On Thu, Sep 14, 2017 at 01:41:34AM -0400, grarpamp wrote: > On Wed, Sep 13, 2017 at 10:45 PM, Steven Schear <[email protected]> > wrote: > > Jim Bell and I commented some time ago on this dilemma. One obvious solution > > is "table top" manufacture of VLSI. > > > > As crazy as it sounds, for at least prototyping and small (CPunk) PoC > > projects, its possible to fab a wide variety of chips, with impressive > > feature sizes, implantation, doping, etc. using Electron Beam Lithography. > > EBL is basically operating an electron microscope in reverse. Because it > > uses electrons to illuminate the substrate vs. photons it doesn't require > > any litho masks. The beams can directly write to the surfaces and with the > > appropriate techniques expose chemicals that create the "resists" of typical > > litho methods. Best of all, electron beams can be brought to a sharper focus > > than even deep UV meaning small feature size capabilities. > > > > The main reason EBL is only a tech oddity is its inability to be used for > > volume manufacture. Maybe someone in this field will do an ICO. EBL can > > potentially be operated by a much smaller staff (maybe a competent enough > > individual) than even the smallest conventional fab. With at least small > > scale manufacture and some careful design attention I think the list price > > on a rig could be < $100k USD. > > > If this solution uses today's computers to drive the beam, since > those computers cannot be trusted, and you can't see the beam > or resultant features, and you can't exhaustively inspect and test > each chip produced, then the entire output can't be trusted either > and the solution is rubbish. Shit can only beget shit, see: > Reflections on Trusting Trust by Ken Thompson > and the old Trusted Computing Rainbow Series.
I disagree - within certain limits (which could be analysed and determined to within certain scales/ % deltas), we can have certainty about production. For example, create a very simple circuit. Begin with say an existing untrusted computer with a pristine Debian install, Internet-disconnected and in a sound-, emf-, light-, and vibration- isolated room connected to the EBL kit. Now produce some small yet simple circuit - a few thousand gates or some such. Small enough you can personally verify. Chain these up to create a parallel "chip thing". Test this parallel chip thing wherever. Rinse and repeat until you have a CPU, memory and disk controllers, then build your very basic computer from that. It might take a few cycles and a decade or more, but a level of assurance could be achieved, starting from where we are. Point is, it seems inconceivable that say an Intel chip "off the shelf" would have some EBL-backdooring code built in which is competent enough to specifically, correctly, and usefully, backdoor your EBL gate/chip design. I simply don't believe that's possible. In this realm of the physical, we can work with the known physical limits (physically im/possibilities) to achieve an "assured" physical output product, I believe. > Today you have ZERO idea exactly what's in the latest from > Intel / AMD / Qualcomm / etc. Only an implied guesstimate > that including many exploits for specific targets limits applications > and result scope, and costlier to die area, than a global set of > magic packet 0wnership... which happens to suck even more > because its then adaptable to exploit you. > > I suggest that building an OpenFab capable of producing a > much higher than zero, higher than even implied guesstimates, > level of explicit trust is now within both reach and need of those > interested in its value. Certainly the problem space is better > understood such that a framework can begin to be designed. Ack - seems we actually agree. > As before, you have to rebuild it all from scratch, under a > new paradigm, before you'll ever be able to trust anything. That's the bit where I have a disagreement - we can gain some certainties from knowledge of physical limits/ im/possibilities, and so no need to reject outright today's COTS components.
