A question: even if the source is open source, what prevents the vendor than sends it to the fab to insert back doors. Is there a way to verify that it is indeed the source in github that was used?
Yes and no. Sending a chip to one foundry to do the first few layers and taking the chip to a second or third foundry has been done at Stanford as a proof of concept to mitigate against this attack. Other attacks are still possible but likelihood of success starts dropping off a cliff.
Foundries will generally use different “standard cells” (ratio of dopant in silicon to make the basic building blocks of your “P’s” and your “N’s”) so this is actually a big ask and not trivially supported out of the gate.
This in turn can be worked around by double welling ones designs but it becomes a yak shave real fast.
With OpenTitan compiling on open synthesis tools we’re about 3 of 5 steps towards an open silicon root of trust.
There's a way to verify it statistically but it will be very expensive. Perhaps the verification can be automated down to commodity price if it is done often.
Get your batch of 1000+ devices. Uncap, repeatedly etch and scan a random subset to check the circuit is what you expected. Make sure it's you that chooses the subset.
ps. I would love to implement this if someone thinks it's a serious proposition!
It's not like it's easy to verify that binaries from Linux distributions correspond to sources without back doors, although https://reproducible-builds.org/ is working on that problem. I am not aware of any similar effort for open hardware.
[+] [-] algorithm314|5 years ago|reply
[+] [-] Confiks|5 years ago|reply
[1] https://www.youtube.com/watch?v=Hzb37RyagCQ
[+] [-] paulgerhardt|5 years ago|reply
Foundries will generally use different “standard cells” (ratio of dopant in silicon to make the basic building blocks of your “P’s” and your “N’s”) so this is actually a big ask and not trivially supported out of the gate.
This in turn can be worked around by double welling ones designs but it becomes a yak shave real fast.
With OpenTitan compiling on open synthesis tools we’re about 3 of 5 steps towards an open silicon root of trust.
[+] [-] jlokier|5 years ago|reply
Get your batch of 1000+ devices. Uncap, repeatedly etch and scan a random subset to check the circuit is what you expected. Make sure it's you that chooses the subset.
ps. I would love to implement this if someone thinks it's a serious proposition!
[+] [-] sanxiyn|5 years ago|reply
It's not like it's easy to verify that binaries from Linux distributions correspond to sources without back doors, although https://reproducible-builds.org/ is working on that problem. I am not aware of any similar effort for open hardware.