On 05/28/2009 11:42 AM, Harald Hoyer wrote:
Ok, I updated https://apps.sourceforge.net/trac/dracut/wiki/commandline for the boot mechanism we should support in our first version. I removed the URI style root, because I misread the iscsi root path syntax the first time (no "//" involved). Please correct/extend the list. For e.g. password/user authentication, we have to inject conf files in the cpio archive, because /proc/cmdline is readable by everyone or use the dhcp root_path or other dhcp options.
I suspect none dhcp root-path is unsuitable too, because it is blatantly transmitted in clear text. This is also an issue for including it in a config file for PXE boot because the initrd must be transmitted unencrypted over the wire.
The only "secure" way of handling secrets in the initrd is if the initrd is on a local disk within a client. It is plausible that some users would opt to boot from local disks, and mount root filesystem over the network for benefits of easy central management.
Warren Togami wtogami@xxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
