On Sun, Apr 14, 2019 at 8:17 PM Éger Ferenc eegerferenc@gmail.com wrote:
eegerferenc: Unfortunately, it is quite possible. The chip design on Github is trusted,
by whom? do not make that assumption that just because it is published, it *WILL* be trusted. that is NOT your decision to make.
the correct language to use is, "the chip design on github is published and make public SO THAT OTHER PEOPLE MAY AUDIT IT".
you are NOT the auditor, you are NOT directly responsible for the end-users' decision-making process, and the trustworthiness is NOT an automatic implication by virtue of quotes it being dropped onto github quotes.
aside from which, github is managed and run by microsoft... a third party company. where compromise of many types is a real possibility at any time.
the best that can be done is to provide a web-of-trust set of signatures on the source, i.e. to follow debian package management and use debian distribution infrastructure.
in full.
by doing so, there will be an audit trail that is independent of network compromises, infrastructure attack, and much more besides.
but then it needs to be realized by a foundry anyway.
it is important to include "consequences of detection" as part of the risk assessment.
question: what are the consequences for a foundry if they were discovered to be involved in the production of compromised wafers?
what do you think would happen to them?
start with their reputation.
what would happen to the reputation of a foundry where it became public knowledge that they'd manufactured something *other* than *exactly* what the customer asked for?
how many customers do you think they would have in the future, after such became public knowledge?
how much money would they stand to lose if that occurred?
do you think they would be in business for very long?
what would the consequences be, say, for the Taiwanese economy, if TSMC were discovered to be manufacturing compromised wafers?
so by utilising this logic, we may reasonably conclude that the smaller the foundry, the riskier it is to use them.
why?
the larger the foundry, the more damaging the consequences of a compromise, and therefore the higher the chances that they will have better security measures in place.
unfortunately, though, the secrecy involved in foundries means that there is no *guarantee* that they will actually have *any* security measures in place.
negotiating access to the foundry in order to double-check their security measures will be extremely delicate.
it's extremely complex, basically.
India, Russia, China and the U.S. all solve this by having their own Foundries.
India has a 180nm fab (they're working on an upgrade). they are presently using it to design and manufacture India's world-first 64-bit RISC-V SoC, which will be used in things like their Fast Breeder Nuclear Reactor Programme.
until that is completed they will stick with the 45+-year-old Motorola 68000.
l.