From: Bastian Krause <bst@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Bastian Krause <bst@pengutronix.de>
Subject: [PATCH 2/3] common: machine_id: introduce machine id generation and pass id on
Date: Tue, 16 Jul 2019 12:58:36 +0200 [thread overview]
Message-ID: <20190716105837.18237-2-bst@pengutronix.de> (raw)
In-Reply-To: <20190716105837.18237-1-bst@pengutronix.de>
By default systemd generates a machine id on first boot and tries to
persist it (see `man machine-id`). When the root file system is read-only
systemd cannot persist the machine id. In case multiple redundant slots
are used the machine id will vary. When not handled explicitly the
machine id will also change during updates.
It is possible to pass a machine id to the kernel which will be used by
systemd (systemd.machine_id=).
This adds functionality to pass device-specific information that will be
hashed to generate a persistent unique machine id. The machine id will
be finally added to the kernel parameters via the
linux.bootargs.machine_id global variable.
Note: if multiple sources provide hashable device-specific information
(via machine_id_set_hashable()) the information provided by the last call
prior to the late initcall set_machine_id() is used to generate the
machine id from. Thus when updating barebox the machine id might change.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
common/Kconfig | 11 ++++++++
common/Makefile | 1 +
common/machine_id.c | 65 ++++++++++++++++++++++++++++++++++++++++++++
include/machine_id.h | 6 ++++
4 files changed, 83 insertions(+)
create mode 100644 common/machine_id.c
create mode 100644 include/machine_id.h
diff --git a/common/Kconfig b/common/Kconfig
index 8aad5baecd..4b2d79350d 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -982,6 +982,17 @@ config RESET_SOURCE
of the reset and why the bootloader is currently running. It can be
useful for any kind of system recovery or repair.
+config MACHINE_ID
+ bool "pass machine-id to kernel"
+ depends on FLEXIBLE_BOOTARGS
+ select DIGEST
+ select DIGEST_SHA1_GENERIC
+ help
+ Sets the linux.bootargs.machine_id global variable with a value of
+ systemd.machine_id=UID. The UID is a persistent device-specific
+ id. It is a hash over device-specific information provided by various
+ sources.
+
endmenu
menu "Debugging"
diff --git a/common/Makefile b/common/Makefile
index a284655fc1..10960169f9 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -11,6 +11,7 @@ obj-y += bootsource.o
obj-$(CONFIG_ELF) += elf.o
obj-y += restart.o
obj-y += poweroff.o
+obj-$(CONFIG_MACHINE_ID) += machine_id.o
obj-$(CONFIG_AUTO_COMPLETE) += complete.o
obj-y += version.o
obj-$(CONFIG_BAREBOX_UPDATE) += bbu.o
diff --git a/common/machine_id.c b/common/machine_id.c
new file mode 100644
index 0000000000..54c1820086
--- /dev/null
+++ b/common/machine_id.c
@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2019 Pengutronix, Bastian Krause <kernel@pengutronix.de>
+ */
+
+#define pr_fmt(fmt) "machine-id: " fmt
+
+#include <common.h>
+#include <init.h>
+#include <digest.h>
+#include <globalvar.h>
+#include <crypto/sha.h>
+#include <machine_id.h>
+
+#define MACHINE_ID_LENGTH 32
+
+static void *__machine_id_hashable;
+static size_t __machine_id_hashable_length;
+
+
+void machine_id_set_hashable(void *hashable, size_t len)
+{
+ __machine_id_hashable = hashable;
+ __machine_id_hashable_length = len;
+}
+
+static int machine_id_set_bootarg(void)
+{
+ struct digest *digest = NULL;
+ unsigned char machine_id[SHA1_DIGEST_SIZE];
+ char *hex_id;
+ int ret = 0;
+
+ if (!__machine_id_hashable) {
+ pr_warn("No hashable set, will not pass id to kernel\n");
+ goto out;
+ }
+
+ hex_id = "systemd.machine_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
+
+ digest = digest_alloc_by_algo(HASH_ALGO_SHA1);
+ ret = digest_init(digest);
+ if (ret)
+ goto out;
+
+ ret = digest_update(digest, &__machine_id_hashable,
+ __machine_id_hashable_length);
+ if (ret)
+ goto out;
+
+ ret = digest_final(digest, machine_id);
+ if (ret)
+ goto out;
+
+ /* use the first 16 bytes of the sha1 hash as the machine-id */
+ bin2hex(&hex_id[19], &machine_id[0], MACHINE_ID_LENGTH/2);
+
+ globalvar_add_simple("linux.bootargs.machine_id", &hex_id[0]);
+
+out:
+ digest_free(digest);
+ return ret;
+
+}
+late_initcall(machine_id_set_bootarg);
diff --git a/include/machine_id.h b/include/machine_id.h
new file mode 100644
index 0000000000..e4a9dacd4d
--- /dev/null
+++ b/include/machine_id.h
@@ -0,0 +1,6 @@
+#ifndef __MACHINE_ID_H__
+#define __MACHINE_ID_H__
+
+void machine_id_set_hashable(void *hashable, size_t len);
+
+#endif /* __MACHINE_ID_H__ */
--
2.20.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2019-07-16 10:58 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 10:58 [PATCH 1/3] digest.h: needs errno definitions Bastian Krause
2019-07-16 10:58 ` Bastian Krause [this message]
2019-07-17 9:48 ` [PATCH 2/3] common: machine_id: introduce machine id generation and pass id on Sascha Hauer
2019-07-17 9:58 ` Bastian Krause
2019-07-17 10:31 ` Sascha Hauer
2019-07-17 10:34 ` Bastian Krause
2019-07-17 9:53 ` Ahmad Fatoum
2019-07-17 10:02 ` Roland Hieber
2019-07-17 10:31 ` Ahmad Fatoum
2019-07-17 14:02 ` Bastian Krause
2019-07-17 14:18 ` Sascha Hauer
2019-07-16 10:58 ` [PATCH 3/3] nvmem: ocotp: set unique id as machine-id hashable Bastian Krause
2019-07-17 9:50 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190716105837.18237-2-bst@pengutronix.de \
--to=bst@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox