Network Boot in a Zero-Trust Environment
aka You're Probably Doing Network Boot Wrong
Harry Hsiung is a technical marketing engineer for Intel and has been working on Unified Extensible Firmware interface (UEFI) for the past 12 years.He has spent most of his time as a firmware engineer at Intel for 21 years and has worked on servers and client systems at Intel.
Network boot is commonly used for everything from booting thin clients to using IT automation for bare-metal provisioning. Unfortunately, most network boot infrastructure is based on outdated standards such as TFTP and PXE. This presents an issue when implementing a Zero Trust architecture, where security principles need to be implemented within the network perimeter. This session introduces modern methods for securing network boot infrastructure, including UEFI Secure Boot and HTTPS Boot, and how they can be enabled with the right combination of firmware and server configuration.
- 45 min
- LinuxFest Northwest 2019
- Open Source Firmware