On 20.01.2016 3:02, Peter Gutmann wrote:
You need to distinguish though between "can audit" and "will audit". If you want to create the presumption of auditability then by all means use some sort of open format. However, if existing practice is anything to go by, no-one will ever audit the code. They may glance through it (which is how some existing bugs were found, both the PGP and GPG bugs were found more or less by accident), but it'll never get audited unless you pay a third party to do it (in which case they will presumably have whatever tools are needed for the job). It just doesn't seem like a good idea to constrain the developers into using inferior tools in order to accommodate an event that will almost certainly never happen.
Well, we already don't have full formal auditability. As Bernd Paysan pointed out, the bitstream format for our FPGA is not open, and we use closed-source toolchain from FPGA vendor, so we can't prove, that our bitstream matches our Verilog sources. In theory this can only be done for some older devices from Lattice Semconductor, because people have reverse engineered their bitstream format and developed alternative open source toolchain. So we can only wait and hope, that some day this will be possible for newer devices from Xilinx like the one we're going to use in Alpha board.
Given that there's already one "dark corner" we can't avoid, maybe closed-source PCB layout tool is not that terrible. At least there's still hope, that someone brave enough may clone the design using open source tools or maybe better open source EDA software will become available.
-- With best regards, Pavel Shatov _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
