Designing a Hardware-Bound License Server for Embedded Linux Devices (Part 1: Server Architecture)

This post walks through the server-side architecture of a licensing system we built for ARM64 embedded Linux devices that uses TPM 2.0 chips as hardware trust anchors. The system issues licenses that are cryptographically bound to a specific physical device — no network connection between the device and the server required, ever. The Problem Our client ships embedded Linux devices into environments where: Devices operate fully offline — no cloud callbacks possible License enforcement must survive firmware updates and reboots Cloning a disk image to another board must not clone the license Different customers need different feature sets on identical hardware An admin (not the device) manages the entire license lifecycle Traditional approaches fall short here. Online license checks are impossible. MAC-address binding is trivially spoofed. File-based licenses without hardware binding can be copied between boards. Three-Phase Architecture The system is split into three completely independe