Network Boot in a Zero-Trust Environment
Why you're probably doing network boot wrong, and how to fix it.
Brian Richardson is the director of Firmware Ecosystem Development, spending most of his career as a "BIOS guy" working on the firmware that quietly boots billions of computers. He has focused on the industry transition to the Unified Extensible Firmware Interface (UEFI), demystifying how firmware works, and simplifying firmware development tools. Brian has presented at numerous conferences including LinuxCon, Open Source Firmware Conference (OSFC), and Bsides. https://software.intel.com/en-us/experts/evangelists/team/brian-richardson
No video of the event yet, sorry!
Network boot is commonly used for everything from booting thin clients to using IT automation for bare-metal provisioning. Unfortunately, most network boot infrastructure is based on outdated standards such as TFTP and PXE. This presents an issue when implementing a Zero Trust architecture, where security principles need to be implemented within the network perimeter.
This session introduces modern methods for securing network boot infrastructure, including UEFI Secure Boot and HTTPS Boot, and how they can be enabled with the right combination of firmware and server configuration.
- 2019 April 5 - 13:30
- 45 min
- openSUSE Summit Room / Midtown 3
- openSUSE Summit Nashville
- openSUSE/open source