|
|
|
|
|
|
by crackerjackmack
3803 days ago
|
|
|
Netbooting isn't new. Insecure netbooting isn't new (ala netboot install USB's per distro). Wrapping it up into a cohesive service is and it's awesome. Going signed CA wouldn't be hard to do in this case at all, it's just part of the build process actually but only gets you to to a trusted PXE+menu system. After getting into the PXE menu a system could still hijack the upstream kernel/initrd files. Even freebsd netinstall (aka not limited to linux installers) is just http/ftp without any package signing. The whole ecosystem probably needs to mature some more in regards to verification that won't break downstream projects such as this. |
|
|