Diskless devices that boot from a common boot server can be used for example when a consistent software configuration across the devices is desired. A consistent software configuration may reduce the cost associated with system administration and maintenance. Use of diskless devices is also justified in applications, where information does not need to be stored persistently on individual devices. In those scenarios, local persistent storages, such as hard disk drives, represent futile costs.
Downloading boot images from a boot server to a device through a network may involve security risks e.g. in the form of the boot images being tampered with in a manner that makes a device vulnerable to attacks. Therefore, integrity protection of boot files may be needed in order to improve system security.
When using a bootstrapping scheme in a network boot, integrity protection of a boot sequence may be effected such that each of the software entities that are to be loaded and executed during the boot validates the integrity of the next software entity in the sequence before passing the control on to the next entity. If the integrity of each of the entities in the boot sequence has been preserved, the entire boot sequence is deemed to be appropriately protected.
The integrity check of a software entity to be loaded and executed during a boot sequence may be associated with a state of the computing platform resulting from the execution of the software entity. In other words, execution of the software entity puts the platform software and hardware in a particular state. Even if the loaded software entities are similar across devices in a network, computing platform states may vary during a boot sequence due to differences in hardware configurations and combinations of software and hardware. It means that information that is used for checking the integrity of software entities during a boot sequence may have to be determined separately for each device and for each state, as a state depends upon a platform's software and hardware configuration. Such a determination process may be costly and time-consuming.