On Tue, 07 Apr 2020 01:41:08 -0400, Joachim Strömbergson wrote: > On 2020-04-06 23:08, Peter Stuge wrote: ... > > However, it would also be possible to wire both UART and e.g. SPI up, > > and only ever use UART to begin with. That works with no software change. > > I think this is a very intriguing idea. If you and Pavel can work out > which components to use and update the design with this we have added > infrastructure to allow future improvements with just SW. > > How much effort would replacing the FTDI chips and adding extra wires > between the new chips for SPI be?
I also find this interesting, but allow me to continue playing hardware-clueless Devil's Advocate: 1) Assuming for purposes of discussion that an attacker captures the SADM11, what bad things can that attacker do using the SPI lines that the attacker couldn't already do via the UART? 2) Assuming for purposes of discussion that (1) includes any real threats, would it help to run those SPI lines through jumpers so that they could be physically disconnected? (I did say "hardware-clueless"....) > > Ideally I'd like to have such an initial firmware version working already > > by the time we must decide if we jump off the cliff. Do we know when that > > is? > > Estimate and decision pretty much about right now. ;-) Yeah, that's what worries me. This is cool stuff but we should have been having this conversation months ago, at this point we may have missed the window for this board rev. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
