This is an old revision of the document!
imgtrust [--allow] [--permanent]
imgtrust
imgtrust --allow
imgtrust --permanent
Require the use of trusted images. When trusted images are required, any attempts to execute an untrusted image will fail. All images are untrusted by default. To become trusted, an image must be verified using the imgverify
command.
If the –allow
option is specified then the trusted images will no longer be required, and untrusted images may be executed.
If the –permanent
option is specified, then the image trust requirement will be made permanent. Any future attempts to change the image trust requirement will fail. For example:
iPXE> imgtrust # Require trusted images iPXE> imgtrust --allow # Allow untrusted images iPXE> imgtrust --permanent # Permanently require trusted images iPXE> imgtrust --allow # Try to allow untrusted images Could not set image trust requirement: Permission denied (http://ipxe.org/0200823c)
Success | The image trust requirement was set successfully |
---|---|
Failure | The image trust requirement was not set successfully |
This command is available only when the build option IMAGE_TRUST_CMD
is enabled.
The default configuration is always to allow untrusted images. To require the use of trusted images, you must use an embedded script that includes the imgtrust
command. For example:
#!ipxe imgtrust --permanent dhcp imgfetch --name vmlinuz ${filename} imgverify vmlinuz ${filename}.sig imgexec vmlinuz
There is no way to use trusted images without using an embedded script.1)
The imgtrust
command only prevents the direct execution of untrusted images by iPXE. An untrusted image may still be used as, for example, the initrd for a trusted kernel image. You can use the imgverify
command to explicitly verify any such additional images.