> As network technology has improved, the limitations of PXE Boot are more apparent. PXE has no mechanism for encryption or authentication, is susceptible to man-in-the-middle attacks, does not scale outside of local networks, and has reliability issues associated with TFTP time-outs and UDP packet loss.
[snip]
> One of the key issues with PXE is a lack of security. The TFTP & UDP transactions associated with PXE may be the last unencrypted traffic on your network and are trivial to intercept. This boot process goes against the “zero trust” concept applied to today’s networks.
However, UEFI to the rescue:
> The UEFI Specification introduced HTTP(S) Boot in in version 2.5. HTTP Boot combines the Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Hypertext Transfer Protocol (HTTP) to provide system deployment and configuration capabilities over the network. Compared to PXE Boot, HTTP Boot can handle much larger files than TFTP, and scale to much larger distances. PXE depends on UDP broadcast You can easily download multi-megabyte files, such as a Linux kernel and a root file system, from servers that are not on your local area network.
Where did you get the idea that anybody on the Internet can?
The first step to network booting (PXE or UEFI boot) requires DHCP, which means a DHCP server or relay on your local broadcast domain (switched LAN, and I'm sure there are extensions for boot-over-WIFI somewhere).
Sure your computer could fetch the boot image over the Internet, if you're okay with involving the unreliability of the Internet in your boot process, but that'd require explicit configuration on your DHCP server.
Using DHCP, the same tool that can configure any client computer with addresses and gateways, meaning you hopefully secure that already.
Some switches give you tools to mark a few physical ports as "truster", allowing DHCP OFFER from those; and drop (or ever shutdown the port!) when such a packet is received on an untrusted port.
https://www.intel.com/content/www/us/en/developer/articles/t...
> As network technology has improved, the limitations of PXE Boot are more apparent. PXE has no mechanism for encryption or authentication, is susceptible to man-in-the-middle attacks, does not scale outside of local networks, and has reliability issues associated with TFTP time-outs and UDP packet loss.
[snip]
> One of the key issues with PXE is a lack of security. The TFTP & UDP transactions associated with PXE may be the last unencrypted traffic on your network and are trivial to intercept. This boot process goes against the “zero trust” concept applied to today’s networks.
However, UEFI to the rescue:
> The UEFI Specification introduced HTTP(S) Boot in in version 2.5. HTTP Boot combines the Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Hypertext Transfer Protocol (HTTP) to provide system deployment and configuration capabilities over the network. Compared to PXE Boot, HTTP Boot can handle much larger files than TFTP, and scale to much larger distances. PXE depends on UDP broadcast You can easily download multi-megabyte files, such as a Linux kernel and a root file system, from servers that are not on your local area network.
Because HTTP is now a layer of the network stack.