• Uncategorized

About linux : How-to-retrieve-a-unique-signature-of-the-OS-installed

Question Detail

I would like to get a footprint of my operating system + hardware installed. I have several RaspberryPi that are connected to a MQTT broker. The topic of each system should have a unique header:

mypi/da39a3ee5e6b4b0d3255bfef95601890afd80709/kitchen/light

How could I get a shasum or equivalent of my hardware + operating system.

A naive approach is this one

$ ifconfig -a eth0 | egrep -o '([0-9a-f]{2}:){5}[0-9a-f]{2}' | shasum

But using the MAC address is perhaps too naive.

Ideally I would like the hash to change if the hardware is physically different. In the case of a Raspberry, the hash will change is I change my raspberry.

After a second though I am not use it is worth including the operating system in the HASH. If I update my Kernel, the hash should be the same.

Question Answer

How could I get a shasum or equivalent of my hardware + operating system.

You don’t define what that means:

Should that hash change if you add some RAM, or some SD card, or some USB device, in your system?

Should that hash change if you replace the hardware by some identical one (e.g. one RaspberryPi burned, and you replace it with another one with the same SD card)? Or by a similar hardware faking to be the original one?

Should that hash change if you (or some adversary) make a minor upgrade of your OS kernel, or if you add some additional package or program in your system?

Should that hash change if you make some minor configuration (e.g. change some configuration file under /etc/, assuming some Linux-like system)?

Notice that on many systems, you can change the MAC address by some software tricks (I don’t know if that applies to your RaspberryPi).

So I think that there is no failproof solution to your question.

(in other words, with enough efforts and skills, you can always fake some existing system; you might want that to be difficult enough to be not worth the effort, but that makes a different question; is your typical adversary as powerful as the NSA, or do you just care about a teenager hacker?).

BTW /proc/cpuinfo (see proc(5)) could change with a kernel upgrade, and can be faked quite simply (to stay the same) by some kernel patch even after a hardware change.

Read about trusted computing base.

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.