Linux Hardware Device Identification and Management

Linux Hardware Device Identification and Management

Hardware Device Detection Process

• When a hardware device, such as a USB disk, is connected to a Linux system, a corresponding device driver detects the connection.
• This device driver is part of the kernel space.
• Upon detection, the driver generates an event known as a u event.
• The u event is then sent to the user space device manager daemon, which is called udev.
• The udev service is responsible for dynamically creating a device node within the /dev file system, associating it with the newly attached drive.
• Once this process is complete, the newly attached disk becomes visible and accessible under the /dev directory.

Command Line Tools for Hardware Information

dmesg

• Purpose: Displays messages logged by the kernel, stored in an area called the ring buffer.
• Functionality: When the Linux operating system boots up, the kernel generates numerous messages, including logs from detected hardware devices. These messages indicate whether the kernel successfully configured the devices.
• Usage: The output of dmesg can be piped to less for paginated viewing (e.g., dmesg | less) or filtered using grep to search for specific keywords (e.g., dmesg | grep usb).

udevadm

• Purpose: A management utility for the udev daemon.
• udevadm info: Queries the udev database for detailed information about specific devices (e.g., udevadm info /dev/sda).
• udevadm monitor: Listens for u events generated by the kernel. When an event is detected, it prints details such as the device path and device name to the screen. This command is particularly useful for observing event details when a device is newly attached or removed (e.g., removing a USB mouse).

lspci

• Purpose: Stands for "list PCI" (Peripheral Component Interconnect).
• Functionality: Displays information about all PCI devices configured in the system.
• Examples of PCI devices: Ethernet cards, RAID controllers, video cards, and wireless adapters, which directly attach to PCI slots on the computer's motherboard.

lsblk

• Purpose: Stands for "list block devices."
• Functionality: Lists information about block devices connected to the system.
• Example: sda typically refers to a whole physical disk, while sda1 to sda5 represent partitions created on that disk.
  • type disk: Denotes the entire physical disk.
  • type partition: Refers to a reusable segment of disk space carved out from a physical disk.
• Major and Minor Numbers: In the command output, each device is associated with major and minor numbers, separated by a colon.
  • Major Number (left of colon): Identifies the type of device driver associated with the device. For example, the number $8$ typically refers to a block SDS (SCSI disk) device.
  • Minor Number (right of colon): Used to differentiate among devices that are similar and share the same major number. For instance, numbers $0$ to $5$ might help identify different partitions for the sda disk (e.g., sda0, sda1, etc.).
• A table of commonly used devices and their major numbers exists; a comprehensive list can be found in reference articles.

lscpu

• Purpose: Displays detailed information about the CPU architecture.
• Information Provided: Includes CPU architecture type, number of sockets, cores, threads, CPU model, vendor, and various flags.

CPU Architecture Types (32-bit vs. 64-bit Processors)

• 32-bit Processors:
  • Predominantly used until the 1990s.
  • A 32-bit CPU can address and store $2^{32}$ values in its registers.
  • Register: A small, rapidly accessible storage location on the CPU, used for loading data from memory and performing arithmetic operations.
  • Limited to addressing a maximum of $4$ Gigabytes (GB) of memory.
  • Can only run 32-bit operating systems (OS) and 32-bit software. A 64-bit OS cannot be installed on a 32-bit CPU machine.
• 64-bit Processors:
  • Can address and store $2^{64}$ values.
  • The theoretical maximum memory limit is $18$ Exabytes (EB), though this is often limited by the specific operating system in use.
  • Can run both 32-bit and 64-bit operating systems and software. While it can run 32-bit software, running the 64-bit version is generally recommended when available for optimal performance.

Interpreting lscpu Output

• CPU Architecture: Indicates whether the CPU is 32-bit or 64-bit (e.g., 64-bit).
• Sockets: Represents the physical slots on the motherboard where CPUs are inserted (e.g., $1$ socket).
• Cores per Socket: The number of processing cores within each physical CPU (e.g., $4$ cores).
• Threads per Core: The number of simultaneous threads that each core can execute (e.g., $2$ threads).
• Total CPUs (Virtual CPUs): Calculated as (Sockets $imes$ Cores $imes$ Threads). For example, $1 imes 4 imes 2 = 8$ virtual CPUs, meaning the system can run $8$ parallel threads concurrently. This value is displayed under the CPUs field in the command output.
• Other useful information includes the CPU's vendor and model.

lsmem

• Purpose: Lists available memory in the system.
• lsmem --summary: Provides a concise summary of memory, such as total online memory (e.g., $8$ GB).
• lsmem (without flags): Gives a more comprehensive output of memory details.

free

• Purpose: Displays information about total versus used memory in the system.
• Flags for output units:
  • -m: Displays results in Megabytes (MB).
  • -k: Displays results in Kilobytes (KB).
  • -g: Displays results in Gigabytes (GB).

lshw

• Purpose: A powerful tool to extract detailed information on the entire hardware configuration of the machine.
• Information Provided: Reports exact memory configuration, firmware version, mainboard configuration, CPU version and speed, cache configuration, bus speed, and more.
• Requirement for Root Privileges: lshw often produces an "incomplete or inaccurate" warning if run by a regular user. It requires root (superuser) privileges to function correctly and provide comprehensive details.

Privilege Escalation with sudo

• Necessity: Many commands in Linux require root (superuser) privileges to execute properly and access system-critical information or perform system-level modifications.
• sudo Command: Stands for "superuser do."
• Functionality: Allows a permitted user to execute a command as the root user or another specified user.
  • When a user tries to run a command with sudo, they are prompted to enter their own password, not the root password.
  • Upon successful authentication, the command is executed with root privileges.
• Access Control: System administrators can configure sudo to tightly control:
  • Which specific users are allowed to run commands as the superuser.
  • Which particular commands each of these users is permitted to execute with root privileges.
  • It also allows for logging and replaying commands that users have run with root privileges for auditing purposes.
• sudo is a critical tool for system management and security and will be covered in more detail in future sessions. Its proper use ensures that sensitive operations are performed with necessary permissions while maintaining accountability. Thus, commands like lshw are typically run as sudo lshw to get complete and accurate information.