Ticket #40287

Provide distrokey detached signed files

Eröffnet am: 2020-03-28 06:16 Letztes Update: 2020-03-28 06:16

Auswertung:
Verantwortlicher:
(Keine)
Status:
Offen
Komponente:
(Keine)
Meilenstein:
(Keine)
Priorität:
5 - Mittel
Schweregrad:
5 - Mittel
Lösung:
Keine
Datei:
Keine

Details

Hello there.

In the goal of supporting clonezilla through the Heads Open Source Firmware project: 1- Clonezilla public distribution key would need to be added to the trusted public signatures of the project (https://github.com/osresearch/heads/tree/master/initrd/etc/distro/keys) 1.1: QubesOS example of included distro signing public key (which was included in Heads above): https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc 2- Clonezilla detached signed file corresponding to the iso would need to be downloadable (Ex: https://www.qubes-os.org/downloads/) 2.2: QubesOS example of detached signed iso: https://mirrors.edge.kernel.org/qubes/iso/Qubes-R4.0.3-x86_64.iso.asc

Doing so, Heads would be able to boot from Clonezilla ISO directly fro ma USB drive if the prerequisites are filled: a. ISO file has a matching detached signature file (.asc) in the same directory b. public distro key is present in firmware.

That would permit OEMs that wants to use your solution to deploy a lite server using BTS to clone to multiple clients to have multiple boot configurations for a same ISO (with softlinks pointing to it) so that profiles are created easily: local server, remote server, local client, remote client (https://github.com/osresearch/heads-wiki/blob/master/Boot.md)

This is not a blocker since I can detach sign myself the isos and play around. But this would make your solution used by security oriented people interested in using clonezilla to faciliate OEM deployments.... instead of buying physical , closed source cloners :)

Thanks, Insurgo Open Technologies insurgo@riseup.net https://insurgo.ca

Ticket-Verlauf (1/1 Historien)

2020-03-28 06:16 Aktualisiert von: tlaurion
  • New Ticket "Provide distrokey detached signed files" created

Dateianhangliste

Keine Anhänge

Bearbeiten

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Anmelden