On Mon, Aug 20, 2018 at 09:18:59AM +0100, Richard Hughes wrote: > Hi all, > > I've started to look at adding firmware updates for NVMe hardware to > the LVFS project Love the idea ;) > Install nvme (e.g. dnf install nvme-cli) then do sudo nvme id-ctrl > --raw-binary /dev/nvme0 > /tmp/id-ctrl I don't have any nvme hardware, so I can't help with that, but the command below raises an issue. Some time ago we started discouraging directly exporting the machine-id value. The reason is that it is a permanent identifier and exposing it has privacy and security implications. An library function sd_id128_get_machine_app_specific [1] was added, which takes the machine-id and hashes it with an application-specific identifier. The idea is that each application can use a stable id for the machine, but it is not possible to go back to the original machine-id or even to connect different applications on the same machine. If you ask, "OK, how do I use this?", then the answer is, short of writing a quick C program or maybe calling python and using CFFI, is that it's not directly available. Exposing this functionality has been on our todo list, for a while, and your upload script is provides a good use case. I opened a PR in systemd upstream to add a tool that provides this functionality [2]. Please take a look and comment on the proposed interface. But even it is merged quickly, this does not provide any solution for today. > If that worked, run the following command: > > curl -F type=nvme \ > -F "machine_id="`cat /etc/machine-id` \ > -F file=@/tmp/id-ctrl \ > https://staging.fwupd.org/lvfs/upload_hwinfo My suggestion for now would be do something like this instead: id="$(c=`(cat /etc/machine-id|echo nvme)|sha256sum`; echo ${c:0:32})" curl -F type=nvme \ -F "machine_id=$id" \ -F file=@/tmp/id-ctrl \ https://staging.fwupd.org/lvfs/upload_hwinfo [1] https://www.freedesktop.org/software/systemd/man/sd_id128_get_machine_app_specific.html [2] https://github.com/systemd/systemd/pull/9898 Zbyszek > We are using your random machine ID to ensure we don’t record > duplicate submissions -- if that makes you unhappy for some reason > just choose some other random 32 byte hex string. In the binary file > created by nvme there is the encoded model number and serial number of > your drive; if this makes you uneasy please don’t send the file. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/KCJ7T3MXL7YLOLVTJXNJRDTXALEFKB6I/
