> >>> * - EFI_PXE_BASE_CODE_PROTOCOL > >>> - Booting via the Preboot Execution Environment (PXE) is insecure. > >>> Loading via PXE is typically executed before launching the first > >>> UEFI application. > >> > >> I don't think PXE should be a requirement, as Heinrich mentions it's > >> insecure. We should be requiring a secure protocol for a new spec, not > >> an old one that's being EOLed. I believe vendors are moving to remove > >> it in favour of HTTPS boot which also has the advantage it's more > >> flexible, and it much better places for IoT/Edge deployments which use > >> CDNs and the life extensively and it will generally work with > >> firewalls etc. If we're going to require something for network > >> installs, if the device has a capable network interface, it should be > >> HTTPS Boot. > >> > >> Peter > > > > Unfortunately we've got a functionality gap. U-Boot doesn't yet support > > TCP, HTTP, or TLS. All that functionality needs to be written or ported > > from somewhere. > > > > I would really like to require a secure network boot mechanism, but I > > think it needs to be left out until U-Boot can do TCP and TLS. > > You can use iPXE as U-Boot payload which offers HTTPS and iSCSI. Isn't > that enough?
iPXE is an implementation not the standard. I think EBBR the standard should require HTTPS boot, now if U-Boot chooses to implement that part of the standard using an iPXE UEFI binary to implement HTTPS boot that's an optoin. > TLS is quite complicated. GNU TLS has > 430,000 lines of code (without > comments). Looking at the number of CVEs in OpenSSL and GnuTLS I do not > believe that the U-Boot community will be able to produce and maintain a > secure implementation. Sure, but we're not talking about U-Boot, we're talking about EBBR the standard and U-Boot has a number of means of implementing HTTPS Boot, but by hobbling the standard with deployment technologies of the last century I think is a mistake. I have my opinions on whether implementing HTTP boot in U-Boot directly or leaning on iPXE as the implementation but that is irrelevant to what I think is right for EBBR as the standard. I think we should be specifying HTTPS boot as a part of the spec, and having a separate discussion of how that is supported in U-Boot. Peter _______________________________________________ boot-architecture mailing list [email protected] https://lists.linaro.org/mailman/listinfo/boot-architecture
