Hello,
When somebody would make a free processor, would it be possible to do that in such a way that it's possible to check that the hardware is the working-out of the drawings?
In software you can build your own binary and check the shasum, but in hardware this is not possible.
So far I know a processordrawing is minimized using photografy. Is it maybe possible to skive a processor, and make it's contents visible by increasing it?
With regards, Paul van der Vlis.
On 2015-09-16 11:47, Paul van der Vlis wrote:
When somebody would make a free processor, would it be possible to do that in such a way that it's possible to check that the hardware is the working-out of the drawings?
Not so much my field but I'd say a precondition would be that you can produce a digitalised photographic (/holographic) representation of the chip you hold in your hands. To analyse multilayered chips you would grind them down in the process.
Or maybe you can image them in some kind of MRI...? Then you could at least match your chip against the image of a prototype. Can a microprocessor survive the MRI process? Are MRI resolutions high enough to make the structures visible, at least for past generation chips? Are the materials in the processor suitable to produce a clear image?
At least MRIs are getting more and more common. Maybe someone on the list has experience in working with one.
Just a funny idea.
On Fri, Sep 18, 2015 at 07:32:14PM +0200, Paul Hänsch wrote:
Or maybe you can image them in some kind of MRI...? Then you could at least match your chip against the image of a prototype. Can a microprocessor survive the MRI process? Are MRI resolutions high enough to make the structures visible, at least for past generation chips? Are the materials in the processor suitable to produce a clear image?
I don't know, but I think people take X-ray images of chips or something similar, to investigate security, manipulations or QA in factories or something.
In any case I don't think it would be practical.
When everything is software you can try repeatable builds (or more traditionally you can just do your own build and discard the binary you suspect). But that is because you can produce the object from the source. In hardware you can't produce the circuit from the design if you don't have a factory, and even if you had some form of repeteable builds for hardware, you'd still need advanced machinery to check a sample is similar enough to your repeteable build. I don't know whether the infrastructure for manufacturing would be more expensive or less that the infrastructure for verification, but I believe any of them would be too expensive and so complex that the "reflections on trusting trust"[1] by Ken Thompson would likely apply mutatis mutandis.
In fact we would need both open hardware and affordable hardware factories. But, hey, open hadware is a great start and a necessity even if you can't build a fab in your garage.
[1] http://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html https://www.schneier.com/blog/archives/2006/01/countering_trus.html etc.