Secure Boot Provisioning of Node over PXE
The basic PXE process for boot provisioning is:
1. Computer makes a DHCP request
2. DHCP server responds with address and PXE parameters
3. Computer downloads boot image using TFTP over UDP
The top security concerns during a PXE setup are:
• DCHP takeover
• Rogue TFTP server blindly injecting forged packets (hijacking or corrupting the boot image)
• MiM attacks due to no encryption or authentication from power-ON to OS start
The Rack Scale Architecture Controller creates a secure VLAN for booting a newly composed server. The key-exchange can be done using a TPM solution too.
The basic PXE process for boot provisioning is:
1. Computer makes a DHCP request
2. DHCP server responds with address and PXE parameters
3. Computer downloads boot image using TFTP over UDP
The top security concerns during a PXE setup are:
• DCHP takeover
• Rogue TFTP server blindly injecting forged packets (hijacking or corrupting the boot image)
• MiM attacks due to no encryption or authentication from power-ON to OS start
The Rack Scale Architecture Controller creates a secure VLAN for booting a newly composed server. The key-exchange can be done using a TPM solution too.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Mrittika Ganguli
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
