Back to Docs
Recipe

Pact Setup

Bind a hardware fingerprint to a license key so only one machine can activate. The pact is signed locally and verified by the Meridian loader before the payload ever decrypts.

1. Collect the fingerprint

Run the Meridian CLI on the target machine. It hashes the TPM endorsement key, machine SID, disk serial, and BIOS UUID into a single 64‑char hex string.

meridian.exe fingerprint --out machine.fp

2. Create the pact

Feed the fingerprint and a license key to the pact tool. It emits a signed blob that the loader will validate at startup.

meridian.exe pact create \n  --key LICENSE-KEY \n  --fingerprint machine.fp \n  --out pact.bin

3. Ship the pact

Place pact.bin next to the loader executable. On launch the loader reads the pact, re‑hashes the live hardware, and compares. Mismatch → silent exit.

4. Revoke or rotate

Pacts are tied to a license key. Revoking the key in the Meridian dashboard invalidates every pact signed under it. Rotate the key and re‑issue pacts when hardware changes.

Next: Auto‑update CDN recipe →