Xogium found today that barebox can hash the machine's serial number stored in OTP and use that as a machine-id. On our dev board it gave the machine-id '076754885259dbf35bd065fd017cc61a', but I wanted to make sure it was actually working. So here's a bit of junk to know:
You can read raw memory in Barebox, so to read OTP do this:
This is fairly simple, so here's a quick shell one-liner to help you do it:
$ function md_otp() { printf 'md -l 0x%X-0x%X\n' $((0x5C005200 + $(($1 * 4)))) $((0x5C005200 + $(($2 * 4)))); } $ md_otp 13 15 -> md -l 0x5C005234-0x5C00523C barebox:/ md -l 0x5C005234-0x5C00523C 5c005234: 00450031 31395103 31373338 1.E..Q918
As we can see there we've read OTP words 13, 14, 15 which are 0x00450031, 0x31395103, 0x31373338
You can find a list of available words in section 4 of the STM32MP1 reference manual (DM00327659)
Our OTP is basically unset aside from the 96-bit unique ID and temperature sensor calibrations.
Anyway, using can take our OTP and turn it in to a machine-id with these steps:
00450031, 31395103, 31373338
31004500, 03513931, 38333731
31 00 45 00 03 51 39 31 38 33 37 31
076754885259dbf35bd065fd017cc61a7ee2b388
076754885259dbf35bd065fd017cc61a
Alternatively, use this python3 script with the 3 hex words as arguments:
#!/usr/bin/env python3 # SPDX-License-Identifier: CC0 # Copyright 2020 Jookia # Usage: # barebox:/ md -l 0x5C005234-0x5C00523C # -> 5c005234: 00450031 31395103 31373338 1.E..Q918 # bash$ python3 ./this-script.py 00450031 31395103 31373338 # -> 076754885259dbf35bd065fd017cc61a import struct import hashlib import sys otp_words = bytearray.fromhex("%s %s %s" % (sys.argv[1], sys.argv[2], sys.argv[3])) ordered_bytes = bytearray() for w in struct.unpack(">3L", otp_words): ordered_bytes += w.to_bytes(4, 'little') print(hashlib.sha1(ordered_bytes).hexdigest()[0:32])
This was fixed a while back using the method above.
Currently machine-id is generated at build time. This is fine for development, but it's getting annoying for a few reasons:
https://www.freedesktop.org/software/systemd/man/machine-id.html
There's a few places we could put it:
Ideally a machine-id should be unique to the machine, not the installed OS