On 17/7/19 12:02, Roland Hieber wrote: > On Tue, Jul 16, 2019 at 12:58:36PM +0200, Bastian Krause wrote: >> By default systemd generates a machine id on first boot and tries to >> persist it (see `man machine-id`). When the root file system is read-only >> systemd cannot persist the machine id. In case multiple redundant slots >> are used the machine id will vary. When not handled explicitly the >> machine id will also change during updates. >> >> It is possible to pass a machine id to the kernel which will be used by >> systemd (systemd.machine_id=). >> >> This adds functionality to pass device-specific information that will be >> hashed to generate a persistent unique machine id. The machine id will >> be finally added to the kernel parameters via the >> linux.bootargs.machine_id global variable. >> >> Note: if multiple sources provide hashable device-specific information >> (via machine_id_set_hashable()) the information provided by the last call >> prior to the late initcall set_machine_id() is used to generate the >> machine id from. Thus when updating barebox the machine id might change. > > I would also add this paragraph to the kconfig help text, so it is more > visible for users. Maybe add a priority parameter like we do with e.g. reset reason? That way we can have a base machine-id in the OTP, but board code can override it with e.g. an EEPROM value which is given higher priority. > > - Roland > >> >> Signed-off-by: Bastian Krause <bst@xxxxxxxxxxxxxx> >> --- >> common/Kconfig | 11 ++++++++ >> common/Makefile | 1 + >> common/machine_id.c | 65 ++++++++++++++++++++++++++++++++++++++++++++ >> include/machine_id.h | 6 ++++ >> 4 files changed, 83 insertions(+) >> create mode 100644 common/machine_id.c >> create mode 100644 include/machine_id.h >> >> diff --git a/common/Kconfig b/common/Kconfig >> index 8aad5baecd..4b2d79350d 100644 >> --- a/common/Kconfig >> +++ b/common/Kconfig >> @@ -982,6 +982,17 @@ config RESET_SOURCE >> of the reset and why the bootloader is currently running. It can be >> useful for any kind of system recovery or repair. >> >> +config MACHINE_ID >> + bool "pass machine-id to kernel" >> + depends on FLEXIBLE_BOOTARGS >> + select DIGEST >> + select DIGEST_SHA1_GENERIC >> + help >> + Sets the linux.bootargs.machine_id global variable with a value of >> + systemd.machine_id=UID. The UID is a persistent device-specific >> + id. It is a hash over device-specific information provided by various >> + sources. >> + >> endmenu >> >> menu "Debugging" >> diff --git a/common/Makefile b/common/Makefile >> index a284655fc1..10960169f9 100644 >> --- a/common/Makefile >> +++ b/common/Makefile >> @@ -11,6 +11,7 @@ obj-y += bootsource.o >> obj-$(CONFIG_ELF) += elf.o >> obj-y += restart.o >> obj-y += poweroff.o >> +obj-$(CONFIG_MACHINE_ID) += machine_id.o >> obj-$(CONFIG_AUTO_COMPLETE) += complete.o >> obj-y += version.o >> obj-$(CONFIG_BAREBOX_UPDATE) += bbu.o >> diff --git a/common/machine_id.c b/common/machine_id.c >> new file mode 100644 >> index 0000000000..54c1820086 >> --- /dev/null >> +++ b/common/machine_id.c >> @@ -0,0 +1,65 @@ >> +/* SPDX-License-Identifier: GPL-2.0 */ >> +/* >> + * Copyright (C) 2019 Pengutronix, Bastian Krause <kernel@xxxxxxxxxxxxxx> >> + */ >> + >> +#define pr_fmt(fmt) "machine-id: " fmt >> + >> +#include <common.h> >> +#include <init.h> >> +#include <digest.h> >> +#include <globalvar.h> >> +#include <crypto/sha.h> >> +#include <machine_id.h> >> + >> +#define MACHINE_ID_LENGTH 32 >> + >> +static void *__machine_id_hashable; >> +static size_t __machine_id_hashable_length; >> + >> + >> +void machine_id_set_hashable(void *hashable, size_t len) >> +{ >> + __machine_id_hashable = hashable; >> + __machine_id_hashable_length = len; >> +} >> + >> +static int machine_id_set_bootarg(void) >> +{ >> + struct digest *digest = NULL; >> + unsigned char machine_id[SHA1_DIGEST_SIZE]; >> + char *hex_id; >> + int ret = 0; >> + >> + if (!__machine_id_hashable) { >> + pr_warn("No hashable set, will not pass id to kernel\n"); >> + goto out; >> + } >> + >> + hex_id = "systemd.machine_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; >> + >> + digest = digest_alloc_by_algo(HASH_ALGO_SHA1); >> + ret = digest_init(digest); >> + if (ret) >> + goto out; >> + >> + ret = digest_update(digest, &__machine_id_hashable, >> + __machine_id_hashable_length); >> + if (ret) >> + goto out; >> + >> + ret = digest_final(digest, machine_id); >> + if (ret) >> + goto out; >> + >> + /* use the first 16 bytes of the sha1 hash as the machine-id */ >> + bin2hex(&hex_id[19], &machine_id[0], MACHINE_ID_LENGTH/2); >> + >> + globalvar_add_simple("linux.bootargs.machine_id", &hex_id[0]); >> + >> +out: >> + digest_free(digest); >> + return ret; >> + >> +} >> +late_initcall(machine_id_set_bootarg); >> diff --git a/include/machine_id.h b/include/machine_id.h >> new file mode 100644 >> index 0000000000..e4a9dacd4d >> --- /dev/null >> +++ b/include/machine_id.h >> @@ -0,0 +1,6 @@ >> +#ifndef __MACHINE_ID_H__ >> +#define __MACHINE_ID_H__ >> + >> +void machine_id_set_hashable(void *hashable, size_t len); >> + >> +#endif /* __MACHINE_ID_H__ */ >> -- >> 2.20.1 >> >> >> _______________________________________________ >> barebox mailing list >> barebox@xxxxxxxxxxxxxxxxxxx >> http://lists.infradead.org/mailman/listinfo/barebox >> > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox