Originally posted by coder
View Post
You just have to make the hardware simple enough that it's really difficult to hide anything in there.
And in a world where CPUs can check cryptographic signatures before even having access to DRAM, firmware includes whole OSes with network stacks, and customers find DRM allright, it's hard to know how paranoid one should be...
If they don't know what gate configuration you're loading on there, the amount of analysis they'd have to do to modify it in a way that implants usable backdoors would probably be computationally infeasible to do in realtime, with a little microcontroller. Also, I'd imagine you could make some timing or boundary-scan vectors to validate that your gate configuration has the configuration you expect.
And the microcrontroller might exfiltrate the configuration elsewhere with more computing resources and wait for instructions. Or even not modiying your design
they could still eavesdrop or alter the inputs or outputs... I don't think cat and mouse games end just by using FPGAs.
I don't know, it's all very sketchy and above my head. Maybe we're looking at the pointing finger instead of looking at the moon. I was just trying to convey the general idea that in general at a certain point you delegate trust to your supply chain, you can't do everything yourself. Maybe with FPGAs, or with better FPGAs you could, I don't know, but it was just an example. It's not that different from the classical "Reflections on Trusting Trust", by Ken Thompson in 1984 ACM. (with Schneider and Wheeler notwithstanding).
Leave a comment: