git.ipfire.org Git - thirdparty/ipxe.git/commit

author	Michael Brown <mcb30@ipxe.org>
	Thu, 19 Apr 2012 13:52:07 +0000 (14:52 +0100)
committer	Michael Brown <mcb30@ipxe.org>
	Thu, 19 Apr 2012 15:11:20 +0000 (16:11 +0100)
commit	02f1f3066d434cf67b886a1cc482f74dee87479e
tree	074f81beab63855137441d0b48e80847f1c6e199	tree \| snapshot
parent	31e60de6760d5094f1ac662b877bb85b83aa1a53	commit \| diff

[crypto] Allow trusted root certificate to be changed without a rebuild

Changing the trusted root certificate currently requires a rebuild of
the iPXE binary, which may be inconvenient or impractical.

Allow the list of trusted root certificate fingerprints to be
overridden using the "trust" setting, but only at the point of iPXE
initialisation. This prevents untrusted sources of settings
(e.g. DHCP) from subverting the chain of trust, while allowing
trustworthy sources to change the trusted root certificate without
requiring a rebuild.

The basic idea is that if you are able to manipulate a trustworthy
source of settings (e.g. VMware GuestInfo or non-volatile stored
options), then you would be able to replace the iPXE binary anyway,
and so no security is lost by allowing such sources to override the
list of trusted root certificates.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/rootcert.c		diff \| blob \| blame \| history
src/include/ipxe/dhcp.h		diff \| blob \| blame \| history
src/include/ipxe/settings.h		diff \| blob \| blame \| history