[Libre-silicon-devel] Device security - Help wanted

ludwig jaffe ludwig.jaffe at gmail.com
Mon Apr 15 08:14:39 CEST 2019


Hi so I missed a very interesting discussion.
You should announce it in advance that you will talk about the conscription
theories associated with intels ME and USB debug feature.
Having a serious HW troyan will always involve additional HW as leaking
side channels are interesting generated by variations of process but one
would need a receiving device to get the data from a side channel.
Intel ME has a nic and a switch in the phy to leak out data.
So it could also leak out non ethernet data provided the stream is
manchester or similar coded to make it over the magnetics of the nic the ME
lives in (early version) or has control over.

So an attacker will need a transmit (leak out) and receive (what to leak
over a limited bandwith) channel.

How to implement both by only

On Monday, April 15, 2019, Christoph Maier <christoph.maier at ieee.org> wrote:
> On Sun, Apr 14, 2019 at 9:17 PM Éger Ferenc <eegerferenc at gmail.com> wrote:
>>
>> Hello List,
>>
>> On the Mumble session of today, we began to deal with a new topic: as
one of our aims is to make semiconductor manufacturing transparent, our
products may end up in critical systems (infrastructure, government,
important NGOs, ...). Therefore the security, trustworthiness and
traceability of our devices is important. The topic grown out of a thread
on our Matrix room, that I copy below to give some context:
>
> Sorry that I didn't join this Mumble session. I was brainstorming how
> to successfully apply for an infosec researcher position to be able to
> do some disruptive innovation for which
> 1. your bespoke, large feature size IC process may be crucial,
> and
> 2. a lot of the security protocols and procedures you describe may be
> unnecessary.
>
> We apologize for the inconvenience
> tatzelbrumm
> _______________________________________________
> Libre-silicon-devel mailing list
> Libre-silicon-devel at list.libresilicon.com
> http://list.libresilicon.com/mailman/listinfo/libre-silicon-devel
>

-- 
Send from mobile phone with autocorrection / autofill. Blame my phone for
typos.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.libresilicon.com/pipermail/libre-silicon-devel/attachments/20190415/54e6aa11/attachment.html>


More information about the Libre-silicon-devel mailing list