Rollback protection for network bootingNetwork booting a Mac OS install imagePXE booting standard...
How to use of "the" before known matrices
Can I use USB data pins as power source
How to make healing in an exploration game interesting
How to terminate ping <dest> &
Have researchers managed to "reverse time"? If so, what does that mean for physics?
If curse and magic is two sides of the same coin, why the former is forbidden?
Why do passenger jet manufacturers design their planes with stall prevention systems?
My Graph Theory Students
An inequality of matrix norm
A sequence that has integer values for prime indexes only:
Should we release the security issues we found in our product as CVE or we can just update those on weekly release notes?
Interplanetary conflict, some disease destroys the ability to understand or appreciate music
Why is the President allowed to veto a cancellation of emergency powers?
Are all passive ability checks floors for active ability checks?
The difference between「N分で」and「後N分で」
Do the common programs (for example: "ls", "cat") in Linux and BSD come from the same source code?
Happy pi day, everyone!
PTIJ: Who should I vote for? (21st Knesset Edition)
Use of undefined constant bloginfo
How to use deus ex machina safely?
Why Choose Less Effective Armour Types?
How difficult is it to simply disable/disengage the MCAS on Boeing 737 Max 8 & 9 Aircraft?
Do I need life insurance if I can cover my own funeral costs?
Professor being mistaken for a grad student
Rollback protection for network booting
Network booting a Mac OS install imagePXE booting standard images?Booting off windows image through networkMulti-booting a secure-boot enabled Windows 8 laptopDRBL hangs after bootingWhen LAN booting is engaging?Booting an ISO over network with linuxPreLoader.efi: What's wrong with my Secure Boot settings?Network/PXE booting a split filesystemPXELINUX network booting an ISO file
I am interested in secure network booting. UEFI Secure Boot, combined with a signing key I control, ensures that no unauthorized code can run. However, it doesn’t provide rollback protection: an attacker can cause an earlier version of the OS to run.
Is there a way to prevent this? The first one that comes to mind is:
- The initramfs compares the running kernel version (
uname -r) and its own version with values stored in EFI variables. - If the values in EFI are newer, boot is aborted.
- Otherwise, the values are written to the EFI variables.
pxe secure-boot
asked 2 mins ago
DemiDemi
4181718
add a comment |
I am interested in secure network booting. UEFI Secure Boot, combined with a signing key I control, ensures that no unauthorized code can run. However, it doesn’t provide rollback protection: an attacker can cause an earlier version of the OS to run.
Is there a way to prevent this? The first one that comes to mind is:
- The initramfs compares the running kernel version (
uname -r) and its own version with values stored in EFI variables. - If the values in EFI are newer, boot is aborted.
- Otherwise, the values are written to the EFI variables.
pxe secure-boot
asked 2 mins ago
DemiDemi
4181718
add a comment |
I am interested in secure network booting. UEFI Secure Boot, combined with a signing key I control, ensures that no unauthorized code can run. However, it doesn’t provide rollback protection: an attacker can cause an earlier version of the OS to run.
Is there a way to prevent this? The first one that comes to mind is:
- The initramfs compares the running kernel version (
uname -r) and its own version with values stored in EFI variables. - If the values in EFI are newer, boot is aborted.
- Otherwise, the values are written to the EFI variables.
pxe secure-boot
asked 2 mins ago
DemiDemi
4181718
I am interested in secure network booting. UEFI Secure Boot, combined with a signing key I control, ensures that no unauthorized code can run. However, it doesn’t provide rollback protection: an attacker can cause an earlier version of the OS to run.
Is there a way to prevent this? The first one that comes to mind is:
- The initramfs compares the running kernel version (
uname -r) and its own version with values stored in EFI variables. - If the values in EFI are newer, boot is aborted.
- Otherwise, the values are written to the EFI variables.
pxe secure-boot
pxe secure-boot
asked 2 mins ago
DemiDemi
4181718
asked 2 mins ago
DemiDemi
4181718
asked 2 mins ago
DemiDemi
4181718
asked 2 mins ago
DemiDemi
4181718
asked 2 mins ago
DemiDemi
4181718
4181718
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1414473%2frollback-protection-for-network-booting%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1414473%2frollback-protection-for-network-booting%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
