On Dec 27, 2013, at 5:30 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > > On Dec 27, 2013, at 4:40 PM, bruce <badouglas@xxxxxxxxx> wrote: > >> Hi Chris. >> >> Thanks fo.r the reply >> . >> The principle reason for doing/testing dual boot is to have the >> ability to be able to do a remote reinstall for a fresh OS on a remote >> box. If you know of a way to accomplish that, I'm more than willing to >> hear it!! > > USB key imaged with netinstl ISO is has a way to confirm it hasn't been altered, and a VNC and kickstart capability for unattended installation over a network. So actually, if I have compromised a system with that USB stick pre-inserted, I can create a custom kernel that causes hacked install image on that media to pass checksum. The apparently valid checksum would seem to imply the key hasn't been hacked. But since it has been, my hacked kernel can install a rootkit or other such malware in the course of you reinstalling the system. So I think this is invalid short of it leveraging UEFI Secure Boot. Chris Murphy -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
