#OpenFabs Ground Up Rebuild [re: secure computer]
On Sun, Sep 10, 2017 at 1:53 AM, Ryan Carboni <ryacko@gmail.com> wrote:
In the end, you can only trust something you can understand, otherwise you are trusting the word of someone else.
While ultimately true, it is certainly possible to create a far more trustable model than the totally blind "We are the corp / gov (or any other closed source single point opaque authority, trade secret IPR, NDA), *You can trust us*" that idiots happily accept today.
the original computers used relays, switches, and wires to be programmed.
There can be parallel lines of open inspection and cross certification of fully open ground up rebuilds all the way to current HW and SW products... ie: Processor, OS. The rebuild path, both of tooling itself and product, from relays to vacuum tubes to silicon to gigagate masks is already known form history, thus requires zero research. The research is in how to do the rebuild under a model that imparts explicit open reliable reviewable documented n-man rule realtime operating and historical chain of reasonably bulletproof trust. #OpenFabs, #OpenHW, #OpenSW Such a project could be seeded and continuously funded by #CryptoCurrencies, #DAOs, #EarlyAdopters, #CypherPunks, and eventually, sales of product runs None of today's opaque HW gates are remotely trustworthy, any attempts to impart trust to them are no more than foolish speculation.
Jim Bell and I commented some time ago on this dilemma. One obvious solution is "table top" manufacture of VLSI. As crazy as it sounds, for at least prototyping and small (CPunk) PoC projects, its possible to fab a wide variety of chips, with impressive feature sizes, implantation, doping, etc. using Electron Beam Lithography. EBL is basically operating an electron microscope in reverse. Because it uses electrons to illuminate the substrate vs. photons it doesn't require any litho masks. The beams can directly write to the surfaces and with the appropriate techniques expose chemicals that create the "resists" of typical litho methods. Best of all, electron beams can be brought to a sharper focus than even deep UV meaning small feature size capabilities. The main reason EBL is only a tech oddity is its inability to be used for volume manufacture. Maybe someone in this field will do an ICO. EBL can potentially be operated by a much smaller staff (maybe a competent enough individual) than even the smallest conventional fab. With at least small scale manufacture and some careful design attention I think the list price on a rig could be < $100k USD. Steve On Tue, Sep 12, 2017 at 11:33 PM, grarpamp <grarpamp@gmail.com> wrote:
On Sun, Sep 10, 2017 at 1:53 AM, Ryan Carboni <ryacko@gmail.com> wrote:
In the end, you can only trust something you can understand, otherwise you are trusting the word of someone else.
While ultimately true, it is certainly possible to create a far more trustable model than the totally blind "We are the corp / gov (or any other closed source single point opaque authority, trade secret IPR, NDA), *You can trust us*" that idiots happily accept today.
the original computers used relays, switches, and wires to be programmed.
There can be parallel lines of open inspection and cross certification of fully open ground up rebuilds all the way to current HW and SW products... ie: Processor, OS.
The rebuild path, both of tooling itself and product, from relays to vacuum tubes to silicon to gigagate masks is already known form history, thus requires zero research.
The research is in how to do the rebuild under a model that imparts explicit open reliable reviewable documented n-man rule realtime operating and historical chain of reasonably bulletproof trust.
#OpenFabs, #OpenHW, #OpenSW
Such a project could be seeded and continuously funded by
#CryptoCurrencies, #DAOs, #EarlyAdopters, #CypherPunks, and eventually, sales of product runs
None of today's opaque HW gates are remotely trustworthy, any attempts to impart trust to them are no more than foolish speculation.
-- Creator of the Warrant Canary and the Street Performer Protocol. Wi-Fi standard spec. creation participant and co-developer of eCache. Director at MojoNation and Cylink. Founding member of IFCA and GNU Radio. Shameless self-promoter :)
On Wed, Sep 13, 2017 at 10:45 PM, Steven Schear <schear.steve@gmail.com> wrote:
Jim Bell and I commented some time ago on this dilemma. One obvious solution is "table top" manufacture of VLSI.
As crazy as it sounds, for at least prototyping and small (CPunk) PoC projects, its possible to fab a wide variety of chips, with impressive feature sizes, implantation, doping, etc. using Electron Beam Lithography. EBL is basically operating an electron microscope in reverse. Because it uses electrons to illuminate the substrate vs. photons it doesn't require any litho masks. The beams can directly write to the surfaces and with the appropriate techniques expose chemicals that create the "resists" of typical litho methods. Best of all, electron beams can be brought to a sharper focus than even deep UV meaning small feature size capabilities.
The main reason EBL is only a tech oddity is its inability to be used for volume manufacture. Maybe someone in this field will do an ICO. EBL can potentially be operated by a much smaller staff (maybe a competent enough individual) than even the smallest conventional fab. With at least small scale manufacture and some careful design attention I think the list price on a rig could be < $100k USD.
If this solution uses today's computers to drive the beam, since those computers cannot be trusted, and you can't see the beam or resultant features, and you can't exhaustively inspect and test each chip produced, then the entire output can't be trusted either and the solution is rubbish. Shit can only beget shit, see: Reflections on Trusting Trust by Ken Thompson and the old Trusted Computing Rainbow Series. Today you have ZERO idea exactly what's in the latest from Intel / AMD / Qualcomm / etc. Only an implied guesstimate that including many exploits for specific targets limits applications and result scope, and costlier to die area, than a global set of magic packet 0wnership... which happens to suck even more because its then adaptable to exploit you. I suggest that building an OpenFab capable of producing a much higher than zero, higher than even implied guesstimates, level of explicit trust is now within both reach and need of those interested in its value. Certainly the problem space is better understood such that a framework can begin to be designed. As before, you have to rebuild it all from scratch, under a new paradigm, before you'll ever be able to trust anything.
On Thu, Sep 14, 2017 at 01:41:34AM -0400, grarpamp wrote:
On Wed, Sep 13, 2017 at 10:45 PM, Steven Schear <schear.steve@gmail.com> wrote:
Jim Bell and I commented some time ago on this dilemma. One obvious solution is "table top" manufacture of VLSI.
As crazy as it sounds, for at least prototyping and small (CPunk) PoC projects, its possible to fab a wide variety of chips, with impressive feature sizes, implantation, doping, etc. using Electron Beam Lithography. EBL is basically operating an electron microscope in reverse. Because it uses electrons to illuminate the substrate vs. photons it doesn't require any litho masks. The beams can directly write to the surfaces and with the appropriate techniques expose chemicals that create the "resists" of typical litho methods. Best of all, electron beams can be brought to a sharper focus than even deep UV meaning small feature size capabilities.
The main reason EBL is only a tech oddity is its inability to be used for volume manufacture. Maybe someone in this field will do an ICO. EBL can potentially be operated by a much smaller staff (maybe a competent enough individual) than even the smallest conventional fab. With at least small scale manufacture and some careful design attention I think the list price on a rig could be < $100k USD.
If this solution uses today's computers to drive the beam, since those computers cannot be trusted, and you can't see the beam or resultant features, and you can't exhaustively inspect and test each chip produced, then the entire output can't be trusted either and the solution is rubbish. Shit can only beget shit, see: Reflections on Trusting Trust by Ken Thompson and the old Trusted Computing Rainbow Series.
I disagree - within certain limits (which could be analysed and determined to within certain scales/ % deltas), we can have certainty about production. For example, create a very simple circuit. Begin with say an existing untrusted computer with a pristine Debian install, Internet-disconnected and in a sound-, emf-, light-, and vibration- isolated room connected to the EBL kit. Now produce some small yet simple circuit - a few thousand gates or some such. Small enough you can personally verify. Chain these up to create a parallel "chip thing". Test this parallel chip thing wherever. Rinse and repeat until you have a CPU, memory and disk controllers, then build your very basic computer from that. It might take a few cycles and a decade or more, but a level of assurance could be achieved, starting from where we are. Point is, it seems inconceivable that say an Intel chip "off the shelf" would have some EBL-backdooring code built in which is competent enough to specifically, correctly, and usefully, backdoor your EBL gate/chip design. I simply don't believe that's possible. In this realm of the physical, we can work with the known physical limits (physically im/possibilities) to achieve an "assured" physical output product, I believe.
Today you have ZERO idea exactly what's in the latest from Intel / AMD / Qualcomm / etc. Only an implied guesstimate that including many exploits for specific targets limits applications and result scope, and costlier to die area, than a global set of magic packet 0wnership... which happens to suck even more because its then adaptable to exploit you.
I suggest that building an OpenFab capable of producing a much higher than zero, higher than even implied guesstimates, level of explicit trust is now within both reach and need of those interested in its value. Certainly the problem space is better understood such that a framework can begin to be designed.
Ack - seems we actually agree.
As before, you have to rebuild it all from scratch, under a new paradigm, before you'll ever be able to trust anything.
That's the bit where I have a disagreement - we can gain some certainties from knowledge of physical limits/ im/possibilities, and so no need to reject outright today's COTS components.
On Thu, 14 Sep 2017 01:41:34 -0400 grarpamp <grarpamp@gmail.com> wrote:
If this solution uses today's computers to drive the beam, since those computers cannot be trusted, and you can't see the beam or resultant features....
ok...
I suggest that building an OpenFab capable of producing a much higher than zero, higher than even implied guesstimates, level of explicit trust
except the tools used in the fab can't be trusted either? Why would you trust equipment built by the government or by the handful of 'private' fascist firms who work as government proxies?
is now within both reach and need of those interested in its value. Certainly the problem space is better understood such that a framework can begin to be designed.
As before, you have to rebuild it all from scratch, under a new paradigm, before you'll ever be able to trust anything.
pretty much true...
participants (4)
-
grarpamp -
juan -
Steven Schear -
Zenaan Harkness