Alleged "microkernel mathematically proven to be bug free"

Troy Benjegerdes hozer at hozed.org
Mon Jul 28 19:10:15 PDT 2014


On Mon, Jul 28, 2014 at 08:37:44PM +0200, Lodewijk andré de la porte wrote:
> >
> > This is probably only *theoretically* possible with quantum computation,
> > but it's *practically* possible with tamperproof hardware: TCMs used for
> > good instead of evil, maybe?
> 
> 
> What I'm planning doesn't have much in the way of uniqueness of hardware.
> The only unique thing is.. wait.. shouldn't I patent this first?

Yes. Look at http://q3u.be/patent/q3ube/ for an example, and if you want to 
use AGPLv3 I will send you the source files.
 
> The whole hardware device will be as trusted as any TPM would be. And
> probably be more trustworthy than any TPM that exists now. 't Is a tricky
> thing. The programs run in a vacuum, even they can't know where they run.
> That changes the purpose of a "TPM" significantly.
> 
> 2014-07-28 19:53 GMT+02:00 Troy Benjegerdes <hozer at hozed.org>:
> 
> > On Mon, Jul 28, 2014 at 06:05:47PM +0200, Lodewijk andré de la porte wrote:
> > > <3
> > >
> > > If you're a secure kernel developer, Onion routing expert, fantastic C
> > > coder or technology investor, and this triggered your interests, please
> > > contact me!
> >
> > I would be very interested in contract work for running Linux on L4
> > microkernels.
> >
> 
> There will be need for running software on the secure platform, but I
> suspect resources will be so pricy that Linux will be too fat. I'm not
> really sure about that left or right, so don't pin me down on it. In tone
> with microkernels it would be nice to make wrappers for portions of Linux
> APIs, also to ease porting.
> 
> 
> > You can see my experience here https://lkml.org/lkml/1999/3/7/59
> >
> > But if you give me the code, and I can emulate the hardware with qemu,
> > I can extract keys/code/whatever from anything running inside the 'secure'
> > microkernel.
> >
> 
> I'm not entirely sure what you mean by this. At least in my design there is
> absolutely no unique (platform) information available, that includes
> platform/application keys. If you need them you'll have to make them in
> your own userspace.
> 
> 
> > If you want the 'tamper evident' hardware it must be open-source hardware
> > and you will need on the order of at least a million USD to fabricate the
> > silicon,
> 
> 
> From what I heard from those that make mining hardware about half a million
> is enough. But I'm afraid trustable silicon is only part of the problem.
> The trustable silicon will already require some sort of minimalism to allow
> for validation, but it gets worse. To prevent data observation the rest of
> the casing will have to be able to self-destruct (think harddrives coated
> in thermite), and therefore self-observe in known an unknown ways. It also
> musn't radiate patterns, which will be exceedingly hard to prove. It will
> involve Faraday's cages and the like. Such hardware design is has been
> attempted before, but is probably still less effort than the software.
> 
> 
> > and then another million to offer cash prizes at DEFCON for anyone
> > that can hack the silicon & microkernel.
> >
> 
> I was thinking of a few millions thrown at companies banks could trust, to
> validate proofs, check circuits, observe fabrication, etc. and eventually
> undersign responsibility for the validity of the end result.
> 
> 
> > So if you can secure 2 to 10 million, let's get it done.
> >
> 
> I don't think that'd be enough. It requires a small horde of experts and a
> significant support infrastructure. On top of that the idea is exceedingly
> hard to convey. The idea that the cloud can be more secure then an in-house
> dedicated server is very foreign. It was to me, when I thought it up.
> 
> The upside is that the income model is very simple. Just charge for
> resources on the computing grids.
> 
> 
> > Otherwise talking about the theory of a formal-methods 'microkernel'
> > running
> > on today's buggy broken pre-trojaned hardware is unethical and dangerous.
> >
> 
> It's not *that *unethical and dangerous, it just wouldn't work! How can you
> claim to stay afloat when you're underwater? The hardware that makes op the
> grid will probably be a collection of simplistic components bought in
> VHDL-form. These simple, trusted, components will likely be in a shroud of
> not-vital components that do some practical stuff, like connecting to the
> Internet. Fresh ground to find those stupid patents, too.
> 
> 
> > Do you know what your network card firmware is doing? Neither do I, but I
> > bet
> > the NSA and Chinese intelligence will have updates for you when the
> > 'secure'
> > kernel comes out.
> >
> 
> Are you really prepared to see how deep the rabbit hole goes
> <http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/intel-amt-design-remote-management-even-when-systems-powered-off.html>
> ?

I got far enough I decided it was far easier to say the hell with it, If I
stop worrying and live my life asuming someone is always watching and
*I do not care* the paranoia dissapates rather quickly.

What I actually care about though is having the open source hardware so I
can actually *fix* old equipment instead of reverse-engineering all the 35
layers of remote backdoors that break all the time.

-- 
----------------------------------------------------------------------------
Troy Benjegerdes                 'da hozer'                  hozer at hozed.org
7 elements      earth::water::air::fire::mind::spirit::soul        grid.coop

      Never pick a fight with someone who buys ink by the barrel,
         nor try buy a hacker who makes money by the megahash




More information about the cypherpunks mailing list