[clug] "Trusting" a remote machine booting from a CD
Tony Lewis
gnutered at yahoo.com.au
Sun Apr 22 23:20:46 GMT 2007
Scenario: a remote computer boots off a custom CD, and automatically
attaches to a network. Before being trusted on the network, I need to
verify for sure that it's booted off the correct CD. Specifically, I
want to be sure someone hasn't taken the CD, copied and altered any part
of it, and is using that to boot from.
Put another way, I want to be able to give the CD to someone, and be
guaranteed that when their machine attempts to connect to the network,
that I can be sure that they're booting from the CD and therefore
haven't modified anything
I call this "BootsForSure" :-)
I don't see how I can do this with certainty, because any challenge I
ask the remote computer to do (e.g. sha1sum of the kernel) can be falsified.
One thing I can think of is to use obfuscated binaries that contain some
algorithm, e.g. a warped sha1sum. But that's security by obscurity, and
isn't bulletproof.
Any ideas?
PS, I've just changed my subscribed email address, should it matter to
anyone. I keep getting bounced on the other one.
Tony
More information about the linux
mailing list