>> server spoofing attacks (as in attackers changing the code you boot)
> Can you elaborate?
I think this is referring to the server being compromised. This isn't something that can be solved easily because while the bootloader could include signify[1] to verify its downloads, the bootloader itself can't be verified with anything. (disclaimer: I don't know very much about iPXE)
I think this is referring to the server being compromised. This isn't something that can be solved easily because while the bootloader could include signify[1] to verify its downloads, the bootloader itself can't be verified with anything. (disclaimer: I don't know very much about iPXE)
https://www.openbsd.org/papers/bsdcan-signify.html