[Soekris] Tying installation to the hardware
chuck+soekris at 2003.snew.com
Tue Feb 18 00:02:22 UTC 2003
First recourse is license.
FreeBSD has the "do what you will" license.
But your collection of that build/setup of may be copyrighted by you.
(not the code, just your collection and arrangement).
This is what OpenBSD does with their distro CDs (it prevents
folks from just putting up the ISO for download - it's illegal;
folks MAY build their own ISO and put it up, but it's easier
to use the project's).
With no license of yours on it, you have no recourse at all.
You COULD do the dallas ibutton type thing, you could do Mac
address locking (yet, one can change mac addresses in software,
but that's after the boot). You can do BOTH. You can
have it "phone home" occasionally with Mac and IP addresses
(an nsupdate to a TXT record with the MAC would cover it).
I hate "phone-homes", it's here for thoroughness.
You can burn to a prom, not a flash card, and stuff it on
the mini-PCI with a unique ID on the card.
You can weld shut the case, perhaps superglue in the flash card.
(hard to copy when you can't get it out).
You could get so many 4501's that the price of buying one
from Soren and a flash card that matches and doing the work
isn't worth the effort.
I tend towards the last: Make it so that it's just easier and
more effort to do the Right Thing.
While I'm an Open Source advocate (it's my license plate even),
people also need to realize that if they want to use a non-free
tool, that stealing it has consequences. One consequence is that
folks are a little apprehensive about sending licensed software to
countries that rampantly steal.
I disagree with it, but I understand where the desire for remotely
disabling software comes from.
Quoting Charlie Younghusband (cwy at xiphos.ca):
> I was curious if anyone has suggestions as to how one might tie an
> installation of the OS to the 4501 hardware platform itself. We?re selling
> a value-added, proprietary derivative of FreeBSD such that we?d like to
> ensure that clients do not simply buy more 4501s directly and then duplicate
> the flash cards. (In particular since some are being shipped to Africa &
> Asia where such practice is fairly common if it?s easy enough to do). We
> had thoughts of creating a separate encrypted file for each box we ship
> based on a MAC address or ideally a processor serial number and then force
> check of this file each boot up.
> Suggestions? MAC addresses for some chipsets I believe are changeable, I
> don?t know about a processor ID exists; perhaps something in the BIOS with
> system call access? Perhaps there is a simply and cheap PCI or min-PCI
> dongle we could use?
More information about the Soekris-tech