#fedora-riscv on 2023-10-09 — irc logs at libera.irclog.whitequark.org

2021-06-01 15:14 dgilmore changed the topic of #fedora-riscv to: Fedora on RISC-V https://fedoraproject.org/wiki/Architectures/RISC-V || Logs: https://libera.irclog.whitequark.org/fedora-riscv || Alt Arch discussions are welcome in #fedora-alt-arches

09:19 <rwmjones> https://news.ycombinator.com/item?id=37815566

09:19 <rwmjones> somlo's fosdem talk from 2023 is trending

10:05 <rwmjones> somlo: a real danger to hardware is a "kill signal", a long, unlikely series of bits which kills the chip

10:05 <rwmjones> (so you send this just before you invade etc)

10:06 <rwmjones> FPGAs are just as vulnerable to this as everything else

11:15 <somlo> rwmjones: a kill switch is equivalent to a "denial of service" attack, your hardware ends up dead. At least you *know* :)

11:16 <somlo> but it can get worse, your cpu could be silently undermining you with a "privilege escalation" embedded in silicon, where your computer keeps appearing to work while cooperating with your attacker behind your back

11:17 <somlo> with an FPGA I can't mitigate against the kill switch, but (with a self-hosting, sources-all-the-way-down gateware+software stack) I can protect against the privilege escalation

11:21 <rwmjones> oh for sure

11:23 <rwmjones> apparently there are verification services that will examine your hardware with a big microscope to check the implementation matches the RTL

11:23 <rwmjones> I imagine extremely expensive services

11:24 <rwmjones> I did a talk (internal at Red Hat) about using frama-c, ACSL, compcert, etc to go from source level to hardware

11:24 <rwmjones> verified all the way

11:36 <somlo> some of the "privilege escalation" silicon attacks I mentioned in my fosdem slide deck are the A2 trojan (https://web.eecs.umich.edu/%7Etaustin/papers/OAKLAND16-a2attack.pdf) where all they need is cca. 20 extra transistors and one capacitor, carefully connected to the rest of your asic cpu, to allow a pre-determined sequence of unpriv. instructions to flip a bit (e.g., your ring/privilege flag)

11:37 <somlo> I'd expect 20 transistors to be rather hard to spot in a die shot :)

11:37 <somlo> then there's switching dopant polarity in "select" transistors to make e.g. a random number generator more predictable: https://pdfs.semanticscholar.org/6407/ebd0a24026e4dad84bcc10fbba165d521a50.pdf

11:37 <somlo> that'd be altogether impossible to spot in a die shot

11:38 <somlo> my "defense" is predicated on the FPGA designers and the foundry that made it having no idea what I'll be using it for, *later* :)

11:38 <somlo> so they can't fine-tune a privilege escalation silicon attack tailored to my (future) bitstream.

11:40 <somlo> and I'm currently studying vlsi design (the uni where I work lets me take free classes) to see if there's anything more that could be done (not too hopeful, but at least I'm learning something fun) :)

12:35 zsun has joined #fedora-riscv

13:03 <rwmjones> agreed

15:12 davidlt has joined #fedora-riscv

16:16 zsun has quit [Quit: Leaving.]

17:54 nirik has quit [Quit: ZNC 1.8.2 - https://znc.in]

17:57 nirik has joined #fedora-riscv

19:02 davidlt has quit [Ping timeout: 255 seconds]

20:34 esv_ has joined #fedora-riscv

20:37 esv has quit [Ping timeout: 252 seconds]