2006/12/19, Koen Martens <[EMAIL PROTECTED]>:
Hi All,
I was wondering, if something like a unique hardware identification
would be possible on FreeBSD.
I'd like a machine to authenticate to a server, for which it will
need a unique identification. Problem is, it should be generated
automatically and not easy to fake / detect without already having
root access to the box.
I'm thinking of something like combining serial numbers from
CPU/disks for example, but there does not seem to be a clear way to
obtain these (not all cpu's even have a serial number in there).
I am just inquiring if someone on this list has an idea that might
help with this problem.
Gr,
Koen
Hey Koen,
I know a lot of people / companies use the MAC address of a given
interface for this purpose, but it's not generally very useful since
most interfaces will allow you to set your own MAC address.
Something you could use instead is a one-wire device, attached to the
motherboard (if it has a header for it). If the motherboard does not,
you can get LCDs from e.g. CrystalFontz that provide an interface to
such devices. The Dallas one-wire thermometers have a unique 64-bit
identifier on them, however this is only really useful if you have the
ability to control the hardware platform.
If you are attempting to identify a specific hardware platform (e.g. a
standard set of motherboards and devices), you can enumerate devices
and device IDs on the PCI bus, creating some sort of hash of those.
In the end, with the client controlling the hardware, client-side
security and validation is rather difficult. Even hacking the kernel
to only run signed binaries is going to be difficult to keep secure,
even keeping the key in some hardware secured storage, shipping the
system without a debugger or symbols, and controlling the hardware.
Thank you, media, for blowing the Pentium III CPUID feature up into
something horrible. Uniquely identifiable hardware is very useful when
licensing :\.
Regarding your questions, the serial number of the hard drive is
usually not too difficult to figure out. Take a look at atacontrol(8),
for instance:
dho# atacontrol cap ad4
Protocol Serial ATA II
device model WDC WD1600JS-75NCB2
serial number WD-WCANM3753524
The serial number should be unique. camcontrol(8) can probably give
you similar information for SCSI disks.
Hope this is of some use. I'd be interested in seeing what others are doing.
Kind regards,
Devon H. O'Dell
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
