Mac adress and serial replicate over cloning

Sorry if I’m posting duplicate question I’ve made a short research and did not find any thing here
and I’m a bit surprise because what I’m dooing is quite simple and I was expecting someone else make the same mistake as me
I’m using the PI4 image hosted here https://d4o6e0uccgv40.cloudfront.net/2020-05-27-raspios-buster-lite-armhf/arm/2020-05-27-raspios-buster-lite-armhf-raspberrypi4-mender-2.5.0.img.xz
setting up the mender client etc
when my img is ready I whant to be able to clone it over different devices (I’ve made scripts that are generating keys and request for preauthorisation at first boot
that works well
I’ve added to mender-device-identity the use of /proc/cpu-info serial number
unfortunatly i fall in 2 issue at the same time
it looks that mac address is persistant over cloning (but I dont find the right net rule or conf file where to adjust that and it looks also that uboot (that what mender converted images are using right ?) is messing up with devtree and result is that serial is same also over cloning !!! (Why does /proc/cpuinfo always show the same serial number? (U-BOOT). - Raspberry Pi Forums ) So my different devices pre autorisations requests even with different public keys are all identified from same device
if with your help I could at least fix first mac address issue that could take me off this hole :slight_smile:
thank’s for any ideas

I dont use raspvberry-pi’s, however when using imx6 devices i normally extract serial number from the one-time programmable fuses. It looks like the pi’s have something similar that may help if at the very least to confirm if the hardware does actually have the same serial numbers burned into them.

My understanding is that the on-board proprietary firmware determines the MAC address and pokes it into the DTB before U-Boot is launched. Early on we would load the full DTB from the FAT partition but that would result in overwriting the MAC address.

I don’t know what would cause the issue in your case but hopefully the posts from @dellgreen will point you in the right direction.

Drew

I changed the mender-device-identity script to use only serial and read it directly from OTP memory
serial=$( vcgencmd otp_dump | grep "^28:" | cut -d ':' -f 2)
it looks working perfectly
may be you should consider changing it also in your raspberry demo profiles ?
thanks a lot for your help

1 Like

Nice. Thanks for digging into this. @lluiscampos do you have any thoughts on making this change?

Drew

Hi @drewmoseley and thanks for the heads-up.

After some consideration, I don’t think is a good idea for us to override the mender-device-identity for Raspberry images from mender-convert.

The main reason is that we are going to remove the Mender client from the downloadable images (see MEN-4256) so that the workflows becomes: download + install + configure + deploy (or clone, as the flow in this thread do). The “configure” step here would include writing your own identity script (using vcgencmd or anything else).

The mender-device-identity script we install is, after all, an example.

sounds good for me I’ve modded it with hooks