Today we announce that we have completely removed all traces of disks being used by our VPN infrastructure!

  • Carlos Solís@communities.azkware.net
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    9
    ·
    1 year ago

    From what I read in the article, there is still one part of the boot sequence that does require some sort of storage: the part where the bootloader fetches the network boot image and verifies it against the checksum signature. But I think that can be performed by booting from a pendrive and then removing it. The problem will come if law enforcement gets a hold of said pendrive…

    • Deconceptualist@lemm.ee
      link
      fedilink
      English
      arrow-up
      73
      ·
      1 year ago

      Why would that be a problem? A boot image should only contain the commands to get the main system started after POST. It shouldn’t contain any kind of logs, traffic data, or user data. In fact it should be read-only.

    • mub@lemmy.ml
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      Boot Drive could be immutable and not contain any form of log?

    • meseek #2982@lemmy.ca
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      1 year ago

      Destroy the drive. That’s what Apple does and how they get around the whole “we need a backdoor” problem. When no one can access the server, no more problems.

      • Carlos Solís@communities.azkware.net
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        1 year ago

        Something tells me that they have a stack of single-use drives so that each time a server needs to reboot for some reason, they write a boot loader in one from their central headquarters, walk back to the server room, use the device to boot the server, and finally hammer the everliving bejeezus out of the thumb drive juuuuust in case. Hopefully they don’t have to reboot that often!

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      PXE boot will TFTP the boot image into RAM and carry on from there. You shouldn’t need any storage on your device.