On 08/05/2015 06:42 PM, Karl Schmidt wrote:
On 08/05/2015 01:15 PM, Timothy Pearson wrote:
The climate has changed drastically. I ported coreboot to the ASUS KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing), but I think x86 is now end of line for this task given that AMD is building a mandatory Platform Security Processor (PSP) into the next generation of Opterons, and that Intel has been forcing the Management Engine (ME) down everyone's throats.
My understanding of what is going on - it is claimed that this is about DRM, but that doesn't seem true as there has to be a lot of people that are also interested in keeping things secure for business reasons. Having a supervising closed source OS obviously makes things less secure (just the added complexity opens a bunch of attack vectors).
My hunch, from having managed and worked with EEs and programmers that are smarter than me - these guys have one flaw - they think there is no one else that can see what they see and find the flaws(or back-doors depending on who you ask). (I can imagine other countries have high level automated disassembly capabilities that remain unpublished).
So I think that the people that have to keep secrets in government - either have totally different hardware or our national security is totally exposed due to incompetence (I think the latter).
I'm at the point where I think the lack of physical write-protect on hard-drive BIOS, BIOS's of USB-drives, microcode - etc is probably purposeful - instead of getting closer to a system that is user audit-able - we are headed in the opposite direction.
It is indeed purposeful, but intended primarily for "convenience". Then certain bad actors (e.g. hackers, unethical corporations, and many nation states) abuse this for their own ends.
I'm an aging assembly programmer/hardware guy among other things - I understand what actually happens in these chips - but I think the folks that are steering this ship just might be dangerously clueless. If we can't build truly secure business platforms, there is a real risk of a business collapse. We can air-gap design production computers at a huge cost - but computers where people exchange money, by definition can't be disconnected.
Air-gapping will not protect against a truly malicious low-level firmware. You may slow data transfer somewhat and make initial access harder, but that's about it. For an example I refer you to the recent hacking of drive firmware to store interesting data in a hidden "partition" for later physical (non-network) retrieval.
We are currently exploring migrating to IBM POWER8 in our next upgrade cycle. The hardware is expensive, but is at least as powerful as Intel and much more secure.
Might need to head to FPGA based processors instead.
FPGAs are nowhere near powerful enough, and likely will never be compared to current generation processors in existence at the same time. IMHO the best path at this time is to find a non-consumer oriented platform where security outweighs convenience in the minds of the designers, and right now POWER8 appears to be the only remaining candidate. If IBM also goes to the "dark side" then custom silicon would be required, probably via licensing an existing core (ARM, POWER, SPARC, etc.) and removing the objectionable parts, however we would need to get a lot of companies on board for each run before that would be feasible.
Once thing is for sure, if no one supports the companies that make truly secure hardware and lets those companies know _why_ their hardware is being used over Intel and AMD then they will eventually make the same mistake...