[syslinux] problem with PXElinux and security of local LAN - readonly double boot idea

H. Peter Anvin hpa at zytor.com
Tue Dec 20 11:29:59 PST 2005

Richard L. James wrote:
> Hi,
> Firstly rather than a harddisk why not boot from a
> read-only USB key or even read-only CD-ROM drive? 
> Some USB keys come with a hardware write protect
> switch.  You could locate the USB key inside the PC
> itself.  If being truely paranoid superglue works
> wonders to ensure things stay write protected or in
> place, e.g. when 100% happy with the boot just glue
> the USB protect tab to lock or in the case of a
> CD-drive glue over the eject button etc.

Ultimately, to be able to do secure boot you need a key that's stored 
somewhere on each computer.  Once that's done, one could use something 
like a custom Etherboot or BIS to control what's there.

There is another way to do this, which is in the network: program your 
switches to eat DHCP packets that don't come from the authorized DHCP 


More information about the Syslinux mailing list