On Thu, Sep 14, 2017 at 01:41:34AM -0400, grarpamp wrote:

On Wed, Sep 13, 2017 at 10:45 PM, Steven Schear wrote:

...

Jim Bell and I commented some time ago on this dilemma. One obvious solution is "table top" manufacture of VLSI.

As crazy as it sounds, for at least prototyping and small (CPunk) PoC projects, its possible to fab a wide variety of chips, with impressive feature sizes, implantation, doping, etc. using Electron Beam Lithography. EBL is basically operating an electron microscope in reverse. Because it uses electrons to illuminate the substrate vs. photons it doesn't require any litho masks. The beams can directly write to the surfaces and with the appropriate techniques expose chemicals that create the "resists" of typical litho methods. Best of all, electron beams can be brought to a sharper focus than even deep UV meaning small feature size capabilities.

The main reason EBL is only a tech oddity is its inability to be used for volume manufacture. Maybe someone in this field will do an ICO. EBL can potentially be operated by a much smaller staff (maybe a competent enough individual) than even the smallest conventional fab. With at least small scale manufacture and some careful design attention I think the list price on a rig could be < $100k USD.

If this solution uses today's computers to drive the beam, since those computers cannot be trusted, and you can't see the beam or resultant features, and you can't exhaustively inspect and test each chip produced, then the entire output can't be trusted either and the solution is rubbish. Shit can only beget shit, see: Reflections on Trusting Trust by Ken Thompson and the old Trusted Computing Rainbow Series.

I disagree - within certain limits (which could be analysed and determined to within certain scales/ % deltas), we can have certainty about production. For example, create a very simple circuit. Begin with say an existing untrusted computer with a pristine Debian install, Internet-disconnected and in a sound-, emf-, light-, and vibration- isolated room connected to the EBL kit. Now produce some small yet simple circuit - a few thousand gates or some such. Small enough you can personally verify. Chain these up to create a parallel "chip thing". Test this parallel chip thing wherever. Rinse and repeat until you have a CPU, memory and disk controllers, then build your very basic computer from that. It might take a few cycles and a decade or more, but a level of assurance could be achieved, starting from where we are. Point is, it seems inconceivable that say an Intel chip "off the shelf" would have some EBL-backdooring code built in which is competent enough to specifically, correctly, and usefully, backdoor your EBL gate/chip design. I simply don't believe that's possible. In this realm of the physical, we can work with the known physical limits (physically im/possibilities) to achieve an "assured" physical output product, I believe.

Today you have ZERO idea exactly what's in the latest from Intel / AMD / Qualcomm / etc. Only an implied guesstimate that including many exploits for specific targets limits applications and result scope, and costlier to die area, than a global set of magic packet 0wnership... which happens to suck even more because its then adaptable to exploit you.

I suggest that building an OpenFab capable of producing a much higher than zero, higher than even implied guesstimates, level of explicit trust is now within both reach and need of those interested in its value. Certainly the problem space is better understood such that a framework can begin to be designed.

Ack - seems we actually agree.

As before, you have to rebuild it all from scratch, under a new paradigm, before you'll ever be able to trust anything.

That's the bit where I have a disagreement - we can gain some certainties from knowledge of physical limits/ im/possibilities, and so no need to reject outright today's COTS components.