Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2014-07-11 10:32:03 --> Stman (~Stman@80.10.161.171) has joined #kosagi
- 2014-07-11 10:32:20 Stman o/
- 2014-07-11 10:34:33 Stman o/ bunnie
- 2014-07-11 10:35:19 Stman I had a suggestion for change on the novena : After talking with some of the TOR core dev team about Novena, last week, we came to the following conclusion :
- 2014-07-11 10:37:55 Stman We think it would be a good idea to have the FPGA "bitfile loading mode" options not "hardwired", but configurable with dip switch, with the possibility to choose betwen I2C or A serial flash e(e)prom : We think that nothing trustable can be done with the FPGA until the bitfile can be loaded securly into the FPGA = with a socket based serial e(e)prom that can be programmed with an external e(e)prom programmer.
- 2014-07-11 10:38:31 Stman Do you think this "little" change on your deisgn, that would take you less than 30 minutes to implement, including PCB changes, would be faisable ?
- 2014-07-11 10:45:23 shuffle2 ...
- 2014-07-11 10:51:21 jtang_ xobs, gonna try rebasing to master to see if my problem magically disappears
- 2014-07-11 10:51:24 dermiste Stman: what kind of attacks are you trying to fend off here ?
- 2014-07-11 10:51:34 jtang_ are you rebasing against tags or master when yu
- 2014-07-11 10:51:39 jtang_ you update the novena branch
- 2014-07-11 10:53:44 <-- Stman (~Stman@80.10.161.171) has quit (Ping timeout: 480 seconds)
- 2014-07-11 11:12:08 jtang_ xobs, it seems to be a kernel problem
- 2014-07-11 11:12:28 jtang_ i just rebased/rebuilt the kernel + modules and nbd is now working as expected
- 2014-07-11 11:13:09 jtang_ https://github.com/qbcode/novena-linux/tree/v3.16-rc5-novena -- rebased branch, i think i labelled it wrong
- 2014-07-11 11:13:16 jtang_ but it seems to work for me
- 2014-07-11 11:14:21 jtang_ need to test more!
- 2014-07-11 11:24:32 <-- modem (~modem@0001cb96.user.oftc.net) has quit (Remote host closed the connection)
- 2014-07-11 11:29:46 --> modem (~modem@0001cb96.user.oftc.net) has joined #kosagi
- 2014-07-11 11:41:31 jtang_ hmm, nbd / qemu-nbd isnt too reliable under precise on arm
- 2014-07-11 11:41:44 jtang_ i guess genfatfs and makedisk might be the way to go
- 2014-07-11 11:54:05 jtang_ intersting it looks like it is the kernel thats key difference
- 2014-07-11 11:54:18 --> linius (~linius@178-119-170-230.access.telenet.be) has joined #kosagi
- 2014-07-11 12:46:05 --> roybatty (~roybatty@p5498854A.dip0.t-ipconnect.de) has joined #kosagi
- 2014-07-11 12:59:52 <-- linius (~linius@178-119-170-230.access.telenet.be) has quit (Quit: linius)
- 2014-07-11 13:08:20 --> modem_ (~modem@LMontsouris-656-01-36-83.w80-15.abo.wanadoo.fr) has joined #kosagi
- 2014-07-11 13:12:08 <-- modem (~modem@0001cb96.user.oftc.net) has quit (Ping timeout: 480 seconds)
- 2014-07-11 13:24:05 --> KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has joined #kosagi
- 2014-07-11 13:30:48 --> nerick (~nerick@117.2.218.164) has joined #kosagi
- 2014-07-11 13:30:48 <-- nerick (~nerick@117.2.218.164) has quit
- 2014-07-11 13:30:49 <-- jan_ (~jan@113.94.233.220.static.exetel.com.au) has quit (Quit: Leaving)
- 2014-07-11 13:31:02 --> nerick (~nerick@117.2.218.164) has joined #kosagi
- 2014-07-11 13:35:31 --> Stman (~Stman@193.253.170.176) has joined #kosagi
- 2014-07-11 13:36:16 Stman shuffle2 Sorry I have been disconncted, did Bunnie answered me ?
- 2014-07-11 13:36:44 adj Stman, he didn't
- 2014-07-11 13:37:03 Stman Dunno, I have been disconnected for 2 or 3 hours
- 2014-07-11 13:37:15 Stman So maybe he did answer me but I didn't get it ?
- 2014-07-11 13:37:30 adj i have been connected
- 2014-07-11 13:37:38 adj i didn't see bunnie replying
- 2014-07-11 13:37:49 Stman Ah okay, thank you very much. I4ll wait then.
- 2014-07-11 13:37:55 Stman I'll wait then.
- 2014-07-11 13:38:53 adj Stman, but i doubt that they want to change the design at this stage...
- 2014-07-11 13:39:08 <-- nerick (~nerick@117.2.218.164) has quit (Ping timeout: 480 seconds)
- 2014-07-11 13:39:16 Stman Yes. I can understand that, but it is a very very minor change. I could do it myself.
- 2014-07-11 13:39:53 Stman Understand that without this new option for the FPGA, any "secure" project like building a super secure TOR router with a decicated processor running in the FPGA are OVER.
- 2014-07-11 13:39:55 --> nerick (~nerick@ns3297786.ovh.net) has joined #kosagi
- 2014-07-11 13:40:26 Stman And believe me, many many people were counting on novena to have people like me implementing secure TOR router in its FPGA. It's a very little change that really worth it.
- 2014-07-11 13:40:27 adj i don't understand why it is needed for security, so i don't know
- 2014-07-11 13:40:35 Stman Because for the moment,
- 2014-07-11 13:41:03 Stman the bitfile can be only injectoed into the FPGA through the I2C bus connected to Freescale IMX6 SoC.
- 2014-07-11 13:41:47 Stman As this SoC is not secure, and cannot be secured, it means that you have no warranty that the bitfile you're injecting into the FPGA has not been changed by an ad-hoc exploit running on the SoC
- 2014-07-11 13:41:57 Stman Do you understand the problem ?
- 2014-07-11 13:42:17 adj yes, i understand now
- 2014-07-11 13:42:25 adj you don't turst the soc
- 2014-07-11 13:42:35 Stman No, we don't trust it at all.
- 2014-07-11 13:42:47 Stman And we are right to think like that.
- 2014-07-11 13:42:53 fun agreed
- 2014-07-11 13:42:57 Stman We are looking for military grade security level here.
- 2014-07-11 13:43:02 adj agree, too
- 2014-07-11 13:44:12 Stman We are just asking for a jumper, or a simple dip switch on the board to switch between two FPGA initialization mode : I2C or serial e(e)prom, and a new socket to have this serial e(e)prom on the board. This is very easy to change.
- 2014-07-11 13:44:13 adj so you want a hardware option to protect fpga configuration from the SOC
- 2014-07-11 13:44:18 Stman Yes.
- 2014-07-11 13:44:39 adj it really makes sense
- 2014-07-11 13:44:49 Stman We want it to be able to work like it is now, or we want also a secure alternate way to inject the bitfile into the FPGA with a serial prom
- 2014-07-11 13:45:41 Stman That is, being able to select, with a jumper, either I2C initialization with the I2C bus connected with the SoC, or a fully independant Serial e(e)prom (With a socket so that we can unglug it from the board to program it with external e(e)prom programmer).
- 2014-07-11 13:46:13 Stman This way, those who want to run a super secure processor on the FPGA will be assured that it is possible.
- 2014-07-11 13:46:19 Stman The rest of the design is okay for us.
- 2014-07-11 13:46:35 fun I am also interested in this
- 2014-07-11 13:47:18 <-- KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has quit (Ping timeout: 480 seconds)
- 2014-07-11 13:47:18 Stman If the FPGA cannot be initialized securely : It is "by design" cancelling any "security" application with the novena, and only limiting it to hardware hacker experimentation platform/applciaitons.
- 2014-07-11 13:47:27 Stman cool fun
- 2014-07-11 13:47:41 dermiste Stman: you don't trust the i.mx6, yet you trust the FPGA ?
- 2014-07-11 13:47:55 mrasmus routing a brand new jumper and socket does not sound like a very easy change, to me, given the complexity of the board and the nature and constraints of some of the lines around the FPGA; that doesn't really sound like a simple change, to me.
- 2014-07-11 13:48:13 mrasmus Also, that
- 2014-07-11 13:48:36 Stman Indeed, I don't trust the FPGA itself too, but I know the nature of the hardware backdoors that can be found in some FPGA (Mainly Remote JTAG control through any pin)
- 2014-07-11 13:48:44 Stman and this is it.
- 2014-07-11 13:49:00 Stman Let's say we have trick to "protect" against that.
- 2014-07-11 13:49:28 Stman Anyway, the idea here is to be sure the FPGA can be initialized with a not corrupted bitfile.
- 2014-07-11 13:49:40 Stman The question of the hardware bacldoors into the FPGA itself is another problem.
- 2014-07-11 13:50:06 mrasmus couldn't that be done simply by watching the line that's initializing it, checking the "write" for sanity?
- 2014-07-11 13:50:39 Stman Of course it could be done this way too, but to us, it was not a complicated change.
- 2014-07-11 13:51:00 Stman The socket of a serial CMS e(e)prom witj only 6 pins is very small.
- 2014-07-11 13:51:09 Stman Don't tell me there is no more room to route that.
- 2014-07-11 13:51:10 dermiste I would think the simplest path here is to make an extension board with gig ethernets, and fill base eth ports with epoxy
- 2014-07-11 13:51:19 Stman We will.
- 2014-07-11 13:51:20 dermiste and remove bt and wifi
- 2014-07-11 13:51:29 Stman But it doesn't solve the problem of the FPGA secure initialization.
- 2014-07-11 13:51:42 Stman We need PHY ethernet on an expansion board, and we will do it.
- 2014-07-11 13:51:46 Stman (I will)
- 2014-07-11 13:52:34 Stman I'm gonna download the schematic and PCB and the software he used to route it and make the change myself then, I swear this is no big deal, even if the board is already "full"
- 2014-07-11 13:52:44 mrasmus I don't know
- 2014-07-11 13:52:49 dermiste Stman: is it reasonable to say that no backdoor can be triggered from a completely out-of-the-network CPU ?
- 2014-07-11 13:52:52 mrasmus I was merely theorizing
- 2014-07-11 13:52:56 Stman I'm not asking him to add a 500 pin BGA chip :D
- 2014-07-11 13:53:35 mrasmus Oh, I know. I haven't poked at the layout in a while, I don't know how crowded things are
- 2014-07-11 13:53:57 mrasmus and I'm not a trained EE
- 2014-07-11 13:54:10 Stman dermiste : Before snowden I would have said YES (But beware to some peripherals ...), now I say NO.
- 2014-07-11 13:54:15 --> KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has joined #kosagi
- 2014-07-11 13:54:16 adj can be enough if the configuration can be locked from the soc once the bitfile is injected?
- 2014-07-11 13:54:18 Stman NSA can put RF shit into some chips.
- 2014-07-11 13:54:51 Stman Anyway, this is not this level of Lab/military attack we wanted to resist to, but more a remote hack attack.
- 2014-07-11 13:54:56 dermiste Stman: what is the name of this nsa product ?
- 2014-07-11 13:55:30 Stman TAO implants ? Heu, I don't know their names by heart, sorry.
- 2014-07-11 13:55:52 Stman But I know they do exist, and I perfectly understand the underlying concept.
- 2014-07-11 13:55:56 dermiste Stman: and would it require access to the fab line ?
- 2014-07-11 13:57:29 Stman Yes. And the corrupted chips then have to be subilized on board (I means, unsoldering the old one, soldering the new one instead)
- 2014-07-11 13:57:42 Stman Why do you wanna know that ?
- 2014-07-11 13:57:53 Stman What do you have in lind ?
- 2014-07-11 13:57:55 dermiste ah, yeah, changing chips, of course
- 2014-07-11 13:57:57 Stman in mind ?
- 2014-07-11 13:58:01 adj Stman, do you trust the board?
- 2014-07-11 13:58:15 Stman The PCB itself ?
- 2014-07-11 13:58:25 adj will you inspect with x ray?
- 2014-07-11 13:58:28 adj yes, the pcb
- 2014-07-11 13:58:32 dermiste If they change chips, then you might as well consider that every simple chip is backdoored ...
- 2014-07-11 13:58:34 Stman Well :
- 2014-07-11 13:59:30 Stman This board can be routed in a way it is only possible to inspect it with Xray because of multi-layer, etc ... and it could also be routed in an "old way", old fashion 2 sides PCB that can be checked with a simple scanner.
- 2014-07-11 13:59:36 Stman These are implementations constraints.
- 2014-07-11 13:59:47 Stman I am interested in these constraints :
- 2014-07-11 14:00:08 Stman I prefer a much larger board I can check, than a tiny one I can't check ALL BY MYLSELF
- 2014-07-11 14:00:20 Stman (But okay, I'm a big paranoid that trust nobody)
- 2014-07-11 14:00:30 Stman (But I'm still alive :D)
- 2014-07-11 14:00:35 adj me too
- 2014-07-11 14:01:05 adj how large needs to be make to route a 10 layer pcb into a 2 layer one?
- 2014-07-11 14:01:48 new299 Stman: http://www.homebrewcpu.com/overview.htm
- 2014-07-11 14:01:51 Stman I would say : 2 to 3 times bigger board. It's not "that" big.
- 2014-07-11 14:02:12 Stman And less use of BGA sockets.
- 2014-07-11 14:02:18 Stman I hate BGA socket anyway
- 2014-07-11 14:02:23 Stman Fuck the BGA sockets :D
- 2014-07-11 14:02:50 Stman Then all this depends on your priorities.
- 2014-07-11 14:02:57 adj id i.mx6 available without BGA?
- 2014-07-11 14:02:59 adj is
- 2014-07-11 14:03:38 Stman My priority list is 1) Security & control 2) Security & control 3) Security & control over my system.
- 2014-07-11 14:03:47 Stman adj : I guess.
- 2014-07-11 14:03:51 mrasmus That board does not a laptop make
- 2014-07-11 14:04:00 Stman Nop
- 2014-07-11 14:04:12 Stman Or like the old ones . But anyway,
- 2014-07-11 14:04:25 Stman If you wanna super slim thing you can still buy a mac book air.
- 2014-07-11 14:04:35 Stman But sex toyz included :D
- 2014-07-11 14:04:45 adj as far as i know the allwinner A13 is the only armv7 without BGA
- 2014-07-11 14:05:25 new299 adj: yep that's the only one I've seen.
- 2014-07-11 14:05:40 new299 adj: the boards are pretty cheap though https://www.olimex.com/Products/OLinuXino/A13/A13-OLinuXino/open-source-hardware
- 2014-07-11 14:05:52 adj Stman, anyway, i hope you can get this change in the novena board
- 2014-07-11 14:05:58 Stman BGA was invented, to me, with military strategy behind, no to save that much space on board, but to prevent end user from hacking the stuff.
- 2014-07-11 14:06:38 Stman Unsoldering Weller station to unsolder BGA cost, first model, 25000 €
- 2014-07-11 14:07:10 Stman adj : I hope too
- 2014-07-11 14:07:28 adj Stman, thanks to snowden this is the first thing that you said that sounds paranoid (BGA being invented to prevent hacking)
- 2014-07-11 14:07:46 Stman Anyway, having a second model of novena routed with "old fashion 2 sided PCB" is an interesting idea for those looking for more control
- 2014-07-11 14:08:38 new299 Stman: I'd say that's just a totally different product, you should go make it.
- 2014-07-11 14:08:44 Stman not everybody here (I guess nobody) has teh toolz to inspect a 10 layer PCB with XRAY :D
- 2014-07-11 14:08:55 Stman new299 : Agree
- 2014-07-11 14:09:11 Stman But there are a lot of friendz i know that would more interested in this 2nd version
- 2014-07-11 14:09:43 new299 Stman: you can go buy https://www.olimex.com/Products/OLinuXino/A13/A13-OLinuXino/open-source-hardware it's probably nearer what you want.
- 2014-07-11 14:10:49 adj yes, i think that you can make the pcb and soldering yourself
- 2014-07-11 14:11:29 adj but is it enough for a router/firewall?
- 2014-07-11 14:11:47 adj not fpga, ethernet etc.
- 2014-07-11 14:12:00 Stman Nope.
- 2014-07-11 14:12:40 --> paulk-collins (~paulk@162.38.30.137) has joined #kosagi
- 2014-07-11 14:12:55 Stman At least, some hacker friends from the core TOR dev team ask me to benchmark Novena hardware design in order to build the most secure TOR router possible. Like it is now, it is not going to reach the security level they are looking for.
- 2014-07-11 14:15:02 --> jedahan (~jedahan@cpe-72-229-222-157.nyc.res.rr.com) has joined #kosagi
- 2014-07-11 14:15:21 --> jlf (~user@50-0-131-126.dsl.dynamic.sonic.net) has joined #kosagi
- 2014-07-11 14:17:37 new299 Stman: is there anything that does?
- 2014-07-11 14:22:43 jtang_ keep it off the network?
- 2014-07-11 14:22:54 jtang_ stick in a faraday cage
- 2014-07-11 14:23:06 mrasmus seems counterproductive for a TOR router
- 2014-07-11 14:23:18 <-- KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has quit (Ping timeout: 480 seconds)
- 2014-07-11 14:25:27 jtang_ heh probably
- 2014-07-11 14:28:28 <-- nerick (~nerick@ns3297786.ovh.net) has quit (Ping timeout: 480 seconds)
- 2014-07-11 14:35:48 --> nerick (~nerick@ns3297786.ovh.net) has joined #kosagi
- 2014-07-11 14:38:12 --> KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has joined #kosagi
- 2014-07-11 14:38:25 adj new299, more practical than homebrewcpu could be openrisc
- 2014-07-11 14:48:00 new299 adj: on an FPGA? sounds risky! :)
- 2014-07-11 14:48:10 <-- bunnie (~bunnie@210.23.18.169) has quit (Remote host closed the connection)
- 2014-07-11 14:48:34 mrasmus Am I gonna be the one to make the "more like sounds risc-y" pun? I think I am.
- 2014-07-11 14:49:02 new299 mrasmus: looks like it! :)
- 2014-07-11 14:50:07 <-- mgcheung (~mgcheung@pool-71-184-252-203.bstnma.fios.verizon.net) has quit (Ping timeout: 480 seconds)
- 2014-07-11 14:50:59 adj fpga or asic
- 2014-07-11 14:51:41 adj but Stman is trusting the fpga for the router, but not for the cpu?
- 2014-07-11 14:52:16 new299 doesn't make much sense to me.
- 2014-07-11 14:53:12 adj homebrewcpu uses IC, not sure if we can trust them
- 2014-07-11 14:53:20 new299 moreover the fpga bitstreams are all synthesised using closed source tools...
- 2014-07-11 14:53:23 mrasmus ^^
- 2014-07-11 14:53:44 new299 adj: I've heard the NSA are backdooring 74 series logic now.
- 2014-07-11 14:53:57 adj ^_^
- 2014-07-11 14:54:28 mrasmus I'd love to hear bunnie's take on it. I just feel like monitoring the loading process covers the vector he's concerned about, and, well… the bitstream that needs sanity-checking is a proprietary and closed thing in the first place.
- 2014-07-11 14:56:00 new299 I think bunnie is pretty much a pragmatist.
- 2014-07-11 14:56:05 --> OmegaPhil1 (~kvirc@82-71-20-171.dsl.in-addr.zen.co.uk) has joined #kosagi
- 2014-07-11 14:56:35 adj sure, he uses windows, solidworks and altium
- 2014-07-11 14:56:44 mrasmus Yes, but he also understands and is sympathetic towards the security-conscious.
- 2014-07-11 14:56:54 Stman back
- 2014-07-11 14:56:56 Stman Yes.
- 2014-07-11 14:57:07 mrasmus I doubt he'll make this hardware change, but it'll be interesting to see his response
- 2014-07-11 14:57:07 Stman I trust the FPGA but not Asic.
- 2014-07-11 14:57:16 Stman Of course, I am dreaming of Free FPGA
- 2014-07-11 14:57:21 Stman One day they will exist.
- 2014-07-11 14:57:27 mrasmus But not in this form factor
- 2014-07-11 14:57:42 Stman This day, our digital privacy and freedom will be finally back.
- 2014-07-11 14:57:51 adj you need to trust both fpga design _and_ manufacturing
- 2014-07-11 14:58:03 Stman adj : Are you sure ?
- 2014-07-11 14:58:09 new299 ...and the compiler...
- 2014-07-11 14:58:16 adj sure
- 2014-07-11 14:58:17 mrasmus you can verify fabrication
- 2014-07-11 14:58:24 <-- OmegaPhil (~kvirc@82-71-20-171.dsl.in-addr.zen.co.uk) has quit
- 2014-07-11 14:58:29 Stman backdooring 74xx or any other "simple gate" stuff looks like CRAZY.
- 2014-07-11 14:58:34 Stman But these guys ARE crazy.
- 2014-07-11 14:58:42 Stman Anyway,
- 2014-07-11 14:58:48 jtang_ heh compilers, i remember some joker stuck some 'extra' stuff into a compiler for the fun of it, then they redistributed the compiler
- 2014-07-11 14:58:49 new299 hahaha :)
- 2014-07-11 14:58:55 adj Stman, i thought thar backdooring 74xx was a joke
- 2014-07-11 14:59:04 Stman To me it is a joke
- 2014-07-11 14:59:16 Stman But they could do it, but well, it would mean it is the end then.
- 2014-07-11 14:59:38 Stman remember : I'm a highly paranoid person : I see spies and backdoors EVERYWHERE :D
- 2014-07-11 14:59:45 mrasmus Stman: What's the point of saying "one day we'll have a free and open FPGA" in the context of making an argument for a modification to Novena's board design/arguing that the FPGA can be trusted but not the ASIC
- 2014-07-11 14:59:46 Stman ;-p
- 2014-07-11 15:00:10 new299 Stman, it's true. You could see if the truth table check out with a multimeter... but... who knows what the NSA has been doing to multimeters!
- 2014-07-11 15:00:12 adj you can grow you own silicon crystals and dopping yourself to get transistors
- 2014-07-11 15:00:28 Stman mrasmus : The only Free Digital electronic component we have today are the EPROM that have a windowd that let you see (and check) the dice.
- 2014-07-11 15:00:50 Stman If you have of course all the revers engineering tools to revers transistors into logic etc...
- 2014-07-11 15:01:13 Stman new299 :
- 2014-07-11 15:01:23 Stman Detecting backdoors in FPGA is easy.
- 2014-07-11 15:01:33 mrasmus how's that, Stman?
- 2014-07-11 15:01:51 Stman Slowing down the side channels that can trigger them : It's fun, but you never know what they can imagine, so, it's an endless task.
- 2014-07-11 15:02:09 mrasmus when the bitstream format that defines the functionality of it is created in a closed-source fashion
- 2014-07-11 15:02:14 Stman Nick (TOR chief architect) suggest, for detecting backdoors usage in FPGA, a simple trick :
- 2014-07-11 15:02:25 Stman simpel and known, but perfect in this case :
- 2014-07-11 15:02:49 Stman Use two different FPGA from two different fab : Xilinx and altera, and to the same design on both of them :
- 2014-07-11 15:03:06 Stman Then build a PCB that make them work fully synchronized.
- 2014-07-11 15:03:26 Stman And also some comparator to check that the results are always the same.
- 2014-07-11 15:03:43 Stman Of course, this approach is complexifying a lot the PCB / mother board design
- 2014-07-11 15:03:46 Stman It has a cost.
- 2014-07-11 15:03:50 Stman But it works :
- 2014-07-11 15:04:03 adj then you know that both xilinx and altera are subverted
- 2014-07-11 15:04:05 Stman NSA can barely activate FPGA back exactly at the same time for the two FPGA :
- 2014-07-11 15:04:06 mrasmus "perfect" tells me there's a flaw
- 2014-07-11 15:04:06 new299 unless they'vethought of that.
- 2014-07-11 15:04:18 Stman Well.
- 2014-07-11 15:04:22 Stman They could.
- 2014-07-11 15:04:41 mrasmus Any time I hear the word "perfect" in a description of something in the security world, my confidence index drops by 60-80%.
- 2014-07-11 15:04:51 adj too much conspiranoid chat for me now
- 2014-07-11 15:04:57 Stman But playing this game, compairing two different systems, I think the defender has an advantage always on the attacker (the nsa)
- 2014-07-11 15:04:58 mrasmus same here
- 2014-07-11 15:05:11 mrasmus to adj's comment, that is
- 2014-07-11 15:05:12 Stman adj :
- 2014-07-11 15:05:16 Stman Look :
- 2014-07-11 15:05:21 Stman Both FPGA have different architecture :
- 2014-07-11 15:05:41 Stman The backdoors cannot down bitfile and activate them AT THE same time for both FPGA
- 2014-07-11 15:05:48 Stman It is impossible.
- 2014-07-11 15:05:59 new299 why do they need to activate an exploit.
- 2014-07-11 15:06:04 mrasmus What about a subversion at the bitstream level that subverts functionality
- 2014-07-11 15:06:06 Stman Particularily if both FPGA are not the same.
- 2014-07-11 15:06:15 mrasmus when you have a closed-source bitgen tool
- 2014-07-11 15:06:28 mrasmus that'd be my attack vector, and you haven't said a word that tells me you've considered it
- 2014-07-11 15:06:40 Stman mrasmus : This is another question Stallman has been telling me about Free FPGA :
- 2014-07-11 15:06:55 Stman Software compiling, and placing/routing software are never free
- 2014-07-11 15:07:00 Stman I know this issue too.
- 2014-07-11 15:07:04 Stman Anyway,
- 2014-07-11 15:07:07 Stman again,
- 2014-07-11 15:07:25 Stman But VHDL comoiler based on GCC/LLVM are free
- 2014-07-11 15:07:44 adj Stman, an fpga can have a cpu core inside, what's the diference with what you don't like about novena?
- 2014-07-11 15:07:45 mrasmus so are you saying that you'll eventually have a free bitgen stack for this specific FPGA?
- 2014-07-11 15:08:14 Stman Usign two very different FPGA for running the same design for implementing a processor is a very good and efficient strategy, but it has a cost of course, but the security level is greatly improoved. They do this strategy in planes for calculations too.
- 2014-07-11 15:08:22 Stman adj :
- 2014-07-11 15:08:24 Stman Yes.
- 2014-07-11 15:08:26 Stman Well.
- 2014-07-11 15:08:35 Stman This discussions would be much better on a mumble server
- 2014-07-11 15:08:39 Stman more interactive
- 2014-07-11 15:08:56 Stman adj :
- 2014-07-11 15:09:00 mrasmus you keep talking about "Free FPGA" like it's an actual thing, but if it were, it'd be new hardware in a new package that is completely irrelevant to the conversation
- 2014-07-11 15:09:01 new299 Stman, you could just use CPUs from 2 different vendors...
- 2014-07-11 15:09:31 Stman FYI : I am working the design of a new architecture of secure processor that by design stop ALL the familly and friends from Buffer & Stack overflow families.
- 2014-07-11 15:09:36 Stman Including ROP.
- 2014-07-11 15:09:38 Stman exploit.
- 2014-07-11 15:09:53 Stman The last piece of the puzzle pissing to implement them is free FPGA.
- 2014-07-11 15:09:58 adj well, if bunnie can make you proposal great, but i don't need it
- 2014-07-11 15:10:02 adj good luck
- 2014-07-11 15:10:08 Stman I am for now obliged to "play" with COTS FPGA that of course can be backdoored.
- 2014-07-11 15:10:11 Stman Anyway.
- 2014-07-11 15:10:23 Stman adj :
- 2014-07-11 15:10:29 Stman It's really a little change, really.
- 2014-07-11 15:10:38 Stman many hacker will greatly appreciate that.
- 2014-07-11 15:10:44 fun Stman: I hope it makes it into the final version :)
- 2014-07-11 15:10:47 Stman in particular, futur client from the TOR team.
- 2014-07-11 15:10:49 new299 you'll likely have to wait until the current FPGA patents expire until you get a free FPGA...
- 2014-07-11 15:11:09 Stman new299 : Or go to brazil.
- 2014-07-11 15:11:17 gmaxwell new299: any idea when the bulk of FPGA patents expire? ... their design is so simple overall... I'm constantly sad how expensive they are.
- 2014-07-11 15:11:35 Stman brazil said "fuck you" for AID pills & their patents
- 2014-07-11 15:11:43 new299 gmaxwell: no I did look into it a while back though.
- 2014-07-11 15:12:03 Stman anyway, they have not patented everything
- 2014-07-11 15:12:05 new299 Stman: does Brazil have a lot of fab capacity?
- 2014-07-11 15:12:10 Stman It is possible to imagine new design for FPGA
- 2014-07-11 15:12:21 new299 Stman: go for it.
- 2014-07-11 15:12:31 Stman new299 : Not more than they had for HIV drugs in the past. They just built them.
- 2014-07-11 15:12:52 Stman new299 : If other come with me, let go all together
- 2014-07-11 15:13:00 mrasmus still not seeing how a new FPGA design matters when we're talking about this board
- 2014-07-11 15:13:09 new299 Stman: do you have funding lined up?
- 2014-07-11 15:13:10 Stman In order to have this dream come true, we have a fucking hard political lobbying to make.
- 2014-07-11 15:13:24 Stman The EU parlament could pay for such plant.
- 2014-07-11 15:13:36 Stman But we just need efficient people doing the right lobbying.
- 2014-07-11 15:14:05 fun might be worth talking to epfsug
- 2014-07-11 15:14:11 fun might be able to help
- 2014-07-11 15:14:18 Stman I've asked Appelbaum if he was okay to promote Free FPGA at the european parlament. I still have no answer, but it is clear I would be very disapointed if he would refuse to do us this favor.
- 2014-07-11 15:14:29 new299 Stman: The EU parlament to pay for a fab, to circumvent patents in Brazil, hmmm could be a tough sell. :)
- 2014-07-11 15:14:42 Stman :p
- 2014-07-11 15:14:55 mrasmus I'm getting a headache from lack of pragmatism in here, I'm gonna take my leave
- 2014-07-11 15:15:02 new299 Stman: you should go to google ventures instead. :)
- 2014-07-11 15:15:22 adj i don't think that EU money is needed to make a fab
- 2014-07-11 15:15:23 Stman mrasmus Dreaming is the first step, always. We need to have a clear vision of what is needed and explore all the possibilities.
- 2014-07-11 15:15:27 adj not so expensive
- 2014-07-11 15:15:30 new299 mrasmus: hahaha, I'm waiting to see how far this goes.
- 2014-07-11 15:15:46 Stman adj : That's what some hacker friends think too.
- 2014-07-11 15:15:53 new299 adj: um... fabs are reasonably expensive
- 2014-07-11 15:15:57 Stman yIt is clear that if we can stay autonomous, then, the better
- 2014-07-11 15:16:08 Stman There is also another waty to explore : IC printing technologies.
- 2014-07-11 15:16:24 Stman There are already IC printer for printing RFID tags.
- 2014-07-11 15:16:27 Stman Low cost ones.
- 2014-07-11 15:16:46 new299 Stman: I'm not entirely sure they have the same performance requirements as FPGAs...
- 2014-07-11 15:17:04 Stman Of course, every transistor in those IC printing printers are WAY TOO BIG for now, and can only be used to implement very small designs, but the idea is interesting. like for 3D printing.
- 2014-07-11 15:17:12 Stman new299 : Of course.
- 2014-07-11 15:17:13 adj small companies or universities can make IC
- 2014-07-11 15:17:17 Stman It's just another possible path.
- 2014-07-11 15:17:24 Stman For the future let's say
- 2014-07-11 15:17:31 Stman But it's interesting to know it.
- 2014-07-11 15:17:37 Stman To keep that in mind.
- 2014-07-11 15:17:43 Stman BRB
- 2014-07-11 15:20:01 Stman What do I mean with Free FPGA :
- 2014-07-11 15:20:09 new299 Stman: so you can buy a 1 micron line for ~250K USD.
- 2014-07-11 15:20:21 new299 like an old fab line from the 80s.
- 2014-07-11 15:20:30 Stman 1) Fully free software tool chain : Free VDHL compiler, and Free Place/route into an FPGA arch tools.
- 2014-07-11 15:20:32 new299 but you're not going to be making FPGAs...
- 2014-07-11 15:21:03 Stman 2) Free FPGA "chips", with a window, like for an EPROM, so that End-User can take a photo of the dice, and check it.
- 2014-07-11 15:21:04 adj new299, why not?
- 2014-07-11 15:21:25 Stman 3) a transparent plastic lead chip carier
- 2014-07-11 15:21:42 Stman So that one can check there is other other "toyz" inside the plastic.
- 2014-07-11 15:21:59 adj Stman, the backdoor is _under_ what you see
- 2014-07-11 15:22:03 Stman With these 3 conditions, if the can make, we have our freedom and privacy back, and we can start rebuilding a new internet, a free one.
- 2014-07-11 15:22:26 Stman Are you talking about Dopant attack on the dice ?
- 2014-07-11 15:22:39 new299 adj: you're not going to enough transistors on a device to do anything useful. You might be able to do something like a PLD I guess.
- 2014-07-11 15:22:47 Stman Dopant atack have almost no interest on FPGA, unlike on a RND generator
- 2014-07-11 15:23:26 adj or just die stacking
- 2014-07-11 15:23:56 adj 3d electronics
- 2014-07-11 15:23:56 Stman Yes.
- 2014-07-11 15:23:58 adj don't know
- 2014-07-11 15:24:02 Stman Yes I know that.
- 2014-07-11 15:24:09 Stman These are easy problem to solve :
- 2014-07-11 15:24:37 adj living in our imperfect world is another solution
- 2014-07-11 15:24:38 Stman We can afford having a little R&D on way to build these chips so that we can warranty to the end user the easy possibility to control the whole thing.
- 2014-07-11 15:24:47 Stman This would just be our 1rst priority
- 2014-07-11 15:25:09 Stman adj : Never. I'm a radical crypto-anarchist & I want my fucking freedom back.
- 2014-07-11 15:25:23 Stman Don't want any agency to fuck me any longer in teh silicium.
- 2014-07-11 15:25:53 adj i also want my perfect freedom, my perfect security, my perfect job...
- 2014-07-11 15:26:04 adj i'm not going to get it
- 2014-07-11 15:26:06 Stman * and a perfect boy friend
- 2014-07-11 15:26:26 Stman adj : I you don't dream, then it means they "killed" you.
- 2014-07-11 15:26:35 Stman Free FPGA are sincerly at our reach.
- 2014-07-11 15:26:40 Stman It's not science fiction.
- 2014-07-11 15:26:45 Stman We could do it.
- 2014-07-11 15:26:48 new299 the problem is if your solution is "I need to build a fab", you'll never do it. So you should focus on reasonable pragmatic solutions.
- 2014-07-11 15:27:09 Stman It is just a difficult project, because doing these thing require lot's of organization, money, and motivation.
- 2014-07-11 15:27:35 adj yes, that's the reason we are going to get a computer from bunnie and xobs, not Stman
- 2014-07-11 15:27:38 Stman But if it is the cost of freedom, believe me, it will be very easy, with time, to convince many many software hackers to support us.
- 2014-07-11 15:27:48 new299 which is for the most part what I believe has guided the development of novena. It's a reasonable and pragmatic solution to a bunch of problems hackers have.
- 2014-07-11 15:28:01 Stman adj :
- 2014-07-11 15:28:05 Stman Why do you say that ?
- 2014-07-11 15:28:42 Stman Do you fear freedom ?
- 2014-07-11 15:29:19 adj because novena is for me the nearest computer from perfection
- 2014-07-11 15:29:33 adj so i take it
- 2014-07-11 15:29:33 Stman Well.
- 2014-07-11 15:29:40 Stman It's okay.
- 2014-07-11 15:29:45 Stman I play the same game.
- 2014-07-11 15:29:54 Stman I4ll let you know when my "try" will be ready.
- 2014-07-11 15:29:55 adj that's pragmatism
- 2014-07-11 15:30:04 Stman I'm quite pragmatic too.
- 2014-07-11 15:30:21 adj just when you wake up
- 2014-07-11 15:30:33 Stman What's wrong with saying : "The last piece of the puzzle for freedom are free FPGA, I wish we would move our asses to have some ?"
- 2014-07-11 15:30:49 mrasmus Still not seeing the relevance of the free FPGA discussion to the novena board design. At all.
- 2014-07-11 15:31:03 Stman mrasmus : We shifted.
- 2014-07-11 15:31:03 adj mrasmus, agree
- 2014-07-11 15:31:05 mrasmus Like, yes, cool, go build a free fpga, I'll love it and use it when you do
- 2014-07-11 15:31:16 Stman Well, back to the roots :
- 2014-07-11 15:31:34 Stman I've came here just to ask for a minor change on the design of the novena didn't I ?
- 2014-07-11 15:31:37 mrasmus you used free FPGA to justify your redesign request
- 2014-07-11 15:32:15 adj this is easy, just ask bunnie to change the design a couple of days before sending for production
- 2014-07-11 15:32:17 Stman mrasmus : I never loose any opportunity to speak the truth about what is needed to have freedom back to all of us.
- 2014-07-11 15:32:20 mrasmus I'm saying "bitstream is the bigger vector, your claimed risk can be mitigated with a much less significant redesign if any at all (I don't actually know if the programming lines for the FPGA are sniffable as designed)
- 2014-07-11 15:32:48 Stman mrasmus : I agree with that.
- 2014-07-11 15:32:49 mrasmus Stman: You just come in at the bottom of the ninth on a hardware project that's been going through multiple revisions to ask for a minor revision with little justification
- 2014-07-11 15:33:05 mrasmus and "minor" should be in quotes
- 2014-07-11 15:33:23 Stman mrasmus : Well, This minor change has a lot of importance in term of attack surface regarding the FPGA.
- 2014-07-11 15:33:25 mrasmus with the complexity and density of this board
- 2014-07-11 15:33:29 mrasmus I disagree
- 2014-07-11 15:33:34 mrasmus you've failed to convince me of that
- 2014-07-11 15:33:47 Stman It's just a question of goals & priorities mrasmus !
- 2014-07-11 15:33:59 Stman mrasmus : I'm used to that.
- 2014-07-11 15:34:16 mrasmus you're used to failing to convince people that something is justified?
- 2014-07-11 15:34:18 Stman Then, have ypu "perfect board" with an FPGA were you can't even garantee the bitfile.
- 2014-07-11 15:34:29 Stman It's a choice. And a risk.
- 2014-07-11 15:34:34 Stman I won't take it personnaly.
- 2014-07-11 15:34:37 mrasmus I disagree on your premise
- 2014-07-11 15:34:43 mrasmus I'm not saying that I don't think the security is worthwhile
- 2014-07-11 15:34:59 <-- nerick (~nerick@ns3297786.ovh.net) has quit (Ping timeout: 480 seconds)
- 2014-07-11 15:35:09 mrasmus I'm saying that the bit burning operation can likely be verified as is
- 2014-07-11 15:35:12 Stman Okay, go and convince the more radical of the TOR team that we don't give a shit if the bitfile gets corrupted before transfered to the FPGA.
- 2014-07-11 15:35:20 Stman Tell that to snowden for example.
- 2014-07-11 15:35:32 mrasmus Aaaand you're bullshitting, now
- 2014-07-11 15:35:43 mrasmus What I'm saying is the transfer process can be monitored
- 2014-07-11 15:35:49 mrasmus and that would be sufficient
- 2014-07-11 15:35:50 Stman Yes.
- 2014-07-11 15:35:58 mrasmus that's giving a shit
- 2014-07-11 15:36:07 mrasmus that's giving a shit if it gets corrupted or not
- 2014-07-11 15:36:07 Stman IF the track of I2C bus is not imprisonned in a layer of the PCB.
- 2014-07-11 15:36:16 mrasmus that's a valid question; I don't know the answer
- 2014-07-11 15:36:18 Stman okay on that
- 2014-07-11 15:36:37 mrasmus but you're saying that wouldn't be sufficient, and your proposed solution is the right way, and that's impractical
- 2014-07-11 15:36:48 Stman No, I didn't say that.
- 2014-07-11 15:37:23 mrasmus you argued in a fashion that did not acknowledge the verification process as valid
- 2014-07-11 15:37:33 Stman It's just, there two main approach to solve this issue : Prevention/detection, or by design, the problem doesn't exist because we use an external serial e(e)prom. I prefer the second.
- 2014-07-11 15:37:40 Stman But both can do the trick.
- 2014-07-11 15:37:46 Stman I like "by design" things.
- 2014-07-11 15:37:52 Stman (PAranoid approach)
- 2014-07-11 15:39:41 Stman I maintain that it's just one more jumper on the board and just the addition of a 6 pin chip.
- 2014-07-11 15:39:46 Stman It's not the end of the world.
- 2014-07-11 15:39:58 new299 Stman: all the gerbers are available I believe go take a look at where the I2C the FPGA uses goes.. that would be something useufl.
- 2014-07-11 15:40:00 Stman It doesn't mean the whole re-routing of the PCB.
- 2014-07-11 15:40:11 Stman Yes I will new299 :
- 2014-07-11 15:40:20 Stman It's the best answer I can have : Let's try to do it.
- 2014-07-11 15:40:35 mrasmus 6 pin footprint
- 2014-07-11 15:40:41 mrasmus I'm hoping you're not asking for it to be populated
- 2014-07-11 15:40:44 Stman Yep.
- 2014-07-11 15:40:52 mrasmus good
- 2014-07-11 15:41:10 Stman small SMD's or socket chips.
- 2014-07-11 15:41:32 Stman Anyway, it's not the surface of an old 68000 in DIP package with its 64 pins.
- 2014-07-11 15:43:03 Stman mrasmus : My best "fair" answer is to have a look a the PCB with the editor and see .
- 2014-07-11 15:43:28 new299 Stman: you don't even need to use the (closed source) editor. The gerbers are around I believe.
- 2014-07-11 15:43:35 mrasmus ^^
- 2014-07-11 15:43:46 Stman If the gerber are available, cool.
- 2014-07-11 15:43:53 mrasmus We're talking Altium, that's a few thousand dollars IIRC
- 2014-07-11 15:44:11 Stman But I guess it's even faster to work directly with the Schematics / PCB software directly.
- 2014-07-11 15:44:12 new299 about 5K USD I think yea.
- 2014-07-11 15:44:13 mrasmus gerbers are all on the wiki
- 2014-07-11 15:45:04 new299 ah there's the fpga JTAG actually.
- 2014-07-11 15:45:25 Stman new299 : rooted to a SIL connector ?
- 2014-07-11 15:45:27 --> ooo (~ooo@4VXAACQAR.tor-irc.dnsbl.oftc.net) has joined #kosagi
- 2014-07-11 15:45:30 new299 yea
- 2014-07-11 15:45:33 Stman routed
- 2014-07-11 15:45:37 Stman :-s
- 2014-07-11 15:45:39 new299 populated
- 2014-07-11 15:45:43 new299 on the board I have here.
- 2014-07-11 15:45:44 Stman yep !
- 2014-07-11 15:46:26 new299 right yea, well it's a BGA part so I doubt you're really going to get that fully exposed on the top layer...
- 2014-07-11 15:46:28 Stman This is cool.
- 2014-07-11 15:46:41 new299 but it's populated and on a SIL yea.
- 2014-07-11 15:46:54 Stman I mean, it's a second way to inject bitfile then.
- 2014-07-11 15:47:27 Stman So we could just cut the tracks on the i2C bus if they are going through the external layer of ther PCB.
- 2014-07-11 15:47:33 Stman Sometimes we can have a little luck :D
- 2014-07-11 15:48:01 Stman In that case, we would inject the bitfile from an JTAG probe. Cool.
- 2014-07-11 15:48:02 new299 actually there seems to be a bus going from the CPU directly to the FPGA as well on the top layer.
- 2014-07-11 15:48:18 mrasmus There's a lot going between the two
- 2014-07-11 15:48:36 Stman Yes, there is a muxed ADDR/DATA bus between both.
- 2014-07-11 15:48:51 new299 so yea, anyway check the gerbers.
- 2014-07-11 15:49:10 mrasmus that seems like the logical move before requesting changes to a board, tbh
- 2014-07-11 15:49:19 Stman We won't be able to get any deeper here until playing with the shcematics / PCB software or viewing the Gerber files of the PCB (Hard if 10 layers)
- 2014-07-11 15:52:47 new299 have you even looked in the schematic pdf yet?
- 2014-07-11 15:53:04 Stman Yep
- 2014-07-11 15:53:13 Stman OF course.
- 2014-07-11 15:53:35 Stman I've been asked by some TOR guys to give my opinion on the design, focusing on the FPGA.
- 2014-07-11 15:53:51 Stman Bunnie himself gave me some more details.
- 2014-07-11 15:54:12 Stman Because I was in a hurry. TOR team came to paris last week. And it does not happen that often.
- 2014-07-11 15:54:29 Stman Anyway, YES, i had a look at the schematics.
- 2014-07-11 15:54:56 Stman I am an electronic engineer : I design routers and stuff like that, so this is very "known" territory to me.
- 2014-07-11 15:56:08 Stman The question I was asked by some guys from the TOR team was: The way the FPGA is "inserted" into this design, could we have secure TOR routers running on it : What would be missing, if anything is missing. This is the question they asked me.
- 2014-07-11 15:57:09 Stman I have to go for now, but i'll be back another day, so we can go on talking for those who are interested. I can also be found on twitter @Stmanfr ... 'Nice Week End to all ... o/
- 2014-07-11 15:57:51 <-- Stman (~Stman@193.253.170.176) has quit (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
- 2014-07-11 15:59:44 new299 well that was entertaining I guess.
- 2014-07-11 16:00:09 k3nt hah
- 2014-07-11 16:00:56 * k3nt sat on the sideline watching
- 2014-07-11 16:04:25 new299 "Quit: My MacBook Pro has gone to sleep." hahaha classic.
- 2014-07-11 16:04:44 mrasmus … *wow*
- 2014-07-11 16:05:05 new299 that's awesome. :)
- 2014-07-11 16:05:16 mrasmus I guess he *is* pragmatic, sometimes
- 2014-07-11 16:11:42 dermiste Maybe it's a red herring, to lure the spooks into wasting sploitz and reveal themselves ... ;)
- 2014-07-11 16:15:52 adj what? conversation ended?
- 2014-07-11 16:15:58 adj is was doing pop corn :-(
- 2014-07-11 16:16:03 adj I was
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement