CPU ID和序列号背后的那些事

原创
2022/02/09 14:20
阅读数 0


最近测试反馈了一个问题,每次重启服务器,我们某个版本的业务系统中的机器码都会改变,导致根据机器码算出来的许可证失效,从而使软件无法使用。

这个问题反馈了有一段时间了,但是本地一直没复现。然后前几天测试说又复现了,马上去看了下测试环境,服务器是一台国产化FT S2500服务器,验证了下,果然如此,马上去看了下关键代码。

public static String executeLinuxCmd(int type) {        try {            String cmd = "dmidecode |grep 'Serial Number'";            if (type == 1) {                cmd = "fdisk -l";            }            //...        } catch (IOException e) {//        }        return null;    }        public static String getSerialNumber(int typeString record, String symbol) {            String execResult = executeLinuxCmd(type);            String[] infos = execResult.split("\n");            for (String info : infos) {                info = info.trim();                if (info.indexOf(record) != -1) {                    String[] sn = info.replace(" ", "").split(symbol);                    return sn[1];                }            }       //...        }              /**     * 获取CPUID、硬盘序列号、MAC地址、主板序列号     *     * @return     */    public static Map<String, String> getAllSn() {        String os = System.getProperty("os.name");        Map<String, String> snVo = new HashMap();        if ("LINUX".equalsIgnoreCase(os)) {            String mainboardNumber = getSerialNumber(0, "Serial Number", ":");            String diskNumber = getSerialNumber(1, "Disk identifier", ":");            snVo.put("diskid", diskNumber == null ? "tmpDiskId" : diskNumber.toUpperCase().replace(" ", ""));            snVo.put("mainboard", mainboardNumber == null ? "tmpMainboard" : mainboardNumber.toUpperCase().replace(" ", ""));        } else {

咦,这位老兄的代码很粗狂。


这下明白了,它是取的CPU序列号作为source,然后经过各种包装后整成系统里在用的机器码。dmidecode的输出中有多个Serial Number,它只取了第一个,恰恰就是Processor Information,也就是我们常说的CPU序列号。

Handle 0x0001, DMI type 4, 48 bytesProcessor Information        Socket Designation: CPU0        Type: Central Processor        Family: ARMv8        Manufacturer: Phytium        ID: 33 66 1F 70 00 00 00 00        Signature: Implementor 0x70, Variant 0x1, Architecture 15, Part 0x663, Revision 3        Version: S2500        Voltage: 0.8 V        External Clock: 100 MHz        Max Speed: 2100 MHz        Current Speed: 2100 MHz        Status: Populated, Enabled        Upgrade: Unknown        L1 Cache Handle: 0x1001        L2 Cache Handle: 0x1002        L3 Cache Handle: 0x1003        Serial Number: A5F9B8AD-E023-7E89-CF01-4717766ADE55        Asset Tag: 9EEC0F77-D6DB-EE11-4788-C0AA5670B445        Part Number: ABD15C33-35D3-1659-BFAF-AD67F87235C9        Core Count: 64        Core Enabled: 64        Thread Count: 64        Characteristics:                64-bit capable                Multi-Core                Execute Protection                Enhanced Virtualization                Power/Performance Control


这么做是不可取的。

其实CPU曾经支持过序列号功能,但是被人指责侵犯隐私,所以现在的规范中,CPU完全没有所谓的序列号。

这段历史是这样的,Intel在奔腾3中短暂的引入过这个功能,但是后来很快就移除了。

EAX=3: Processor Serial Number
See also:  Pentium III § Controversy about privacy issues
This returns the processor's serial number. The processor serial number was introduced on Intel Pentium III, but due to privacy concerns, this feature is no longer implemented on later models (PSN feature bit is always cleared). Transmeta's Efficeon and Crusoe processors also provide this feature. AMD CPUs however, do not implement this feature in any CPU models.
For Intel Pentium III CPUs, the serial number is returned in EDX:ECX registers. For Transmeta Efficeon CPUs, it is returned in EBX:EAX registers. And for Transmeta Crusoe CPUs, it is returned in EBX register only.
Note that the processor serial number feature must be enabled in the BIOS setting in order to function.
refer:https://en.wikipedia.org/wiki/Pentium_III#Controversy_about_privacy_issues


所以,我们不应该使用CPU Serial Number来作为设备唯一性判断,而应该使用CPU ID来判断。是这样的吗?


1

Windows下获取CPU ID


如果是windows系统,根据MSDN文档:http://msdn.microsoft.com/en-us/library/aa394373(v=vs.85).aspx

ProcessorIdData type: stringAccess type: Read-onlyProcessor information that describes the processor features. For an x86 class CPU, the field format depends on the processor support of the CPUID instruction. If the instruction is supported, the property contains 2 (two) DWORD formatted values. The first is an offset of 08h-0Bh, which is the EAX value that a CPUID instruction returns with input EAX set to 1. The second is an offset of 0Ch-0Fh, which is the EDX value that the instruction returns. Only the first two bytes of the property are significant and contain the contents of the DX register at CPU resetall others are set to 0 (zero), and the contents are in DWORD format."


可以用如下代码获取CPU ID

#include "stdafx.h"#include<iostream> int main(){     int32_t deBuf[4];    __cpuidex(deBuf, 01, 0);    printf("%.8x%.8x", deBuf[3], deBuf[0]);    getchar();    return 0;}

本地没有msvc编译环境,就不做测试了。


2

linux x86/amd64获取CPU ID


在Linux上呢,我们可以用C内联汇编来实现

#include <stdio.h>static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,                                unsigned int *ecx, unsigned int *edx){        /* ecx is often an input as well as an output. */        asm volatile("cpuid"            : "=a" (*eax),              "=b" (*ebx),              "=c" (*ecx),              "=d" (*edx)            : "0" (*eax), "2" (*ecx));}
int main(int argc, char **argv){ unsigned eax, ebx, ecx, edx;
eax = 1; /* processor info and feature bits */ native_cpuid(&eax, &ebx, &ecx, &edx);
printf("stepping %d\n", eax & 0xF); printf("model %d\n", (eax >> 4) & 0xF); printf("family %d\n", (eax >> 8) & 0xF); printf("processor type %d\n", (eax >> 12) & 0x3); printf("extended model %d\n", (eax >> 16) & 0xF); printf("extended family %d\n", (eax >> 20) & 0xFF);
/* EDIT */ eax = 3; /* processor serial number */ native_cpuid(&eax, &ebx, &ecx, &edx);
/** see the CPUID Wikipedia article on which models return the serial number in which registers. The example here is for Pentium III */  printf("serial number 0x%08x%08x\n", edx, ecx);

native_cpuid这段代码来自linux kernel里的源码,其实gcc里有cpuid.h这个文件,它封装了ASM代码,直接引入即可。


看下运行结果:

如图所示,eax, ebx, ecx, edx这四个寄存器对应的内容就是cpu id


可以看到,尝试获取cpu serial number是获取不到的。dmidecode的输出中,Serial Number一项也是Not Specified。


3

aarch64下获取CPU ID

我们现在的服务器是国产化飞腾2500服务器,采用的是aarch64架构,CPU架构不一样,就不能用同样的ASM汇编了,找了下ARM官方文档,https://developer.arm.com/documentation/ddi0500/d/system-control/aarch64-register-descriptions/main-id-register--el1?lang=en,参考CPU架构,可以从MIDR_EL1寄存器获取

#include <stdio.h>
int main(int argc, char **argv){ unsigned long arm_cpuid; __asm__("mrs %0, MIDR_EL1" : "=r"(arm_cpuid)); printf("%-20s: 0x%016lx\n", "MIDR_EL1=", arm_cpuid);}


输出如下

[root@master98 ch]# gcc cpu.c -o cpu[root@master98 ch]# ./cpuMIDR_EL1=           : 0x00000000701f6633

运行结果如图所示:


正好与dmidecode中的ID对应。经过测试,重启后cpuid是不会改变的。


4

CPU ID or Serial Number?


我们在Java代码里采用的是Serial Number,这里一直说的是CPU ID,这俩东西到底是不是同一个事呢?

结论是:
1.CPU Serial Number是一个Embedded 96-bit code during chip fabrication,但废弃标准,不应该使用,而应该使用CPU ID来判断。


2.因为涉及隐私问题(Serial Number is Readable by networks & applications),现在的服务器架构已经不支持CPU Serial Number的获取了,用dmidecode获取到的Serial Number不保证有值的。


3.CPU ID包含的是CPU架构的一些信息,更接近条形码的概念,并不是唯一身份标识,不保证唯一性。


4.dmidecode在国产服务器架构下获取到的CPU Serial Number,其实又叫PSN(Processor Serial Number)。之所以国产化服务器能拿到PSN,是因为国产服务器是aarch64架构,并且是自主化研发,并没有遵循Intel的规范。另外同为国产化服务器,不同的厂家实现也不一样,有的重启即变,有的并不会变化。关于PSN的开启,应该是可以在BIOS里配置。其实,PSN should NOT exist at all。为什么国产服务器还保留PSN,就不做过多展开了。有兴趣的可以自行阅读PSN相关文档


最后,修改很简单,如果使用场景不严格,可以使用CPU ID,或者System Information中的UUID即可,两者都能保证重启不变,但System Information中的UUID能保证唯一性,而CPU ID不能 。

本文分享自微信公众号 - 互联网活化石(netfossil)。
如有侵权,请联系 support@oschina.cn 删除。
本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一起分享。

展开阅读全文
加载中
点击引领话题📣 发布并加入讨论🔥
0 评论
0 收藏
0
分享
返回顶部
顶部