On 18/12/2022 02.09, Martin via rb-general wrote:
Controlling hardware is essential
https://www.bunniestudios.com/blog/?p=5706Covers the topic of why open-source hardware is not enough to build trustable devices.
TLDR: there are ways to subvert silicon that cannot be detected, even with a electron-microscope, even if you know where to look.
One way out are FPGAs wherein you place processor cores randomly, so attackers cannot know what to subvert at the time of fabrication.
However, this is orthogonal to reproducible+bootstrappable builds.Ideally you have all of them, but having some of them, is better than having none.
Ciao Bernhard M.
OpenPGP_signature
Description: OpenPGP digital signature