[syslinux] problem with PXElinux and security of local LAN - readonly double boot idea
Jason Keltz
jas at cs.yorku.ca
Tue Dec 20 12:37:54 PST 2005
H. Peter Anvin wrote:
> There is another way to do this, which is in the network: program your
> switches to eat DHCP packets that don't come from the authorized DHCP
> server.
Unfortunately, this won't do it either. Imagine the case where a
student unplugs the lab machine and plugs it into a separate network
port on their laptop.
Is there absolutely no way through comboot to query the DHCP server (or
some other server like a web server) for a simple value through
sys/extlinux is there? This would just be very ideal.
What I really need is a "middle line" between pxelinux and syslinux
where I have the menu locally (syslinux with a comboot), but only the
choice of which menu option to select comes from the network (dhcp
option). Murali proposed a two part solution where I first boot to
syslinux (or extlinux) with a comboot that checks the status of a valid
on an unused part of the disk along with a timestamp. If the current
time has passed the timestamp, I boot into a mini linux distribution,
and then query a server to determine the required state, write that to
the machines hard disk, reboot, and then I would boot into that, but I
know there just has to be a way to figure out the required O/S on the
first boot without having the extra steps...
jas.
More information about the Syslinux
mailing list