If you're willing to sacrifice some performance and power efficiency, you can always use an FPGA. The tools aren't open, but it seems like it would be a lot harder to make an FPGA or FPGA tools to backdoor arbitrary circuits. You could potentially do the "reflections on trusting trust" thing and detect and backdoor each of the major open source processor cores, but it seems pretty unlikely that such a thing wouldn't leak.

On the other hand, I also seriously doubt Intel CPUs are backdoored, so maybe my paranoia isn't properly calibrated. Even if you generally trust Intel, though, FPGAs could still potentially protect you from all the investment the NSA has undoubtedly put into finding bugs and side channels in the widely used CPUs, though. And being much simpler, something like OpenRisc or J1 or SPARC v8 probably has far fewer places for such flaws/side channels to hide.

On the gripping hand, none of those processors gives you an equivalent of Intel's TXT mode, and I'm not sure but it's probably much easier to dump internal state from an FPGA, so you could be more vulnerable to cold boot and evil maid attacks.


On Tue, Jul 28, 2015, 19:27 grarpamp <grarpamp@gmail.com> wrote:
> Steve Kinney wrote:
> If a market is willing to pay enough to support and grow the
> project, it can be done.  Are there potential partners and large
> scale consumers for "top security through total transparency" to
> make an open hardware project viable today?
>
> One potential route would be to broker a deal to pool the
> resources of specialty hardware integrators who already have a
> market base for high security "solutions."  The Open Office
> project pulled off something similar years ago, obtaining major
> funding and support from IBM and others who wanted Microsoft out
> of their hair.  So, who wants a shot at defending some of their
> digital assets from outfits like NSA and GHCQ, badly enough to pay
> for it?
>
> The first place I would start shopping this "crypto anarchist"
> project around would be State security services - pretty much any
> small to mid-sized outfit not in BRICS or FVEYE could be a
> potential market for auditable scrambler phones for military
> commanders, senior elected officials, diplomatic corps and
> double-nought spies.  From there to high performance servers and
> workstations would be a natural progression.
>
> I haven't looked at how the Black Phone folks are doing lately,
> but that looks like the kind of product line where open hardware
> might find its first viable home.
>
> Another consideration:  One needs not necessarily own the facility
> where the chips are made:  ISO quality assurance programs already
> in place support client access for audit and validation.  A
> contract that specifies the client's intrusive presence during
> every phase of production and handling would cost extra, but a QA
> process that assumes the presence of hostile actors on the shop
> floor is definitely possible.  Such a process would also be needed
> at a dedicated facility:  One must assume the presence of hostile
> actors there, too. :o)

That's basically all part of the idea. And that some serious multi
philosophical combination of hardcore Stallman Ghandi Cpunk
Riseup Coder Maker Opensource Auditor like motherfuckers all
build, run and observe the joint from the ground up as essentially a
crosschecked incorruptible thing that anyone can look at.

Todays shops are a mutable system of hierarchical employee
paychecks, payoffs, closed door privacy and backroom games.