On Wed, Jul 29, 2015 at 9:47 PM, Steve Kinney <admin@pilobilus.net> wrote:
That's exactly what I'm talking about: Essentially taking over the production process and working alongside facility staff, with particular attention to choke points where validation is both possible and productive. ISO quality programs include provision for onsite participation by clients
I submit the above is moot... you're taking your chip design in on your USB, happy as a clam to be the one to insert it into their computer, pull it up on their screen, and watch the whole thing play out before your eyes... on down the line till out pops a chip in your hand, yay! But you failed to realize their computer and software probably wasn't made by them, nor has any open to you audit crosscheck been wrapped around it or it's operators and maintainers... on down the line. You can carve a stick with a knife but you can't really build a trusted cpu with an untrusted cpu. If the goal is to build an open trusted fab, you must build an open trusted fab, by and with the hard and different philosophical mofos who refuse to concur unless each step of design, build and operation is plainly validated. Otherwise you're just selling tourist tickets to the theme park. This is old school TCSEC / CC applied to manufacturing. You have cost efficiency in that the knowledge of tool and chip making already exists. You use that savings to offset cost of rebuilding with TCSEC. As opposed to trying to impart trust upon existing systems which is prohibitive.
Somewhere, the rising curve of security costs will cross a falling curve of security risks, and that's as good a place as any to draw a line.
Trust is not defined by a point on a cost curve.