[Libre-silicon-devel] Device security - Help wanted
eegerferenc at gmail.com
Tue Apr 16 21:42:39 CEST 2019
" what are the consequences for a foundry if they were discovered to be
involved in the production of compromised wafers?" I think it depends on
how, where and when it is discovered. If it happens by us before shipment,
we can handle it. If it happens at the customer right after the shipment,
that may or may not become public, and if it goes public, it is a good
indication that we have effective detection measures and they work. But if
some white-hat hacker discovers it independently in the end-product some
years and a bazillion of already delivered consumer devices later, that can
easily result in a PR disaster. "Why don't we have any detection measures?
If we had, why the incident was known from the beginning? Hide the facts?
Who pays you? etc." Actually, the larger the foundry is, the less secure is
it, as it has more pressure to use "corporate confidentiality" to suppress
news that may damage its reputation (and also a more attractive target due
to the widespread use of its products).
Regarding scan chain: hiding malicious function is actually easy. In a
design with a scan chain, flipflops have additional mux logic that in
normal mode, route input to the FF input and FF output to the output. In
scan mode, the output of the previous FF is routed instead to the input of
the next FF, turning the whole IC into a long shift register. Since the mux
logic needs the scan mode entry signal, it is easy to craft "fake"
flipflops by altering the mux in such way that in scan mode it behaves as
expected, but in normal mode it outputs a constant level. This even retains
the fault coverage property, so there is no sudden change in yield or
increase of slip-trough faulty parts, that would trigger an investigation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Libre-silicon-devel