Date: Sat, 27 Jan 2007 21:35:32 -0800 From: Daniel Rudy <dr2867@pacbell.net> To: "Devon H. O'Dell" <devon.odell@gmail.com> Cc: Koen Martens <fbsd@metro.cx>, freebsd-hackers@freebsd.org Subject: Re: unique hardware identification Message-ID: <45BC3624.3000608@pacbell.net> In-Reply-To: <9ab217670612190719r4d72c1d5tcf793aca5c781401@mail.gmail.com> References: <4587F6F1.1050000@metro.cx> <9ab217670612190719r4d72c1d5tcf793aca5c781401@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At about the time of 12/19/2006 7:19 AM, Devon H. O'Dell stated the following: > 2006/12/19, Koen Martens <fbsd@metro.cx>: >> Hi All, >> >> I was wondering, if something like a unique hardware identification >> would be possible on FreeBSD. >> >> I'd like a machine to authenticate to a server, for which it will >> need a unique identification. Problem is, it should be generated >> automatically and not easy to fake / detect without already having >> root access to the box. >> >> I'm thinking of something like combining serial numbers from >> CPU/disks for example, but there does not seem to be a clear way to >> obtain these (not all cpu's even have a serial number in there). >> >> I am just inquiring if someone on this list has an idea that might >> help with this problem. >> >> Gr, >> >> Koen > > Hey Koen, > > I know a lot of people / companies use the MAC address of a given > interface for this purpose, but it's not generally very useful since > most interfaces will allow you to set your own MAC address. > > Something you could use instead is a one-wire device, attached to the > motherboard (if it has a header for it). If the motherboard does not, > you can get LCDs from e.g. CrystalFontz that provide an interface to > such devices. The Dallas one-wire thermometers have a unique 64-bit > identifier on them, however this is only really useful if you have the > ability to control the hardware platform. > > If you are attempting to identify a specific hardware platform (e.g. a > standard set of motherboards and devices), you can enumerate devices > and device IDs on the PCI bus, creating some sort of hash of those. > > In the end, with the client controlling the hardware, client-side > security and validation is rather difficult. Even hacking the kernel > to only run signed binaries is going to be difficult to keep secure, > even keeping the key in some hardware secured storage, shipping the > system without a debugger or symbols, and controlling the hardware. > > Thank you, media, for blowing the Pentium III CPUID feature up into > something horrible. Uniquely identifiable hardware is very useful when > licensing :\. > > Regarding your questions, the serial number of the hard drive is > usually not too difficult to figure out. Take a look at atacontrol(8), > for instance: > > dho# atacontrol cap ad4 > > Protocol Serial ATA II > device model WDC WD1600JS-75NCB2 > serial number WD-WCANM3753524 > > The serial number should be unique. camcontrol(8) can probably give > you similar information for SCSI disks. > > Hope this is of some use. I'd be interested in seeing what others are doing. > > Kind regards, > > Devon H. O'Dell > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > I've had this very question myself. Here's what I've done: 1) Use a USB Flash Drive as a hardware dongle. These devices have a vendor id, product id, and a serial number that is garunteed to be unique. 2) Get the Link Layer Address off all the network interfaces in the system. 3) Get the model, serial, and firmware revision off the first harddrive in the system. 4) Using the sysctl(3) interface, I found some undocumented stuff that let's you enumerate the pnp devices in the system. Well, the kernel tells you what they are. -- Daniel Rudy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45BC3624.3000608>