[Cryptech Core] multiple offers...

Peter Stuge peter at stuge.se
Thu Apr 30 14:25:24 UTC 2015


Jacob wrote:
> While SW can be open source and GPLed or Public-Domained or what have you, 
> and can be developed with open source tool chain (to a limit), this is not 
> the case with modern electronic HW:

Sorry, but that's plain wrong. I do it myself and I have seen other
projects which do much more advanced things than my toying around.

> - The MCU

Is a machine which we buy, and thus own. (Not the design, the machine.)

Why iMX6? I believe because it is more open than most.

> and the FPGA cores

Are developed by Cryptech and published under an open license,
precisely because the status quo in this field is unsatisfactory.

> are proprietary,

That's why Cryptech exists. Proprietary was not good enough.


> All the components on the board are copyrighted and patented.

Sure, but as long as open tools and open data formats can be used
with these machines that we own, that's not so bad. Copyright and
patents are not the issue.

Controlling our information is the issue, especially inside
cryptosystems.

There are open MCUs and one or two open programmable logic parts,
but the Alpha board doesn't have openness-where-possible as a higher
priority than a particular level of performance or time-to-market.

I find that deeply concerning.

It is obviously irrelevant for the Alpha board itself. But what about
the Beta boards which are derived from it, and which end up becoming
a couple of reference designs?


> - The Xilinx design tools

Like I said, I know what you're saying. I've brought this up before.


> - The USB protocol (even the connectors and cabling) is heavily
>   patented, copyrighted and licensed by usb.org

Relevance? The specification is open, parts which we buy include dues.
Protocol implementations are open, down to the SIE if we want.

If we want to use USB we just need to sort out number assignment,
either by paying USB-IF for a Cryptech vendor id, or by asking
OpenMoko for product ids.


> Now for the PCB layout program. KiCAD is open source, and since CERN 
> started to put some serious effort into it last year it started to get some 
> modern features. But we are not there yet. However, the database format is 
> unique and I doubt that there is a meaningful SI/PI analysis software that 
> would accept it.

I think that's accurate, and it's a big problem not only for Cryptech,
but for everyone. CERN cares. Cryptech pretends to also care, but only
as long as that does not get in the way of "real work".

There seems to be a disconnect. I consider these two issues
(toolchain and trusted deliverable) to be intimately connected.


> If you want to do a complex board fast and good

I would rather want slow, good and open.

Security always comes at a cost.


> -People I know who develop an open source Windows package are perfectly OK 
> to use Visual Studio. The debugging facilities alone are worth it, and the 
> result is still open-source.

Yes; the files are in an open format. If they are skilled they can even
write their code so that multiple different toolchains can build it.


> -Bunnie used Altium (licensed and closed and copyrighted) to design his 

(All software is copyrighted and licensed. Public domain doesn't exist
everywhere.)

> Novena board. He still calls his system "open source HW" and Cryptech is 
> happy to use it.

I think Novena is a step in the right direction and a great achievement,
but it would obviously have been more valuable if it had used open
formats, and by the way - why isn't Alpha re-using Novena source?

I would not have called Novena open source hardware, but that's a
choice for each author.


The whole world has been taught to be locked-in. You and many other
who do EDA work on a daily basis rationalize being locked-in to
proprietary tools very well. Being locked-out of *your own data*.


> open source product
..
> - I think the greatness of the Cryptech project is that the software
>   and the hardware is open source

I don't consider information in a closed format to be open.


//Peter



More information about the Core mailing list