[Arm-netbook] bunnie about riscv - NSA in today's CPUs

dumblob dumblob at gmail.com
Thu Aug 3 20:40:05 BST 2017


https://brmlab.cz/user/jenda/intel

One evil HW comparator and we're all screwed :-(

2017-06-11 17:07 GMT+02:00 Neil Jansen <njansen1 at gmail.com>:
> On Sat, Jun 10, 2017 at 11:54 AM, <ronwirring at safe-mail.net> wrote:
>
>> It was very informative. A lot of the technical matter I did not
> understand.
>
> This was a GREAT talk.  Thanks for the link.
>
>> Can you explain:
>> 23.04 The 2 lowermost boxes?
>
> 1) PDK / Foundries.  The factories in which the chips are made in.  They're
> not open.  They're proprietary and there's a implication of trust.
> 2) Equipment / Raw Materials.  The equipment that makes the chips and the
> raw materials that go into the chips.  All a very cloudy and and murky area
> that is not open, and very proprietary.
>
>  He's basically saying that those that want *100%* open source hardware
> would require infinite recursion down to the raw components, which is
> impossible.  That's the whole point of the talk.  The 'impedance mismatch'
> thing is a sort of metaphor to describe the unrealistic expectations of
> those idealists that want 100% open source hardware.  He's saying it cannot
> happen today.  And BTW I've met Bunnie on several occasions, he's legit,
> and you can trust what he's saying to be technically correct.  He's the
> real deal.
>
>> What is a stepper?
>
> A stepper motor. That is, do you trust the motors that move the machines
> that made the integrated circuits?
>
>> What is fuse?
>
> See this link:
> https://electronics.stackexchange.com/questions/1262/what-are-atmel-fuses
>
>
>> 25.15 The 4 lowermost boxes?
>
> * BIOS
> * Firmware
> * Hidden / fused silicon blocks - Blocks of silicon on the chip that aren't
> usually turned on, but are there.  Lots of big vendors are doing this now:
> Intel, AMD, Nvidia, and it's anyone's guess as to what their real purpose
> is.  That leads to conspiracy theories, as Bunnie said.  This is a problem
> because if you put a chip like this into an open source laptop, it begs the
> question of what would happen if something turned on that section and
> started execution code from it?  Nobody will know until (A) documentation
> is leaked from the company or (B) someone reverse engineers it.  Basically
> if you use anything application processor chip made in the last 5-10 years,
> you probably have some hidden / fused silicon blocks doing god knows what.
> * Pre-boot microcode - Microcode (https://en.wikipedia.org/wiki/Microcode)
> that executes BEFORE your computer boots.   This is a big deal, because
> everything that happens after this point can be considered suspect.
> (similar to how a boot virus would spread because it executes first).
> * IP industry practices - Intellectual property used by silicon
> manufacturers that are not open.  What he's saying is, say that you're a
> silicon vendor and you just bought a intellectual property from ARM to make
> an ARM chip.  They're giving you HDL (hardware description language) and
> netlists (a large list of the connections to be made in the die), and guess
> what, they gave them to you encrypted so that their intellectual property
> is safe.  You (the guy that runs a third party chip factory) cannot review
> or inspect the intellectual property that ARM gave you.  The point here is
> that unless you're using an open source (RISC-V, etc) core, then using an
> ARM isn't really 100% open source hardware.
> * Mask trojans & glitches - These are malicious things in the CPU die
> itself, that even if you were looking at the silicon die under a microscope
> and studying it, you'd still completely miss it.  Very nasty but they
> exist.  Hackaday.com has a lot of interesting articles that break these
> sort of things down in layman's terms.  Very interesting.  Basically
> because these exist, there's no way to know that you are really executing
> what you think you are executing unless you built the foundry and
> supervised the chips being made, and analyzed everything that went into the
> manufacture of them.  It's a trust problem.
>
> These are all highly complex subjects that hardware engineers like Bunnie
> deal with a lot, and other (I'll say idealist) software guys probably have
> never thought of. They're important in that when you realize that they're
> there, you will then understand how silly wanting 100% open hardware really
> is.  It's a huge problem that hardly anybody is trying to fix.
>
>
> Recently the 6502 was completely dissected and recreated, so that's one of
> the only fully documented (and I'd say fully trusted) cores out there
> today.  And that was made probably before I was born.  Everything since
> that should be assumed to be compromised and < 100% open.  Oh, and even
> then, the 6502 would have to hook up to OTHER chips like flash, RAM, and
> whatever generates the video and handles the peripherals.  Those have not
> been completely dissected, and could be suspect.  Do you see what Bunnie
> means now?  That's the impedance mismatch.
>
>
> P.S. my apologies to LKCL and others, I don't have a plain text email
> client.
> _______________________________________________
> arm-netbook mailing list arm-netbook at lists.phcomp.co.uk
> http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook
> Send large attachments to arm-netbook at files.phcomp.co.uk



More information about the arm-netbook mailing list