Low-power, embedded non-volatile memory plays an important role in every RFID system. RFID tags typically hold less than 2,000 KB of data, including a unique identifier/serial number. Tags can be read-only or read-write, where data can be added by the reader or existing data overwritten.

A common RFID security or privacy concern is that RFID tag data can be read by anyone with a compatible reader. Tags can often be read after an item leaves a store or supply chain. They can also be read without a user's knowledge using unauthorized readers, and if a tag has a unique serial number, it can be associated to a consumer. While a privacy concern for individuals, in military or medical settings this can be a national security concern or life-or-death matter.

At the reader, information printed on the passport is machine-scanned and used to derive a key for the passport. There are three pieces of information used -- the passport number, the passport holder's birth date and the passport's expiration date -- along with a checksum digit for each of the three.

EEPROM: SiFive PCB EEPROM format v1Product ID: 0002 (HiFive Unmatched)PCB revision: 3BOM revision: BBOM variant: 0Serial number: SF105SZ212200304Ethernet MAC address: 70:b3:d5:92:f7:d4CRC: 1407a8ccIn: serial@10010000Out: serial@10010000Err: serial@10010000Model: SiFive HiFive Unmatched A00Net: eth0: ethernet@10090000Hit any key to stop autoboot: 0Failed to negotiate PCIe link!PHY DEBUG_R0=0x0c000202 DEBUG_R1=0x0800f702Failed to init port.

In order to support unique TFTP boot directories for each Raspberry Pi the bootloader prefixes the filenames with a device specific directory. If neither start4.elf nor start.elf are found in the prefixed directory then the prefix is cleared.On earlier models the serial number is used as the prefix, however, on Raspberry Pi 4 the MAC address is no longer generated from the serial number making it difficult to automatically create tftpboot directories on the server by inspecting DHCPDISCOVER packets. To support this the TFTP_PREFIX may be customized to either be the MAC address, a fixed value or the serial number (default).

In earlier releases the client GUID (Option97) was just the serial number repeated 4 times. By default, the new GUID format isthe concatenation of the fourcc for RPi4 (0x34695052 - little endian), the board revision (e.g. 0x00c03111) (4-bytes), the least significant 4 bytes of the mac address and the 4-byte serial number.This is intended to be unique but also provide structured information to the DHCP server, allowing Raspberry Pi 4 computers to be identified without relying upon the Ethernet MAC OUID.

This option may be set to 0 to block self-update without requiring the EEPROM configuration to be updated. This is sometimes useful when updating multiple Raspberry Pis via network boot because this option can be controlled per Raspberry Pi (e.g. via a serial number filter in config.txt).

From this point the bootcode.bin code continues to load the system. The first file it will try to access is [serial_number]/start.elf. If this does not result in an error then any other files to be read will be pre-pended with the serial_number. This is useful because it enables you to create separate directories with separate start.elf / kernels for your Raspberry Pis.To get the serial number for the device you can either try this boot mode and see what file is accessed using tcpdump / wireshark, or you can run a standard Raspberry Pi OS SD card and cat /proc/cpuinfo.

The above uses the mailbox property interface GET_BOARD_SERIAL with a request size of 8 bytes and response size of 8 bytes (sending two integers for the request 0, 0). The response to this will be two integers (0x00000020 and 0x80000000) followed by the tag code, the request length, the response length (with the 31st bit set to indicate that it is a response) then the 64-bit serial number (where the MS 32 bits are always 0).

