[linux-elitists] Surveillance

Greg KH greg at kroah.com
Sun Sep 8 09:06:03 PDT 2013

On Sun, Sep 08, 2013 at 02:51:00PM +0200, Eugen Leitl wrote:
> On Sat, Sep 07, 2013 at 10:27:27PM -0700, Greg KH wrote:
> > On Sun, Sep 08, 2013 at 05:09:32PM +1200, Mark van Walraven wrote:
> > > On Sat, Sep 07, 2013 at 09:14:31PM -0700, Greg KH wrote:
> > > > But what else needs to be worked on?  What gaps do people feel we have
> > > > that are cauing problems that we can solve with technological measures,
> > > > not just legal ones?
> > > 
> > > How can I trust my hardware and the firmware therein?
> > 
> > Shortest answer
> > 	You can't.
> Trust is a continuum. Some systems are more trustable than
> others. While we don't have fully trusted hardware yet,
> we're getting close. Certain developers are using modified
> hardware which doesn't contain any proprietary blobs.

What hardware is that?

> In principle you can load an soft CPU from a library into
> an FPGA (backdoorable in principle and at least one
> backdoor is known, but harder to get stuff in).

The CPU is the least of your worries, but still something that can be
subverted.  There's network controllers, internal bridges (do you know
how many ARM cores are in your north/south bridge?  lots), routers (the
big problem), and even things as "simple" as a keyboard controller and
mouse controller (I got started in Linux by writing keyboard and mice
firmware, you can do a lot in those little things).  All of which could,
and probably should, not be "trusted".  There's no way for anyone to
"validate" all of those.

And then the big issue is what your devices talk to, how can you
validate them?

Yes, trust is a continuum, just like society, it's something you have to
have in order for people to be able to survive together.

> There's also work on provable software (e.g. seL4), though
> not yet unfortunately anything with an open source license.

People have been "working" on this for many decades now.  There's lots
of reasons why this will never happen.

> You can use capabilities-based systems and thin hypervisors
> on open hardware to compartmentalize potential compromises,
> to have something which is still usable yet reasonably secure.

What hypervisors work on "open" hardware?

greg k-h

More information about the linux-elitists mailing list