Main » Discussion » Linux + FPGA + RISC-V = self-hosting libre hw/sw stack » New reply
    Alert
    You are about to bump an old thread. This is usually a very bad idea. Please think about what you are about to do before you press the Post button.
    New reply
    Post help

    Presentation

    [b]…[/b] — bold type
    [i]…[/i] — italic
    [u]…[/u] — underlined
    [s]…[/s] — strikethrough
    [code]…[/code] — code block
    [spoiler]…[/spoiler] — spoiler block
    [spoiler=…]…[/spoiler]
    [source]…[/source] — colorcoded block, assuming C#
    [source=…]…[/source] — colorcoded block, specific language[which?]
    [abbr=…]…[/abbr] — abbreviation
    [color=…]…[/color] — set text color
    [jest]…[/jest] — you're kidding
    [sarcasm]…[/sarcasm] — you're not kidding

    Links

    [img]http://…[/img] — insert image
    [url]http://…[/url]
    [url=http://…]…[/url]
    >>… — link to post by ID
    [user=##] — link to user's profile by ID

    Quotations

    [quote]…[/quote] — untitled quote
    [quote=…]…[/quote] — "Posted by …"
    [quote="…" id="…"]…[/quote] — ""Post by …" with link by post ID

    Embeds

    [youtube]…[/youtube] — video ID only please
    Thread review
    Kawaoneechan It's adversaries all the way down with you innit? You've made your point, repeatedly. It didn't get any better. Now keep your hands off the keyboard, in your pockets, and enjoy the idea of a guy making his own free/opensource computer.

    Seriously, I will shut you up if you won't.
    ‮strfry("emanresu") Well, yes. But that assumes the whole of the factory isn't adversarial. That's the case for Intel, and that's the case for TSMC. Are you going to start up your own fab or what?

    If decaps are so easy, then how come ME hasn't been RE'd yet? How come not a single die scan of any high-end CPU has leaked? It'd be trivial: <underdog company> gives Russian hackers a big envelope of cash to scan the chip and leak it online. The top company gains nothing as they already had that info. All the others can now leapfrog their gains and add their proprietary discoveries on top with the information in the public domain.
    wertigon
    Posted by sureanem

    I can't imagine it would be too hard [to introduce hardware backdoors].


    You still do not understand what an FPGA is and how it works.

    An FPGA consists of two things. Transistors and memory (actually, registers). All memory is writable. Every last ounce of it. If it isn't, this is immediately detected. If there is anything else than transistors and writable memory in there, the pathways will be wired differently and again, it will stick out like a sore thumb when inspecting at factory, and any outside factory tampering is pretty easy to spot.

    Sure, you can do it. But it would be immediately noticed, and defeating computer security is all about being stealthy - else the hole will be immediately patched. What you are arguing for now is that US prisons aren't safe because earthquakes could tear the prison wall up. Or a bulldozer or wrecking ball could tear down the walls. That does not mean the prison is insecure.
    ‮strfry("emanresu")
    Posted by CaptainJistuce
    Also, hiding functionality inside an FPGA is more difficult than pretty much any other active part, because the end user can configure it virtually any way they want. Any channel for spying or tampering would require hardcoded behaviors and pinouts that are in direct opposition to FPGA usage.

    I can't imagine it would be too hard. If any IO pin receives some arbitrary (very long) bit pattern, then start loading firmware at the same frequency it was received. A competent actor could probably come up with a very clever scheme. Or just TEMPEST and stego over RF.
    Posted by tomman
    mind you, all three Big Axis of Evil do have their homebrew CPU architectures, but zero intentions of playing the libre HW game due to the same paranoid bullshittery that turns people into paranoid loons

    Why'd they care? They have safe CPUs and custom distros, why bother appeasing Stallman? Russia did open source her military Linux distro, as I recall it.
    wertigon Well, it is possible to build an FPGA at home, thankfully. All the pieces are there, and sure the prototype will be freakishly large, but you can use that FPGA to validate the input and output of the smaller one: http://blog.notdot.net/2012/10/Build-your-own-FPGA

    Sure, it requires like ten breadboards and lots of cables and spare time. But if you are that paranoid, man gotta do what man gotta do! As for bootstrapping the FPGA, start with machine code and keep going from there. :)

    Thankfully, since the industry is trending more and more towards Linux, support for that OS is more and more common, as well. See for instance, Lattice: https://wiki.debian.org/FPGA/Lattice

    And of course, it is possible to print a CPU today already, it will just take a lot of space: https://www.researchgate.net/publication/282544864_3D-printed_microelectronics_for_integrated_circuitry_and_passive_wireless_sensors
    tomman Butbutbut the [insert your favorite villain here] spy machine could be deeply baked in silicon!
    THEY COULD BE SNOOPING ON MY PORN, Y'KNOW!?!??!?!



    There is a problem that remains to be solved for a fully free/libre/whatever SW/HW stack: how do you fab electronics at home? FPGAs are a step in the right direction, except that you still depend on your vendor toolchain to get started (how is Xilinx/Altera & pals toolchain support for non-Windows platformws nowadays?). And making custom ASICs not only is for the faint of heart, it also requires some serious cash backing that only a megacorp or Big Gub'mint could provide (mind you, all three Big Axis of Evil do have their homebrew CPU architectures, but zero intentions of playing the libre HW game due to the same paranoid bullshittery that turns people into paranoid loons).

    I could care less about theoretical backdoors/tinfoil hats, and more about printing CPUs at home.
    CaptainJistuce Also, hiding functionality inside an FPGA is more difficult than pretty much any other active part, because the end user can configure it virtually any way they want. Any channel for spying or tampering would require hardcoded behaviors and pinouts that are in direct opposition to FPGA usage.
    wertigon
    Posted by sureanem
    Yes, but it's hardly cheap to do so, and you could very well be prevented under legal limitations.


    Decaps are actually fairly cheap... For corporations and countries, both whom are interested in getting this kind of verifiability. For you and me, not so much. :)
    ‮strfry("emanresu") Yes, but it's hardly cheap to do so, and you could very well be prevented under legal limitations.
    wertigon
    Posted by sureanem
    How do you know that though? It's an integrated circuit, it's not possible to audit it. They could burn literally anything they please into it and you've have no way of telling, short of decapping it.


    FTFA: "The FPGA is a regular grid of identical components, so (destructive) visual inspection (i.e., chemical ablation and TEM imaging) is more feasible than with a dedicated ASIC that has much less visual regularity and repeatability."

    You can never be 100% safe. But you can be reasonably safe FPGAs are tamper-proof.
    ‮strfry("emanresu") How do you know that though? It's an integrated circuit, it's not possible to audit it. They could burn literally anything they please into it and you've have no way of telling, short of decapping it.
    wertigon
    Posted by sureanem
    That's interesting, but how does he know the FPGA doesn't have any backdoors?


    ...

    You really have no clue how an FPGA works, right? It's pretty much impossible to put a back door into the FPGA itself, since it does not have any persistent silicon or memory. It does not even have an I/O die.

    Granted, you could do the good old compiler payload trick, but the FPGA in and of itself... Nope.
    ‮strfry("emanresu") That's interesting, but how does he know the FPGA doesn't have any backdoors?
    wertigon This is freakingly freaking awesome!

    https://www.contrib.andrew.cmu.edu/~somlo/BTCP/

    "My goal is to build a Free/OpenSource computer from the ground up, so I may completely trust that the entire hardware+software system's behavior is 100% attributable to its fully available HDL (Hardware Description Language) and Software sources.
    More importantly, I need all the compilers and associated toolchains involved in building the overall system (from HDL and Software sources) to be Free/OpenSource, and to be themselves buildable and runnable on the computer system being described. In other words, I need a self-hosting Free/OpenSource hardware+software stack!"
      Main » Discussion » Linux + FPGA + RISC-V = self-hosting libre hw/sw stack » New reply
      Yes, it's an ad.