On Mon, Aug 26, 2013 at 02:44:32PM -0400, Perry E. Metzger wrote: > > My main issue with this proposal is that somebody identifiable is > > going to manufacture these boxes. Maybe several somebodies, but > > IMO, that's an identifiable central point of control/failure.
Recently there's a trend for at least somewhat open hardware (Raspberry Pi, other ARM systems, Parallella Epiphany) some of which contain enough FPGA real estate (sure, we know there are FPGA backdoors, but) so that you could boot up an open core soft CPU, and even bootstrap your own toolchain from scratch. > One can use a commercial PC if one wants to install on one's own, or > any one of many manufacturers of small boxes. It is certainly the case In principle an FPGA die is regular, and hence more easily inspectable, but even SoCs can be sampled by reverse-engineering them from the metal layers. > that the hardware layer can be attacked, all is lost. On the other > hand, if we presume supply chain attacks, all is lost anyway -- once > you control the computer, the protocols it is running don't matter. > Even keyboards can be suborned -- see Gaurav Shah's work on that, for > example. We need open, fully inspectable systems. If proving code, or at least, auto-generating code from state machines catches on in open source the number of exploitable vulnerabilities can be greatly diminished. > I would prefer not to try to solve that problem right now -- it is > too broad and too general. If others can solve it, that's of course a > great thing. :) _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
