-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for /sys/class/dmi/id/product_uuid #268
Comments
Why? What does Vanta use the UUID for? Set by |
Unique device ID for asset management, more or less. Standard compliance stuff. |
Same problem, different vendor (also using coreboot), slightly different application: https://forums.puri.sm/t/coreboot-populating-sys-class-dmi-id-product-uuid/7506 |
Apologies for bumping this without much info, but looks like we can't use a kernel module to get around this, and I'm getting flak on allowing new hires to spec System76 machines until this gets fixed, as anything they pick is likely Open Firmware only at this point and other vendors' firmware includes the entry :/ |
This might or might not be a related issue: Seems this might be a buikd issue? Same issue from corporate. If we can't track it. |
3mdeb's solution for Dasharo: https://review.coreboot.org/c/coreboot/+/64639 |
Any way the solution above is applicable to original problem? Having the exact same issue -- trying to activate Vanta Agent on Lemur Pro (lemp11) |
Also having this issue on brand new Gazelle |
same issue here with the gazelle and vanta |
seems it's about implementing the method with something like
|
Having a similar issue on an oryx pro 10 as well. |
Just ran into this as well attempting to install the Vanta agent on Oryx Pro. |
system76/coreboot#182 will enable support for reading it from a CBFS file. firmware-update will then need to be updated to either copy it from the current firmware, or generate it if it doesn't exist, and then inject it into the new firmware image before flashing it. |
This is blocking me from using a system76 laptop with the Vanta agent, needed for hipaa/sox compliance. Makes it impossible to use them for corporate/startup activities |
FWIW it's entirely possible to have an alternative remediation to "our systems all check into Vanta" and still be compliant. We got SOC2 Type II, via Vanta, with multiple System76 boxes, this way. You just have to document your controls. Same with HIPPA (disclosures apply that IANAL but Vanta should tell you the same thing). |
Trying to use osquery (as part of Vanta Agent) and they need this file to exist and be populated. With open firmware, the file doesn't exist at this point, and the machine in question doesn't seem to have a proprietary firmware equivalent to work with (lemp10).
Happy to hack on this, but not sure where to start.
The text was updated successfully, but these errors were encountered: