Reproducibility and microcode updates

David A. Wheeler dwheeler at
Tue Jun 22 18:17:22 UTC 2021

> On Jun 22, 2021, at 9:08 AM, Dan Shearer <dan at> wrote:
> In brief, this is where we know that the Trusting Trust paper [1]
> remains valid, despite David Wheeler's technique [2]. Because even if we
> can build our toolchain from scratch we have no idea about the microcode
> or higher-level firmware than the microcode.

We cannot eliminate all risks. Even if you eliminated all computer-related risks,
tomorrow all life on Earth might be destroyed by a previously unnoticed meteor or a gamma ray burst.

But we often *can* take steps to reduce risks to manageable levels
(by reducing likelihood or impact). Reducing risks in other industries
(like automobile transportation) has saved countless lives & much property.

So let’s focus on managing risks, mainly by reducing them.
Currently toolchain problems aren’t the *primary* problems, it’s vulnerabilities,
subverted builds, and insecure distribution of software. Reproducible builds
help counter subverted builds. After that, we can focus on attacks like the
trusting trust attack. Once that’s dealt with, we can deal with subverted microcode
if desired. But every time you make attacks harder, fewer attackers will be able to
Perform the attacks, and that’s a *good* thing.

--- David A. Wheeler

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the rb-general mailing list