チケット #40287

Provide distrokey detached signed files

登録: 2020-03-28 06:16 最終更新: 2020-03-28 06:16

報告者:
担当者:
(未割り当て)
チケットの種類:
状況:
オープン
コンポーネント:
(未割り当て)
マイルストーン:
(未割り当て)
優先度:
5 - 中
重要度:
5 - 中
解決法:
なし
ファイル:
なし

詳細

Hello there.

In the goal of supporting clonezilla through the Heads Open Source Firmware project: 1- Clonezilla public distribution key would need to be added to the trusted public signatures of the project (https://github.com/osresearch/heads/tree/master/initrd/etc/distro/keys) 1.1: QubesOS example of included distro signing public key (which was included in Heads above): https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc 2- Clonezilla detached signed file corresponding to the iso would need to be downloadable (Ex: https://www.qubes-os.org/downloads/) 2.2: QubesOS example of detached signed iso: https://mirrors.edge.kernel.org/qubes/iso/Qubes-R4.0.3-x86_64.iso.asc

Doing so, Heads would be able to boot from Clonezilla ISO directly fro ma USB drive if the prerequisites are filled: a. ISO file has a matching detached signature file (.asc) in the same directory b. public distro key is present in firmware.

That would permit OEMs that wants to use your solution to deploy a lite server using BTS to clone to multiple clients to have multiple boot configurations for a same ISO (with softlinks pointing to it) so that profiles are created easily: local server, remote server, local client, remote client (https://github.com/osresearch/heads-wiki/blob/master/Boot.md)

This is not a blocker since I can detach sign myself the isos and play around. But this would make your solution used by security oriented people interested in using clonezilla to faciliate OEM deployments.... instead of buying physical , closed source cloners :)

Thanks, Insurgo Open Technologies insurgo@riseup.net https://insurgo.ca

チケットの履歴 (1 件中 1 件表示)

2020-03-28 06:16 更新者: tlaurion
  • 新しいチケット "Provide distrokey detached signed files" が作成されました

添付ファイルリスト

添付ファイルはありません

編集

ログインしていません。ログインしていない状態では、コメントに記載者の記録が残りません。 » ログインする