Hello All,

" what are the consequences for a foundry if they were discovered to be involved in the production of compromised wafers?" I think it depends on how, where and when it is discovered. If it happens by us before shipment, we can handle it. If it happens at the customer right after the shipment, that may or may not become public, and if it goes public, it is a good indication that we have effective detection measures and they work. But if some white-hat hacker discovers it independently in the end-product some years and a bazillion of already delivered consumer devices later, that can easily result in a PR disaster. "Why don't we have any detection measures? If we had, why the incident was known from the beginning? Hide the facts? Who pays you? etc." Actually, the larger the foundry is, the less secure is it, as it has more pressure to use "corporate confidentiality" to suppress news that may damage its reputation (and also a more attractive target due to the widespread use of its products).

Regarding scan chain: hiding malicious function is actually easy. In a design with a scan chain, flipflops have additional mux logic that in normal mode, route input to the FF input and FF output to the output. In scan mode, the output of the previous FF is routed instead to the input of the next FF, turning the whole IC into a long shift register. Since the mux logic needs the scan mode entry signal, it is easy to craft "fake" flipflops by altering the mux in such way that in scan mode it behaves as expected, but in normal mode it outputs a constant level. This even retains the fault coverage property, so there is no sudden change in yield or increase of slip-trough faulty parts, that would trigger an investigation.

Regards,
Ferenc