undefined | Better HN

0 pointsabdullahkhalids1y ago0 comments

I imagine, with knowledge of the ISA, can help one can define a verification algorithm, in which, the CPU is probed with some known inputs to gain confidence that there is no backdoor.

0 comments

cesarb1y ago

> in which, the CPU is probed with some known inputs to gain confidence that there is no backdoor.

There are 2^64 possible values for a single register. It's not possible to probe all possible combinations of values for the over 60 user-accessible registers, to find the single combination which, when calling a specific one of the more than 2^30 possible instructions, silently flips a secret "disable all permissions checking" bit.

abdullahkhalidsOP1y ago

I did a 5 minutes search. There seems to be a lot of work in detecting hardware trojans. Sec 3.12 here [1] discusses some of these approaches. One line is one of the things I was thinking of when I commented. Basically, there are tradeoffs of how logically hidden the trojan is against how physically exposed it is.

> Using this defense method, any Trojan that can analyze the entire configurable structure must use complicated logic functions and take up a large silicon area, which greatly increases the possibility of being detected by security tools.

There are live methods of detecting trojans as well, where you have an additional chip checking what the CPU is doing at all times [2].

One of the main thing I have learned in my life is to not underestimate the ingenuity of cryptographers.

[1] https://arxiv.org/pdf/2107.04175

[2] https://re.public.polimi.it/bitstream/11311/1204477/1/DFTS_2...

lambdaone1y ago

It is, however, in principle possible to prove that a processor implements the spec and only the spec; seach for "formal verification risc v" to find out more.

Of course if someone can sneak a backdoor into the spec, all bets are off.

hmry1y ago

You would also need to prove that the physical processor in your hands was actually manufactured according to the verified design, and not a slightly different design with a back door added. Which is infeasible for all processors manufactured in the last 30 years.

1 more reply

colejohnson661y ago

You would just tailor your backdoor to not trigger unless a certain key sequence is performed.

j / k navigate · click thread line to collapse