On Mon, 2012-09-24 at 23:07 +0200, Michał Dwużnik wrote: > > Combination of e.g. service tag, disk serial number and memory module > serials seems reasonably close to being unique and immutable.
Getting all this data into machine-readable form and onto your FAI server may well involve a lot more manual labour than typing an unique secret into each machine at install time... On the other hand, if you are performing frequent re-installs in remote locations, you may want to automatically collect the data *after* the first install (which would involve a manual key entry step) and use it subsequently or a completely automated setup. Another option which I have contemplated (but never implemented) would involve inserting a removable media (USB stick, CD, etc) into the host being installed, which contains the required unique key(s). These can be removed and locked up (or even destroyed) afterwards to prevent unauthorized access in the future. Toomas
