[lowrisc-dev] Fabrication process

Alex Bradbury asb at asbradbury.org
Sat Jan 3 19:34:40 GMT 2015


On 31 December 2014 at 14:37, Chris McGee <sirnewton_01 at yahoo.ca> wrote:
> Hi All,
>
> The security implications are interesting, but not entirely what I was asking about. Even the process of taking a processor design, finding an appropriate fabrication facility and having them produce chips is opaque to me. I would find it enlightening to know how lowRISC worked through these stages.

The simple answer is that in the context of the lowRISC project, this
isn't a process we've completed yet - we are still at the
implementation stage and intend to produce a test chip later this
year. The RISC-V project at Berkeley of course has produced several of
their own test chips on different processes.

Test chips are produced on a multi-project wafer
<http://en.wikipedia.org/wiki/Multi-project_wafer_service> where the
costs are pool between multiple universities/firms. In the US, the
main service for this is MOSIS. In the EU, we have Europractice. Some
universities may have donations of space on internal test wafers for a
certain fab.

Andreas Olofsson, founder of Adapteva has a good blog which covers
what is needed to bring a chip to market:
http://www.adapteva.com/andreas-blog/semiconductor-economics-101/

> From a security perspective are there techniques to verify that the silicon is in fact what is in the design, nothing more, nothing less? I'm assuming that ROMs are easily verified by dumping their contents.

This is a really difficult problem. Even if you verify that the wafers
you get back from the fab are what you expected and perform extensive
optical validation, you want to guarantee that what you get back from
the packaging house uses the same silicon and that later when you
integrate the IC into a PCB design that hasn't been swapped out. To
make things more difficult, a design could be crippled in almost
undetectable ways - e.g. crippling a random number generator by
changing the dopant levels of the transistors in that part of the
circuit (http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/).

Alex



More information about the lowrisc-dev mailing list