Are you aware that the newer Xeons, and only the Xeons, have such an serial number facility available?
Control over this processor identification facility is supposed to be offered as a user-accessible control in UEFI, to "enable, leave disabled but unlocked, and lock disabled". Once "lock disabled", it cannot be enabled back again until a hard reset happens.
Also, unlike the Pentium III "processor serial number cpuid", you need to read a MSR to access the new version, so it is supposed to be restricted to the O.S. kernel, which could then either make it available to regular programs or not.
It is not easy to find out about it, either: it is hidden in plain sight on the public Intel SDM (the processor's manual). You need to look over all the model-specific MSRs with a magnifying glass until you find it :-)
In the end, it boils down to whether your favorite O.S. cares about your privacy or not. It can lock the thing disabled at early boot, denying access to everything other than UEFI.
Control over this processor identification facility is supposed to be offered as a user-accessible control in UEFI, to "enable, leave disabled but unlocked, and lock disabled". Once "lock disabled", it cannot be enabled back again until a hard reset happens.
Also, unlike the Pentium III "processor serial number cpuid", you need to read a MSR to access the new version, so it is supposed to be restricted to the O.S. kernel, which could then either make it available to regular programs or not.
It is not easy to find out about it, either: it is hidden in plain sight on the public Intel SDM (the processor's manual). You need to look over all the model-specific MSRs with a magnifying glass until you find it :-)
In the end, it boils down to whether your favorite O.S. cares about your privacy or not. It can lock the thing disabled at early boot, denying access to everything other than UEFI.