[clug] "Trusting" a remote machine booting from a CD

Tony Lewis gnutered at yahoo.com.au
Sun Apr 22 23:20:46 GMT 2007

Scenario: a remote computer boots off a custom CD, and automatically 
attaches to a network.  Before being trusted on the network, I need to 
verify for sure that it's booted off the correct CD.  Specifically, I 
want to be sure someone hasn't taken the CD, copied and altered any part 
of it, and is using that to boot from.

Put another way, I want to be able to give the CD to someone, and be 
guaranteed that when their machine attempts to connect to the network, 
that I can be sure that they're booting from the CD and therefore 
haven't modified anything

I call this "BootsForSure" :-)

I don't see how I can do this with certainty, because any challenge I 
ask the remote computer to do (e.g. sha1sum of the kernel) can be falsified.

One thing I can think of is to use obfuscated binaries that contain some 
algorithm, e.g. a warped sha1sum.  But that's security by obscurity, and 
isn't bulletproof.

Any ideas?

PS, I've just changed my subscribed email address, should it matter to 
anyone.  I keep getting bounced on the other one.


More information about the linux mailing list