[lowrisc-dev] Fabrication process
sirnewton_01 at yahoo.ca
Wed Dec 31 14:37:56 GMT 2014
The security implications are interesting, but not entirely what I was asking about. Even the process of taking a processor design, finding an appropriate fabrication facility and having them produce chips is opaque to me. I would find it enlightening to know how lowRISC worked through these stages.
From a security perspective are there techniques to verify that the silicon is in fact what is in the design, nothing more, nothing less? I'm assuming that ROMs are easily verified by dumping their contents.
> On Dec 31, 2014, at 4:39 AM, Jookia <166291 at gmail.com> wrote:
>> On 12/31/2014 08:33 PM, L.R. d S. wrote:
>> As sr. McGee, I have the same think about this.
>> Problems I see here:
>> - How we can trust on crypto processor manufacturing?
>> On the last paper released, on page 2, the team describe a crypto processo on lowRISC. How we can trust on this, on times of mass surveilance? Even if this have a libre design with all firmware and all, how we can verify the method of manufacturing? We already have problems about that.
>> My idea is create a open inspection, with logs on every process, and/or maybe create a verification with a photo from processor comparing with the Serial number.
> If we're going to go all paranoia, we can't trust manufacturing as we're not the ones doing it. Logs can be forged. But we shouldn't have to trust manufacturing, we should have some kind of method to validate the hardware. Way off in the future it'd be nice to see tools like electron microscopes and x-rays be used the confirm hardware.
> For the truly paranoid it might be best to run encryption through software. While slow at the moment, the future may have faster ciphers like NORX that don't require hardware processors.
>> -The ROM's
>> We will can compile everything from source and put it on ROM? Boads like BeagleBone have a ROM inside that can't be replaced (it's Mask ROM)... I hope this don't happen on lowRISC.
>> -A method to make a write prottection on ROM?
>> If so, we can compile, replace ROM, and then apply the write protection. With this we can trust on what we run, without the preocupation with deliberate third parties ROM write.
> Doesn't secure boot solve this? Or another form of authentication. I know currently if you trust Intel TXT we can enter a mode of execution that can't be influenced by malicious software, then we can verify the software and authenticate the machine before running secure programs.
>> Luiz Roberto.
>>  http://www.chesworkshop.org/ches2013/presentations/CHES2013_Session4_3.pdf
More information about the lowrisc-dev