On Tue, Jul 16, 2019 at 12:58:36PM +0200, Bastian Krause wrote: > By default systemd generates a machine id on first boot and tries to > persist it (see `man machine-id`). When the root file system is read-only > systemd cannot persist the machine id. In case multiple redundant slots > are used the machine id will vary. When not handled explicitly the > machine id will also change during updates. > > It is possible to pass a machine id to the kernel which will be used by > systemd (systemd.machine_id=). > > This adds functionality to pass device-specific information that will be > hashed to generate a persistent unique machine id. The machine id will > be finally added to the kernel parameters via the > linux.bootargs.machine_id global variable. > > Note: if multiple sources provide hashable device-specific information > (via machine_id_set_hashable()) the information provided by the last call > prior to the late initcall set_machine_id() is used to generate the > machine id from. Thus when updating barebox the machine id might change. I would also add this paragraph to the kconfig help text, so it is more visible for users. - Roland > > Signed-off-by: Bastian Krause <bst@xxxxxxxxxxxxxx> > --- > common/Kconfig | 11 ++++++++ > common/Makefile | 1 + > common/machine_id.c | 65 ++++++++++++++++++++++++++++++++++++++++++++ > include/machine_id.h | 6 ++++ > 4 files changed, 83 insertions(+) > create mode 100644 common/machine_id.c > create mode 100644 include/machine_id.h > > diff --git a/common/Kconfig b/common/Kconfig > index 8aad5baecd..4b2d79350d 100644 > --- a/common/Kconfig > +++ b/common/Kconfig > @@ -982,6 +982,17 @@ config RESET_SOURCE > of the reset and why the bootloader is currently running. It can be > useful for any kind of system recovery or repair. > > +config MACHINE_ID > + bool "pass machine-id to kernel" > + depends on FLEXIBLE_BOOTARGS > + select DIGEST > + select DIGEST_SHA1_GENERIC > + help > + Sets the linux.bootargs.machine_id global variable with a value of > + systemd.machine_id=UID. The UID is a persistent device-specific > + id. It is a hash over device-specific information provided by various > + sources. > + > endmenu > > menu "Debugging" > diff --git a/common/Makefile b/common/Makefile > index a284655fc1..10960169f9 100644 > --- a/common/Makefile > +++ b/common/Makefile > @@ -11,6 +11,7 @@ obj-y += bootsource.o > obj-$(CONFIG_ELF) += elf.o > obj-y += restart.o > obj-y += poweroff.o > +obj-$(CONFIG_MACHINE_ID) += machine_id.o > obj-$(CONFIG_AUTO_COMPLETE) += complete.o > obj-y += version.o > obj-$(CONFIG_BAREBOX_UPDATE) += bbu.o > diff --git a/common/machine_id.c b/common/machine_id.c > new file mode 100644 > index 0000000000..54c1820086 > --- /dev/null > +++ b/common/machine_id.c > @@ -0,0 +1,65 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +/* > + * Copyright (C) 2019 Pengutronix, Bastian Krause <kernel@xxxxxxxxxxxxxx> > + */ > + > +#define pr_fmt(fmt) "machine-id: " fmt > + > +#include <common.h> > +#include <init.h> > +#include <digest.h> > +#include <globalvar.h> > +#include <crypto/sha.h> > +#include <machine_id.h> > + > +#define MACHINE_ID_LENGTH 32 > + > +static void *__machine_id_hashable; > +static size_t __machine_id_hashable_length; > + > + > +void machine_id_set_hashable(void *hashable, size_t len) > +{ > + __machine_id_hashable = hashable; > + __machine_id_hashable_length = len; > +} > + > +static int machine_id_set_bootarg(void) > +{ > + struct digest *digest = NULL; > + unsigned char machine_id[SHA1_DIGEST_SIZE]; > + char *hex_id; > + int ret = 0; > + > + if (!__machine_id_hashable) { > + pr_warn("No hashable set, will not pass id to kernel\n"); > + goto out; > + } > + > + hex_id = "systemd.machine_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; > + > + digest = digest_alloc_by_algo(HASH_ALGO_SHA1); > + ret = digest_init(digest); > + if (ret) > + goto out; > + > + ret = digest_update(digest, &__machine_id_hashable, > + __machine_id_hashable_length); > + if (ret) > + goto out; > + > + ret = digest_final(digest, machine_id); > + if (ret) > + goto out; > + > + /* use the first 16 bytes of the sha1 hash as the machine-id */ > + bin2hex(&hex_id[19], &machine_id[0], MACHINE_ID_LENGTH/2); > + > + globalvar_add_simple("linux.bootargs.machine_id", &hex_id[0]); > + > +out: > + digest_free(digest); > + return ret; > + > +} > +late_initcall(machine_id_set_bootarg); > diff --git a/include/machine_id.h b/include/machine_id.h > new file mode 100644 > index 0000000000..e4a9dacd4d > --- /dev/null > +++ b/include/machine_id.h > @@ -0,0 +1,6 @@ > +#ifndef __MACHINE_ID_H__ > +#define __MACHINE_ID_H__ > + > +void machine_id_set_hashable(void *hashable, size_t len); > + > +#endif /* __MACHINE_ID_H__ */ > -- > 2.20.1 > > > _______________________________________________ > barebox mailing list > barebox@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/barebox > -- Roland Hieber | r.hieber@xxxxxxxxxxxxxx | Pengutronix e.K. | https://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim | Phone: +49-5121-206917-5086 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox