greg at kroah.com
Sun Sep 8 09:52:38 PDT 2013
On Sun, Sep 08, 2013 at 06:31:09PM +0200, Eugen Leitl wrote:
> On Sun, Sep 08, 2013 at 09:06:03AM -0700, Greg KH wrote:
> > > Trust is a continuum. Some systems are more trustable than
> > > others. While we don't have fully trusted hardware yet,
> > > we're getting close. Certain developers are using modified
> > > hardware which doesn't contain any proprietary blobs.
> > What hardware is that?
> A particular brand of notebook that takes coreboot, and where
> the proprietary blob-needing parts are physically removed, and
> only hardware added that is supported by purely open source
> I'm sorry to be so vague, but have my reasons.
I don't believe you. Seriously, I don't. You really have a way to
"remove" the keyboard controller? What about your USB host controller?
Oh, you are using PS/2? What about the firmware in that controller
chip? The microcode in the processor?
Open drivers aren't the real issue. Hardware you can "trust" is.
> > > In principle you can load an soft CPU from a library into
> > > an FPGA (backdoorable in principle and at least one
> > > backdoor is known, but harder to get stuff in).
> > The CPU is the least of your worries, but still something that can be
> > subverted. There's network controllers, internal bridges (do you know
> > how many ARM cores are in your north/south bridge? lots), routers (the
> There is another project which attempts to design an almost
> completely open (with the exception of the CPU) board. I cannot
> give you any more details, see above.
That's the same as saying, "I have a pink elephant, but I can't show
you, you'll just have to trust me."
As you don't trust anyone, why should I trust you?
> An unrelated project that also attempts to be quite open and
> is already public is the Parallella Epiphany. They should be
> shipping very soon, and will be also available for nonbackers.
Those boards have some open HDL, which is great, but not all of it is
open, you still have to rely on blobs from companies that you may, or
may not, trust.
> > big problem), and even things as "simple" as a keyboard controller and
> > mouse controller (I got started in Linux by writing keyboard and mice
> > firmware, you can do a lot in those little things). All of which could,
> > and probably should, not be "trusted". There's no way for anyone to
> > "validate" all of those.
> Yeah, there is one hell of a nasty hairball there.
And that's the problem you can not solve.
> > And then the big issue is what your devices talk to, how can you
> > validate them?
> If a hardened device talks to another hardened device, and
> the protocol is not fishy (one time pad, or symmetric cipher
> that is not cooked) this is clearly slightly more trustable
> than a couple guys skyping on Wintel.
"slightly", but still vaporware.
> > Yes, trust is a continuum, just like society, it's something you have to
> > have in order for people to be able to survive together.
> > > There's also work on provable software (e.g. seL4), though
> > > not yet unfortunately anything with an open source license.
> > People have been "working" on this for many decades now. There's lots
> > of reasons why this will never happen.
> There has been considerable progress in verified compilers
> and small kernels lately, see the thread on Perry's cryptography list.
> The question is when we'll be getting these in open source land.
"Small kernels" fall apart when they hit modern systems and real-world
devices and scenarios. It's as if people never learn from past
mistakes, sad. But it makes for nice research papers, so they continue
to be worked on.
More information about the linux-elitists