firmware-open icon indicating copy to clipboard operation
firmware-open copied to clipboard
verified publisher icon system76

Support for /sys/class/dmi/id/product_uuid

Open iansltx opened this issue 4 years ago • 16 comments

Trying to use osquery (as part of Vanta Agent) and they need this file to exist and be populated. With open firmware, the file doesn't exist at this point, and the machine in question doesn't seem to have a proprietary firmware equivalent to work with (lemp10).

Happy to hack on this, but not sure where to start.

iansltx avatar Dec 29 '21 21:12 iansltx

Why? What does Vanta use the UUID for?

Set by smbios_system_set_uuid() in coreboot.

crawfxrd avatar Dec 29 '21 22:12 crawfxrd

Unique device ID for asset management, more or less. Standard compliance stuff.

iansltx avatar Dec 29 '21 22:12 iansltx

Same problem, different vendor (also using coreboot), slightly different application: https://forums.puri.sm/t/coreboot-populating-sys-class-dmi-id-product-uuid/7506

iansltx avatar Dec 30 '21 18:12 iansltx

Apologies for bumping this without much info, but looks like we can't use a kernel module to get around this, and I'm getting flak on allowing new hires to spec System76 machines until this gets fixed, as anything they pick is likely Open Firmware only at this point and other vendors' firmware includes the entry :/

iansltx avatar Feb 03 '22 03:02 iansltx

This might or might not be a related issue:

https://github.com/acidanthera/bugtracker/issues/711

Seems this might be a buikd issue?

Same issue from corporate. If we can't track it.

frankk74 avatar Feb 22 '22 21:02 frankk74

3mdeb's solution for Dasharo: https://review.coreboot.org/c/coreboot/+/64639

crawfxrd avatar Jun 08 '22 16:06 crawfxrd

Any way the solution above is applicable to original problem? Having the exact same issue -- trying to activate Vanta Agent on Lemur Pro (lemp11)

antonshmakov avatar Aug 12 '22 18:08 antonshmakov

Also having this issue on brand new Gazelle

colinbird avatar Aug 19 '22 10:08 colinbird

same issue here with the gazelle and vanta

allan-simon avatar Jan 31 '23 17:01 allan-simon

seems it's about implementing the method smbios_system_set_uuid in https://github.com/system76/coreboot/

with something like

void smbios_system_set_uuid(u8 *uuid)
{
    memcpy(uuid,  UUID_DEFINED_BY_A_COMPILER_CONSTANT, 16);
}

allan-simon avatar Jan 31 '23 18:01 allan-simon

Having a similar issue on an oryx pro 10 as well.

scottbisker avatar Feb 06 '23 16:02 scottbisker

Just ran into this as well attempting to install the Vanta agent on Oryx Pro.

fetherolfjd avatar May 01 '23 16:05 fetherolfjd

https://github.com/system76/coreboot/pull/182 will enable support for reading it from a CBFS file. firmware-update will then need to be updated to either copy it from the current firmware, or generate it if it doesn't exist, and then inject it into the new firmware image before flashing it.

crawfxrd avatar Jun 27 '23 23:06 crawfxrd

This is blocking me from using a system76 laptop with the Vanta agent, needed for hipaa/sox compliance. Makes it impossible to use them for corporate/startup activities

tupshin avatar Oct 03 '24 15:10 tupshin

FWIW it's entirely possible to have an alternative remediation to "our systems all check into Vanta" and still be compliant. We got SOC2 Type II, via Vanta, with multiple System76 boxes, this way. You just have to document your controls. Same with HIPPA (disclosures apply that IANAL but Vanta should tell you the same thing).

iansltx avatar Oct 03 '24 16:10 iansltx