How to talk to skeptics?
Bernhard M. Wiedemann
bernhardout at lsmod.de
Wed Dec 21 11:39:30 UTC 2022
On 18/12/2022 02.09, Martin via rb-general wrote:
> Controlling hardware is essential
https://www.bunniestudios.com/blog/?p=5706
Covers the topic of why open-source hardware is not enough to build
trustable devices.
TLDR: there are ways to subvert silicon that cannot be detected, even
with a electron-microscope, even if you know where to look.
One way out are FPGAs wherein you place processor cores randomly, so
attackers cannot know what to subvert at the time of fabrication.
However, this is orthogonal to reproducible+bootstrappable builds.
Ideally you have all of them, but having some of them, is better than
having none.
Ciao
Bernhard M.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20221221/8058f9f7/attachment.sig>
More information about the rb-general
mailing list