[lowrisc-dev] Fabrication process

Jookia 166291 at gmail.com
Wed Dec 31 09:39:23 GMT 2014


On 12/31/2014 08:33 PM, L.R. d S. wrote:
> As sr. McGee, I have the same think about this.
>
> Problems I see here:
> - How we can trust on crypto processor manufacturing?
>
> On the last paper released, on page 2, the team describe a crypto processo on lowRISC. How we can trust on this, on times of mass surveilance? Even if this have a libre design with all firmware and all, how we can verify the method of manufacturing? We already have problems about that[1].
> My idea is create a open inspection, with logs on every process, and/or maybe create a verification with a photo from processor comparing with the Serial number.

If we're going to go all paranoia, we can't trust manufacturing as we're 
not the ones doing it. Logs can be forged. But we shouldn't have to 
trust manufacturing, we should have some kind of method to validate the 
hardware. Way off in the future it'd be nice to see tools like electron 
microscopes and x-rays be used the confirm hardware.

For the truly paranoid it might be best to run encryption through 
software. While slow at the moment, the future may have faster ciphers 
like NORX that don't require hardware processors.

> -The ROM's
> We will can compile everything from source and put it on ROM? Boads like BeagleBone have a ROM inside that can't be replaced (it's Mask ROM)... I hope this don't happen on lowRISC.
>
> -A method to make a write prottection on ROM?
> If so, we can compile, replace ROM, and then apply the write protection. With this we can trust on what we run, without the preocupation with deliberate third parties ROM write.

Doesn't secure boot solve this? Or another form of authentication. I 
know currently if you trust Intel TXT we can enter a mode of execution 
that can't be influenced by malicious software, then we can verify the 
software and authenticate the machine before running secure programs.

> Regards,
> Luiz Roberto.
>
> [1] http://www.chesworkshop.org/ches2013/presentations/CHES2013_Session4_3.pdf
>

Cheers,
Jookia.



More information about the lowrisc-dev mailing list