0

For licensing purposes our application (running on CentOS) uses the output of dmidecode to generate a system ID. Recently, with more of our customers using the software in virtual machines, we are facing the issue that minor updates of the virtualization environment (e.g. security patches, minor versions updates of ESXi or Xen) cause the dmidecode output to change which leads to a new system ID and our software thinking that it hasn't been licensed yet.

I've done quite a bit of research but couldn't find much solid information about how version updates - or sometimes even just security patches - in Xen, ESXi, Hyper-V, etc. result in changes in the DMI table.

Any help here would be much appreciated.

cde.netavis.net
  • 1
  • 1
    The system generates its own [unique ID](https://www.freedesktop.org/software/systemd/man/machine-id.html) at installation which is static for the life of the system. It is accessible in `/etc/machine-id`. Why aren't you just using that? – Michael Hampton Jun 16 '20 at 14:13
  • Thanks for the hint, I wasn't aware of that machine-id. Reading up on it my understanding is that users with root access (which some of our customers have) could easily manipulate it which would enable them to re-use a license on multiple VMs. Of course someone could also do this with dmi information but that's more complex than copy-pasting a simple file. – cde.netavis.net Jun 17 '20 at 07:42
  • 1
    The question p much is how much pain are you willing to put your customers through vs. how reliable should it be. You can use certain machine-/hardware-related IDs together with the machine ID(like MAC/IP, that removes the possibility for same-network reusage) but apart from that.. If people create a clone of a VM there's p much nothing you as DRM-writer can do about it apart from making your paying customer's lives worse. – Izzy Jun 17 '20 at 15:06
  • 1
    Like everyone else who has come before you who has tried to implement a licensing system, you will have to accept that some small number of people will try to find a technological way to bypass it. Trying to close every possible hole is just going to waste a lot of your development time, inconvenience your paying customers, and negatively impact their opinion of your product. Someone who is absolutely determined to pirate your stuff is going to find a way to do it. If you're going to do licensing at all, you have to find a balance. – Michael Hampton Jun 17 '20 at 17:13
  • Thanks a lot for the additional comments, this certainly a traditional trade-off question. I'll discuss our findings internally but maybe we'll end up going with a combination of the machine-id together MAC address or some such hardware ID. – cde.netavis.net Jun 19 '20 at 11:31

0 Answers0