[linux-elitists] Surveillance

Eugen Leitl eugen at leitl.org
Sun Sep 8 09:31:09 PDT 2013


On Sun, Sep 08, 2013 at 09:06:03AM -0700, Greg KH wrote:

> > Trust is a continuum. Some systems are more trustable than
> > others. While we don't have fully trusted hardware yet,
> > we're getting close. Certain developers are using modified
> > hardware which doesn't contain any proprietary blobs.
> 
> What hardware is that?

A particular brand of notebook that takes coreboot, and where
the proprietary blob-needing parts are physically removed, and 
only hardware added that is supported by purely open source 
drivers.

I'm sorry to be so vague, but have my reasons.
 
> > In principle you can load an soft CPU from a library into
> > an FPGA (backdoorable in principle and at least one
> > backdoor is known, but harder to get stuff in).
> 
> The CPU is the least of your worries, but still something that can be
> subverted.  There's network controllers, internal bridges (do you know
> how many ARM cores are in your north/south bridge?  lots), routers (the

There is another project which attempts to design an almost
completely open (with the exception of the CPU) board. I cannot
give you any more details, see above.

An unrelated project that also attempts to be quite open and
is already public is the Parallella Epiphany. They should be
shipping very soon, and will be also available for nonbackers.

> big problem), and even things as "simple" as a keyboard controller and
> mouse controller (I got started in Linux by writing keyboard and mice
> firmware, you can do a lot in those little things).  All of which could,
> and probably should, not be "trusted".  There's no way for anyone to
> "validate" all of those.

Yeah, there is one hell of a nasty hairball there.
 
> And then the big issue is what your devices talk to, how can you
> validate them?

If a hardened device talks to another hardened device, and
the protocol is not fishy (one time pad, or symmetric cipher
that is not cooked) this is clearly slightly more trustable
than a couple guys skyping on Wintel.
 
> Yes, trust is a continuum, just like society, it's something you have to
> have in order for people to be able to survive together.
> 
> > There's also work on provable software (e.g. seL4), though
> > not yet unfortunately anything with an open source license.
> 
> People have been "working" on this for many decades now.  There's lots
> of reasons why this will never happen.

There has been considerable progress in verified compilers
and small kernels lately, see the thread on Perry's cryptography list.
The question is when we'll be getting these in open source land.
 
> > You can use capabilities-based systems and thin hypervisors
> > on open hardware to compartmentalize potential compromises,
> > to have something which is still usable yet reasonably secure.
> 
> What hypervisors work on "open" hardware?

Sorry, not aware of any specifics. I find Qubes
interesting (incidentally, doesn't NSA use Xen or
other hypervisors to separate compartment on the
same hardware?), but have not looked into them into any
detail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://zgp.org/pipermail/linux-elitists/attachments/20130908/722411bb/attachment.sig>


More information about the linux-elitists mailing list