Hardware alternatives to Intel for security concerns

1. Replacing Intel or x86 chips for security reasons, esp subversion. Options. (2013)
2.  
3. Instruction Sets
4.  
5. Alternative ISA's include POWER/PPC, SPARC, Alpha, PA-RISC, ARM (naturally), and MIPS. Many old workstation computers were quite functional and used these. So, for these, I suggest Googling (to review pro's/cons) and buying old machines from eBay. Especially look for hardware supported by OpenBSD, NetBSD, or Linux so you have up-to-date, patched software rather than proprietary UNIX. Or, if you dare, you can virtualize or security-enhance the UNIX/OS they're built on to keep its applications/toolset.
6.  
7. Prebuilt, very usable
8.  
9. Hardware vendors to eBay include VIA x86's, Apple PPC Mac's, Genesi Efika, or Freescale for PPC; IBM servers for POWER; Sun SPARC servers or Sunblade SPARC workstations; Compaq Alpha servers/workstations; HP PA-RISC servers/workstations; SGI's Octane/Origin MIPS; homebrew PS2 (MIPS) or PS3 (Cell). These are all built to run desktop, workstation or server loads. Also, Loongson is China's chip and they have both BSD- and Linux-based stacks built on it. Top contender for anti-NSA chip.
10.  
11. Note: Super old, slow and obsolete ones like VAX, Pyramid, Motorola's, and so on if you want that.
12.  
13. Embedded, simple and/or special-purpose
14.  
15. The systems above are old and/or complex. Past few years, I advised people wanting modern non-Intel (and non-server) stuff to look at embedded companies. Freescale, Curtis-Wright, AMCC, etc come to mind. There's *plenty* of embedded boards for ARM, MIPS, PPC, and even x86. They're usually pretty simple compared to a desktop or server board. You can get as much or as little functionality as you want. And there's more foreign suppliers available. Just get an embedded board with a high end processor, plenty of RAM and ability to integrate with peripherals. You can build a simplified desktop out of that, esp if it runs Linux. (Many do.)
16.  
17. Note: that was all 32- and 64-bit stuff. I've known of people willing to do stuff on 8-bit and 16-bit machines. You can actually do quite a bit on those machines. You're just going to take a [huge] hit in avail software, usability, and performance. Maybe security too without memory protection.
18.  
19. Processor cores on FPGA's
20.  
21. This route is rougher but you might find online guides. Who knows. The concept is you get a core and you put it on an FPGA. Might have to add other stuff to make it work. The core might be x86 compatible, one of other ISA's I mentioned, or an open ISA such as OpenRISC. Or even the rigorously analysed VAMP verified processor. You can build your system ground up. If it proves out and there's demand, maybe you can turn it into a dedicated ASIC and have a foreign fab build it. Who knows.
22.  
23. High level processors
24.  
25. We've discussed this recently on this blog. I've brought it up in previous discussions about language-based security. If language was securable and runtime safety was hardware supported/accelerated, then building a complicated system w/out common issues like code injection might be easier, right? And a high level language or architecture could help detect subversions if it promoted layering, information hiding, etc. So, the idea here is to outright buy or put on an FPGA a core supporting a higher level language. Examples I've seen are LISP machine's (LISP processors), Forth machines, JOP-style Java processors (think server type is called Vega), HISC instruction set, and crash-safe.org's recent tagged design. If not build a desktop, you might use one of these for purpose-built devices or a trusted front end to many less truthworthy devices.
26.  
27. Just remember
28.  
29. Remember that you must define your threat model for this stuff. I don't like x86 because *everyone* attacks them. I prefer an obscurity benefit on top of a hardened system. However, people worried about black hats and foreign TLA's would do well to use a recent Intel processor b/c they have lower errata than previous chips and features that benefit security (e.g. IOMMU). I'd say the same about certain embedded PPC and ARM systems made by Freescale. Problem with these? NSA might have backdoored them. If you're worried about NSA, you're going for foreign made equipment from China (Loongson) or something. But then you won't have the local features and experience. And *they* might have backdoored it.
30.  
31. So, as you can see, worrying about nation state subversion of hardware you depend on is like working through a maze. My solution has been to separate such concerns on *different physical hardware*. If NSA is the threat, do it on a machine dedicated to that stuff. If it's China and malware, do it on a machine safe against that. Unless you're specifically at risk to NSA (few are), the other threats should be top priority. You can always get a dedicated embedded system for your battle with US TLA's. And I'd recommend you don't operate it in America on the public internet. Air gaps with simple, non-executable transfer mechnisms are your friend. ;)
32.  
33. EDIT TO ADD
34.  
35. Edit to add more foreign and embedded chips to look into: Fujitsu FR-V; RISE MP-6 (x86 compatible); Transmeta Crusoe (x86 compatible); NEC RISC chips such as VR and a 2005 one supporting auto-parallelism; Toshiba TX MIPS-based processors; higher end SuperH (one was in Dreamcast).
36.  
37. (Originally posted to Schneier's blog.)
38.  
39. Nick P.
40. Security Researcher/Engineer
41. (High-assurance security focused)