Diskless NFS over TLS
- Reply: Rick Macklem : "Re: Diskless NFS over TLS"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 24 Jun 2023 09:23:47 UTC
I have a number of aarch64 SBCs that run "diskless": U-Boot loads boot.scr.uimg, loader.efi and the DTB via TFTP, EFI loads the loader config and kernel via NFS and passes the NFS root details to the kernel. I am contemplating whether it's possible to use secure NFS for at least the root mount[*]. The problem is that NFS-over-TLS relies on rpc.tlsclntd to perform the STARTTLS and that needs a functional userland to run it. Does anyone have any idea how to proceed? Maybe something like mfsroot with the real root then overlaid over it (though I haven't thought this through). (And I realise that protecting the keys is problematic). [*] It would be nice to secure TFTP and the kernel load but that's less feasible. -- Peter Jeremy