diff options
| author | Michael Brown <mcb30@ipxe.org> | 2012-04-19 14:52:07 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2012-04-19 16:11:20 +0100 |
| commit | 02f1f3066d434cf67b886a1cc482f74dee87479e (patch) | |
| tree | 074f81beab63855137441d0b48e80847f1c6e199 /src/include/ipxe/dhcp.h | |
| parent | 31e60de6760d5094f1ac662b877bb85b83aa1a53 (diff) | |
| download | ipxe-02f1f3066d434cf67b886a1cc482f74dee87479e.tar.gz | |
[crypto] Allow trusted root certificate to be changed without a rebuild
Changing the trusted root certificate currently requires a rebuild of
the iPXE binary, which may be inconvenient or impractical.
Allow the list of trusted root certificate fingerprints to be
overridden using the "trust" setting, but only at the point of iPXE
initialisation. This prevents untrusted sources of settings
(e.g. DHCP) from subverting the chain of trust, while allowing
trustworthy sources to change the trusted root certificate without
requiring a rebuild.
The basic idea is that if you are able to manipulate a trustworthy
source of settings (e.g. VMware GuestInfo or non-volatile stored
options), then you would be able to replace the iPXE binary anyway,
and so no security is lost by allowing such sources to override the
list of trusted root certificates.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe/dhcp.h')
| -rw-r--r-- | src/include/ipxe/dhcp.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/include/ipxe/dhcp.h b/src/include/ipxe/dhcp.h index f5b3136ac..cc594ab1e 100644 --- a/src/include/ipxe/dhcp.h +++ b/src/include/ipxe/dhcp.h @@ -355,6 +355,9 @@ struct dhcp_client_uuid { /** Encrypted syslog server */ #define DHCP_EB_SYSLOGS_SERVER DHCP_ENCAP_OPT ( DHCP_EB_ENCAP, 0x55 ) +/** Trusted root certficate fingerprints */ +#define DHCP_EB_TRUST DHCP_ENCAP_OPT ( DHCP_EB_ENCAP, 0x5a ) + /** Skip PXE DHCP protocol extensions such as ProxyDHCP * * If set to a non-zero value, iPXE will not wait for ProxyDHCP offers |