NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: root-on-cgd revisited

matthew sporleder wrote:
>>   - I feel that the kernel solution is much more "natural" (to the end
>> user). You just set the root device to cgd0 in the kernel config, set up
>> the appropriate parameters for cgd0, and boot the kernel off a memory
>> stick or cd.
>>   - Adding root-on-cgd-support to sysinstall would be trivial.
>>   - No special memory disk kernel is required. Even the GENERIC one
>> would suffice. You only need to be able to specify the root device and
>> cgd parameters in boot.cfg.
> I don't know if I requiring a netboot/cdrom is really "natural" as it
> limits your flexibility a fair amount.

   Remember the context: Typically a laptop, or a server which only you
should be able to access all files on, but where you're not the only one
with physical access. The goal is to ensure that an attacker can't boot
off a cd, and change/replace files on your file system. To accomplish
this, you need to boot it from a secondary medium (for instance, usb
memory stick or cd, which you keep to yourself) for both the kernelized
and the init.root method. Booting from a secondary media is not a
"limitation". It's design.

>>   Arguments for the init.root solution:
>>   - There's a nifty shell you drop out to if you shut down to single
>> user mode, which can be used for maintenance.
> Does this open the door for any other really great features?  Live
> kernel updates or something?


Kind regards,
Jan Danielsson

Attachment: signature.asc
Description: OpenPGP digital signature

Home | Main Index | Thread Index | Old Index