if the bootp and nfsroot code gets removed,
please allow the ability to pass an ip/netmask/defaultgateway as param
to the kernel, and allow the root to be nfs by specifying
root=hostname:/bla.

> Second thing; tftp is almost away done wrongly for an embedded system. Unless
> you are protecting your data stream with a shared secret between your boot
> loader and your main system it requires you only deploy such devices on a
> trusted lan segment firewalled from the main network as tftp has no credible
> security - its meant to be a trivial protocol.
>

Actually that's a very actual problem of mine, so since I'm poluting
linux-kernel anyways, any smart suggestions would be welcome.

Here's a short description of what I have / want

I have:
-an access control system for doors and the likes based upon an
embedded-linux box with the
 os +root in flash, this is connected to the public internet

I want:
-the same system, but with the kernel + root loaded over the net, boot
sequence:
-discover ip with bootp
-tftp bootp-filename field from bootp-server as kernel image
-kernel image mounts bootp-root field from bootp-server

Now I can do this, my problem is however that it all needs to be
reasonable secure. That is, the bootp server may not be spoofed, I don't
want some one with a linux ws also play bootp and take over the acces
control system.

Problems:
-bootp, how do I know the server is THE server
-tftp, can easily be spoofed, how do I know the kernel is valid/real
-nfs, again not secure

As said any smart suggestions welcome, if possible I would like to keep
the bootrom used to get the kernel intact ;|

Regards,

Hans

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:15 EST