Re: [PATCH] firmware: dmi: Don't restrict access to serial number / UUID

From: Lennart Poettering
Date: Mon Jun 12 2023 - 07:52:20 EST

Next message: kirill.shutemov@xxxxxxxxxxxxxxx: "Re: [PATCH v11 18/20] x86: Handle TDX erratum to reset TDX private memory during kexec() and reboot"
Previous message: Konrad Dybcio: "Re: [PATCH 2/2] clk: qcom: gcc-msm8996: Use read-only RCG ops for RPM bus clocks"
In reply to: Greg Kroah-Hartman: "Re: [PATCH] firmware: dmi: Don't restrict access to serial number / UUID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mo, 12.06.23 09:59, Jonathan McDowell (noodles@xxxxxxxx) wrote:

> The /sys/devices/virtual/dmi/id/*_serial + product_uuid files are
> currently only readable by root. There's no clear rationale for this;
> Windows + OS X both allow regular users to access the information, so
> there appears to be no expectation on the manufacturer side that it
> should be kept secret.
>
> Having the information easily available helps with automated tools that
> collect system information for the purposes of fault diagnosis/tracking
> without requiring the tools have root access.
>
> (I've tried to look for context on the initial patch submission about
> why these were root-only but didn't find any; hopefully Lennart or Kay
> can provide details if I'm missing something.)

When I originally added this in 2007 the intel cpuid serial numbers
kerfuffle wasn't ancient history yet, i.e. see:

https://en.wikipedia.org/wiki/Pentium_III#Controversy_about_privacy_issues

So we wanted to ensure that potentially identifying hw information
would not leak to unprivileged code just like that so easily, hence
restricting this was the easy way out.

We subsequently came up with the /etc/machine-id concept, i.e. a
*user* controlled ID value people can use instead. And for VMs we then
added logic so that the VM supplied UUID can be propagated into that
(under the assumption that the VM supplied UUID is under user control
anyway).

To my knowledge on ChromeOS the /etc/machine-id concept isn't much
liked either, they'd rather have *no* identifiable info available to
unpriv code instead of just user controllable ids... (i remember some
conversations with chromeos people back in the day about this.) if you
open up the DMI serial numbers like this you might not make yourself
many friends in that camp...

One might argue that there's always some identifiable hw info available
for apps to use, or that apps should run in sandboxes that make this
impossible, but that's cheap of course…

Lennart

--
Lennart Poettering, Berlin

Next message: kirill.shutemov@xxxxxxxxxxxxxxx: "Re: [PATCH v11 18/20] x86: Handle TDX erratum to reset TDX private memory during kexec() and reboot"
Previous message: Konrad Dybcio: "Re: [PATCH 2/2] clk: qcom: gcc-msm8996: Use read-only RCG ops for RPM bus clocks"
In reply to: Greg Kroah-Hartman: "Re: [PATCH] firmware: dmi: Don't restrict access to serial number / UUID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]