Re: [Cryptography] open hardware as a defence against state-level attacks
On Mon, Jan 12, 2015 at 5:46 AM, ianG <iang@iang.org> wrote:
mathematics. We’ve also built an open-source processor with security features designed to protect both the Tor relay and slow market applications. This is achieved by separating those processes from the host operating system with hardware-anchored cryptographic isolation. The system on chip is based on an OpenSPARC T1 by Sun Microsystems with substantial enhancements to the hypervisor and two cryptographic co-processors. That will be released in about a month and the designs for the development board and the logic of the system on chip will be of course open source.
On 12/01/2015 05:49 am, grarpamp wrote:
Sorry, but unless your own trusted third party observers are following your "open" hardware at every step from design to microcode to lithography fab through to binary exhaustive test vectors... you are subject to potential compromise at any step along the way. Please stop claiming otherwise.
Seems like you are letting the perfect be the enemy of the good. Defence in depth. Defence against fierce & persistent attacks is not about defeating the enemy totally & utterly but about raising the cost of the easy attacks to just above the cost of the next easy attack. Rinse & repeat.
Yes, incremental helps. Yet let me open another related line of thinking... Where are the open fabs for makers instead of submitting open designs to closed fabs? It's 2015, crowdfunding, open source, non-profits, and public monitoring are done. We're not talking TSMC scale tech here, but a basic backyard shed capability to print useable, useful, marketable silicon. ie: Print off some USB RNG's, radios, DACs/ADCs, even 74 series and discretes, whatever works. Then with that open initial platform, start taking commercial production contracts (even private runs) to pay for growing the open fab. Even including openly replicating yourself. What is the minimum capital and endowment needed to gear up to put 1k, 100k, 500k, 1M, 100M, 1B gates that someone, including makers, would buy down on silicon?
On Mon, Jan 12, 2015 at 03:04:23PM -0500, grarpamp wrote:
Yet let me open another related line of thinking...
Where are the open fabs for makers instead of submitting open designs to closed fabs? It's 2015, crowdfunding, open source, non-profits, and public monitoring are done.
The LowRISC project aims to build a complete open SoC based on the RISC-V architecture and get chips fabbed. http://www.lowrisc.org/ -andy
On 14/01/15 14:56, Andy Isaacson wrote:
On Mon, Jan 12, 2015 at 03:04:23PM -0500, grarpamp wrote:
Yet let me open another related line of thinking...
Where are the open fabs for makers instead of submitting open designs to closed fabs? It's 2015, crowdfunding, open source, non-profits, and public monitoring are done.
Chip fabs are not cheap, you need billions of dollars/euros to start one up[1]. A more reasonable approach would be to buy an old one, but you would still need lot of millions. And this is without taking running costs into account. Running a fabrication plant is quite different from running a fablab or a hacker space.... Having micro-electonics background and being an open-source proponent, i have been thinking about this kind of problems for a while. Before going for a semiconductor fabrication plant, maybe it would be better to start with something more simple like resistors, capacitors, diodes, transistors, ... (Look at the GNU project, they bootstrapped their "complete free Unix-like system" with gcc, make, libc and the likes, they didn't start with gimp or gnome) 10/20 years ago, you would make your PCBs yourself (Printed Circuit Board [2]), the technology started with single layer PCB, and then came the 2 layers (double-sided) PCBs, it was a bit more difficult, but it was still doable. By 2015 the standard is 4, 6, 8+ layers, and I've never heard of DIY method to make such 4+ layers PCBs. Single and double layers PCBs are still useful, and i'm sure there's plenty of fablabs/hackespaces with the right gears to help you make them. But if your goal is to make a phone, a PC, ... you need way more advanced technology. I see Open-Hardware as a myth and an utopia (I'm OK with this I am an utopian myself): - A myth because so far people have created open electronics design with proprietary physical electronics and electro-mechnical components. I could go for hours on this one, just get one of this board in your hand (a Pi, beagleborad, arduino, ...) and look at it, every single physical part is proprietary, every single one! They usually used proprietary EDA software, with proprietary 3rd party libraries, they certainly sent their open designs to the PCB manufacturer using a proprietary format. And then they load it with open-source software and claim the thing to be open-hardware... (don't get me wrong, hat off to these awesome guys!) - An utopia because we are light-years away from being able to produce 100.0% open-hardware. As I said, a 100.0% open-hardware piece of equipment means that you have access to the technology of all parts being used to produce the final product (the equivalent of the source code of all open-source projects (and standards) needed to create a Linux distro for example). but as of today, nothing is open-technology, even a simple plastic connector or a ceramic capacitor are protected by patents all over the place! The manufacturers of these parts usually kindly provides you with models of their components (electronic symbol, 3D model, PCB footprint, Ibis model, spice models, ...), nice, isn't it? Well, no, their license are not even compatible with any open-source ones, which mean you cannot use them to make an open-design, you have to start from scratch, almost each time! To go towards a world where 100.0% open-hardware (electronics) is thinkable we would need: - open technology to fabricate multi-layers PCBs ([3] looks promising) - open technology to fabricate simple electronic and mechanical components (think resistors, capacitors, transistors, connectors, LEDs, ...) - open technology to fabricate complex chips (CPU, memories, FPGAs, ...) - open SW technology to create these electronics designs (using SW called EDA, CAD, ...)[4] - And above all we need open standards! Fuck IEEE, IEC, IPC, etc... (As an exercise to the reader: try to imagine how the internet and the web would be if W3C and IETF were producing only closed and pricey standards) Some interesting projects in case you don't know them: http://opensourceecology.org http://opencores.org/ http://www.ohwr.org/ PS: I know you started with open-source micro-electronics projects like a CPU chip, and i replied more on the above level (make a motherboard with the said CPU), but I think my point still stands: We first need open basic physical blocks (components) with which we will then create open complex parts. Chris [1] https://en.wikipedia.org/wiki/List_of_semiconductor_fabrication_plants [2] https://en.wikipedia.org/wiki/Printed_circuit_board [3] Sorry can't find the link, but it's about printed carbon tracks on a piece of paper instead of using chemical process to create copper tracks on flame retardant material... [4] If you're interested in these, just compare FreeCAD against SolidWorks and KiCAD against Altium, both FreeCAD and KiCAD are lacking far, far, far behind: FreeCAD (open source): http://www.freecadweb.org/ SolidWorks (proprietary): http://www.solidworks.com/ KiCAD (open source): http://www.kicad-pcb.org Altium (proprietary): http://www.altium.com/ And I didn't even talk about monsters like Cadence () to make your own IC (chip), there's virtually nothing to compare to in the free world!
The LowRISC project aims to build a complete open SoC based on the RISC-V architecture and get chips fabbed.
-andy
participants (3)
-
Andy Isaacson -
Christian Gagneraud -
grarpamp