#OpenFabs Ground Up Rebuild [re: secure computer]

Wed Sep 13 23:18:39 PDT 2017

On Thu, Sep 14, 2017 at 01:41:34AM -0400, grarpamp wrote:
> On Wed, Sep 13, 2017 at 10:45 PM, Steven Schear <schear.steve at gmail.com> wrote:
> > Jim Bell and I commented some time ago on this dilemma. One obvious solution
> > is "table top" manufacture of VLSI.
> >
> > As crazy as it sounds, for at least prototyping and small (CPunk) PoC
> > projects, its possible to fab a wide variety of chips, with impressive
> > feature sizes, implantation, doping, etc. using Electron Beam Lithography.
> > EBL is basically operating an electron microscope in reverse. Because it
> > uses electrons to illuminate the substrate vs. photons it doesn't require
> > any litho masks. The beams can directly write to the surfaces and with the
> > appropriate techniques expose chemicals that create the "resists" of typical
> > litho methods. Best of all, electron beams can be brought to a sharper focus
> > than even deep UV meaning small feature size capabilities.
> >
> > The main reason EBL is only a tech oddity is its inability to be used for
> > volume manufacture. Maybe someone in this field will do an ICO. EBL can
> > potentially be operated by a much smaller staff (maybe a competent enough
> > individual) than even the smallest conventional fab. With at least small
> > scale manufacture and some careful design attention I think the list price
> > on a rig could be < $100k USD.
> 
> 
> If this solution uses today's computers to drive the beam, since
> those computers cannot be trusted, and you can't see the beam
> or resultant features, and you can't exhaustively inspect and test
> each chip produced, then the entire output can't be trusted either
> and the solution is rubbish. Shit can only beget shit, see:
> Reflections on Trusting Trust by Ken Thompson
> and the old Trusted Computing Rainbow Series.

I disagree - within certain limits (which could be analysed and
determined to within certain scales/ % deltas), we can have certainty
about production.

For example, create a very simple circuit. Begin with say an existing
untrusted computer with a pristine Debian install,
Internet-disconnected and in a sound-, emf-, light-, and vibration-
isolated room connected to the EBL kit.

Now produce some small yet simple circuit - a few thousand gates or
some such. Small enough you can personally verify.

Chain these up to create a parallel "chip thing".

Test this parallel chip thing wherever.

Rinse and repeat until you have a CPU, memory and disk controllers,
then build your very basic computer from that.

It might take a few cycles and a decade or more, but a level of
assurance could be achieved, starting from where we are.

Point is, it seems inconceivable that say an Intel chip "off the
shelf" would have some EBL-backdooring code built in which is
competent enough to specifically, correctly, and usefully, backdoor
your EBL gate/chip design.

I simply don't believe that's possible.

In this realm of the physical, we can work with the known physical
limits (physically im/possibilities) to achieve an "assured" physical
output product, I believe.

> Today you have ZERO idea exactly what's in the latest from
> Intel / AMD / Qualcomm / etc. Only an implied guesstimate
> that including many exploits for specific targets limits applications
> and result scope, and costlier to die area, than a global set of
> magic packet 0wnership... which happens to suck even more
> because its then adaptable to exploit you.
> 
> I suggest that building an OpenFab capable of producing a
> much higher than zero, higher than even implied guesstimates,
> level of explicit trust is now within both reach and need of those
> interested in its value. Certainly the problem space is better
> understood such that a framework can begin to be designed.

Ack - seems we actually agree.

> As before, you have to rebuild it all from scratch, under a
> new paradigm, before you'll ever be able to trust anything.

That's the bit where I have a disagreement - we can gain some
certainties from knowledge of physical limits/ im/possibilities,
and so no need to reject outright today's COTS components.