It's possible to require that any images used be signed using a specific key that is configured in the hardware ahead of time. Even if you don't do that, the same setup can be helpful for provisioning a bunch of machines without accessing any external network. You can configure a small box to act just as a DHCP server and to serve a machine image for network boot. Then you can have all the machines on this subnet automatically load that image as it is updated without the need for any further configuration on each device.
I've seen organizations do something similar to this for trade shows when they want a bunch of machines that visitors can interact with and don't want to have to keep them updated individually. Just update the image once and reboot each machine.
I dunno, I actually think a public key is better than a hash, because it lets you sign updated images without having to update things on the client. Obviously it should be user-controlled, but this feels like a legitimate use.
Well, it kind of does. Normally, the PXE network booting will use DHCP (or bootp or whatever) to fetch the boot image location, then it will fetch that boot image. Historically, that has worked this way:
1. bootp says boot image is at <ip address>/path/to/img
2. PXE network stack fetches that image via TFTP (which is awful)
3. PXE network stack boots that image
In most cases, the boot image would be a chainloader like pxelinux, and that would fetch a config file which told it the kernel path, the initrd path, and the commandline, and then the user could choose to boot that image, and then pxelinux would fetch the files via TFTP (which is still awful) and boot them.
In this new, HTTP-based case, we replace each instance of "TFTP" with "HTTP", which we can authenticate (ish), which we can easily firewall, which doesn't have weird compatibility issues, and so on.
Note that, before now, you could replace pxelinux with iPXE, and iPXE could fetch files via HTTP (which is awesome), but you still had to fetch iPXE and its config file via TFTP.
Note that TFTP is an unauthenticated, UDP-based, extremely limited protocol which has almost no support for anything but the most basic "get this file" or "take this file" functionality. Being able to replace it is a joy and a wonder.
I'm wondering if this is how we did a net install of a custom Distro back in a former job, but I don't recall. I just remember it being insanely easy to install the distro over the network, even on a VM.
if it was a decade ago, PXE/tftp booting was pretty common (at MetaCarta we shipped dell 2650/6650 servers around then, and while field upgrades were from DVD, the QA lab had some "synthesize keystrokes through a KVM to select netbooting" and then a tftpserver that had the image you wanted to install in a MAC address specific filename, so the machine picked up the intended image. We got the idea from another boston-area startup (Vanu Inc) that put similar Dell servers in software-configurable cellphone towers, iirc)
PXE is still the king in large DCs. I can install ~250 servers in 15 minutes with a single xCAT node over traditional gigabit Ethernet. Give another 5 minutes for post-install provisioning and presto!