[rb-general] Crowdfunded 8086 audit
Daniel Shahaf
danielsh at apache.org
Mon Apr 1 02:11:23 CEST 2019
I'd like to crowdfund an audit of Intel's 8086 CPU¹.
Ultimately, nice though reproducible builds may be, if we are to avoid
RoTT attacks we must have audited, verified hardware as well. Auditing
the 8086 is a first step towards auditing modern-day CPUs derived from
it, and will be separately useful as a "trusted platform" which can
cross-compile reproducible binaries in order to establish trust in other
platforms (see John Gilmore's post²'s footnote and David Wheeler's "Diverse
Double-Computing" thesis³, for two).
See the write-up⁴ for more details, but in a nutshell, for this to
happen (and be useful), we need:
- To have native and cross builds produce the same output as each other.
- To acquire 8086s and have means of non-destructively auditing them.
- To change the Berne Convention on copyright law to make this sort of
auditing legal.
I'll start by sending a patch to the Berne guys; anybody knows what
their mailing list's address is?
Cheers,
Daniel
¹ https://en.wikipedia.org/wiki/Intel_8086 (tl;dr: It's the primogenitor of all modern x86 CPUs)
² https://lists.reproducible-builds.org/pipermail/rb-general/2019-January/001435.html (tl;dr: A reproducible distro should be reproducible not only from itself but also from other environments)
³ https://dwheeler.com/trusting-trust/dissertation/html/wheeler-trusting-trust-ddc.html
⁴ https://www.reproducible-builds.org/news/2019/04/01/reproducible-builds-twain-Intel-8086-audit-and-Berne-Convention-patches/
I'd like to crowdfund an audit of Intel's 8086 CPU¹.
Ultimately, nice though reproducible builds may be, if we are to avoid
RoTT attacks we must have audited, verified hardware as well. Auditing
the 8086 is a first step towards auditing modern-day CPUs derived from
it, and will be separately useful as a "trusted platform" which can
cross-compile reproducible binaries in order to establish trust in other
platforms (see John Gilmore's post²'s footnote and David Wheeler's "Diverse
Double-Computing" thesis³, for two).
See the write-up⁴ for more details, but in a nutshell, for this to
happen (and be useful), we need:
- To have native and cross builds produce the same output as each other.
- To acquire 8086s and have means of non-destructively auditing them.
- To change the Berne Convention on copyright law to make this sort of
auditing legal.
I'll start by sending a patch to the Berne guys; anybody knows what
their mailing list's address is?
Cheers,
Daniel
¹ https://en.wikipedia.org/wiki/Intel_8086 (tl;dr: It's the primogenitor of all modern x86 CPUs)
² https://lists.reproducible-builds.org/pipermail/rb-general/2019-January/001435.html (tl;dr: A reproducible distro should be reproducible not only from itself but also from other environments)
³ https://dwheeler.com/trusting-trust/dissertation/html/wheeler-trusting-trust-ddc.html
⁴ https://www.reproducible-builds.org/news/2019/04/01/reproducible-builds-twain-Intel-8086-audit-and-Berne-Convention-patches/
More information about the rb-general
mailing list