Open Fabs

grarpamp grarpamp at gmail.com
Thu Jul 30 00:52:29 PDT 2015


On Thu, Jul 30, 2015 at 12:11 AM, Steve Kinney <admin at pilobilus.net> wrote:
>>> staff, with particular attention to choke points where
>
> That's not what I have in mind at all.  Everything that touches
> the production process would have to be isolated and audited.  In
> practical terms, that would mean bringing the computers in
> question in from offsite, with relevant software already installed
> and validated.

People talk a lot about refitting and auditing existing setups.
There's a lot of inbred friction there so the cost to successfully
do that vs. a complete ground up trusted rebuild may be roughly
equivalent. Therefore if so why not just choose the latter?

> In the context at hand, watching the whole thing play out would
> consist of directing the whole process one step at a time, per a
> procedure created in collaboration with the contractor's
> engineering and QA departments.  Optical masks and/or equivalent
> data files would be handled by client personnel and retained for
> validation.  The chips that pop out would be under very stringent
> property control, and quite a lot of them would be torn down and
> thoroughly analyzed "at home" to validate the run.

Still sounds like untrusted base, chicken and egg.

http://s12.postimg.org/n93g4udql/DSCF0431_who_came_first.jpg


> depends on how reliable the post-production tear down and analysis
> of end product components is considered.

> A quote to the effect of "I do not care who votes, I
> only care who counts the votes" comes to mind

And how do you propose to count the votes when your
ballots are measured in square nanometers and your
counting machines are all made by one secretive company
and composed of anywhere between 1B and 6B untrusted
logic gates?

Did you ever hear Intel say "our own designs and fabs have no backdoors
and we're not subject to backdooring"?
Did you ever hear GlobalF say "we don't inject backdoors in customer
silicon and we're not subject to backdooring"?
Would it mean anything to you if they did?
Would it make any difference if they offered you a field trip?
Do independants actually think their oneoff decap validation project
proves or gives odds on the entire line and distribution chain?
And when was any Intel / AMD CPU last publicly decapped
and fully audited? 8088? Never?

>> This is old school TCSEC / CC applied to manufacturing.

> then it is not possible to build a trusted CPU.

You watch while... I collect wood and ore and smelt into axe, you
trust axe. I split tree and assemble hut, you trust hut. I put
wheel in water and make mill, you trust flour. I give you magical
computer before I make abacus, you throw in river and order me
make abacus first. Eventually trusted CPU is made.

> I think that in the engineering and business worlds, trust is
> always a point on a cost curve.

I'd have more trust in some kid to not destroy my lawn with
the mower for $10 than some company for $50.

Govt contracts seem to deliver more debt than trust and
are prime example that trust and cost are separate. If not,
then the HUNDREDS OF BILLIONS governments spend
a year would have resulted in 5 9's of trust decades ago.
But no, they can't even keep OPM secure from crackers,
let alone backdoored cpu's they import from Malay fabs.

Put well under 1/100 of that pie a year for a few years into
a trusted open fab project and I'd bet you can get "Beyond A1"
consumer gear out the other end at tolerable prices.

Don't forget to charge 10+ times more for government jobs :)



More information about the cypherpunks mailing list