RSC

Secure Boot Provisioning of Node over PXE

Registered by Mrittika Ganguli

The basic PXE process for boot provisioning is:
1. Computer makes a DHCP request
2. DHCP server responds with address and PXE parameters
3. Computer downloads boot image using TFTP over UDP
The top security concerns during a PXE setup are:
• DCHP takeover
• Rogue TFTP server blindly injecting forged packets (hijacking or corrupting the boot image)
• MiM attacks due to no encryption or authentication from power-ON to OS start
The Rack Scale Architecture Controller creates a secure VLAN for booting a newly composed server. The key-exchange can be done using a TPM solution too.

The basic PXE process for boot provisioning is:
1. Computer makes a DHCP request
2. DHCP server responds with address and PXE parameters
3. Computer downloads boot image using TFTP over UDP
The top security concerns during a PXE setup are:
• DCHP takeover
• Rogue TFTP server blindly injecting forged packets (hijacking or corrupting the boot image)
• MiM attacks due to no encryption or authentication from power-ON to OS start
The Rack Scale Architecture Controller creates a secure VLAN for booting a newly composed server. The key-exchange can be done using a TPM solution too.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Mrittika Ganguli
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.