[Cryptech Core] alpha schematics

Joachim Strömbergson joachim at secworks.se
Thu Dec 17 08:22:14 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Pavel Shatov wrote:
>> On sheet 2, there is a "Jumper deciding if FPGA/ARM/None should be 
>> allowed to turn off the entropy source (default On through
>> pull-up)". It's not immediately clear why we would want to allow
>> that.
> 
> Repetitive avalanche breakdown causes degradation of P-N junction in
> the noise circuit. As far as I remember, rather rough estimate of
> board's expected lifetime is around two years. At some point we
> thought, that it may be a good idea to power down the noise circuit,
> when it is not needed to extend board's lifetime. I don't know,
> whether we need this feature at all, and I also don't know what the
> control algorithm should be. Fredrik and I decided to just provide
> for this feature and discuss this issue on the tech list after we "go
> public".

I would suggest that the ability to turn the entropy source on or off is
given to the FPGA. (Which of course could expose the control via the
core API).

If the control is done by the CPU or Tamper-MCU, then we could easily
end up reseeding the CPRNG using only the ring oscillator based entropy
provider.

Having support for turning the entropy source off ana on adds quite a
lot of complexity in terms of warm up times and startup testing vs
starvation of RNG output and race problems.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWcnC2AAoJEF3cfFQkIuyNRDYP/1totHzPm5iWgpA4/76L3SGX
EniMM0mRBBY8gbFdKyoSwneecDQ9rP/LVcUxZ7FrRxU1ax85XzFsXIzuawQIIFnX
qMIzQgC7brOkx0pHLujvArkOwqP4h+z72i/4v5Ukh1kr8b+1drlSmcc5/abzVPRF
jey8tK6PJQG4YEpV7zJwv5eFz8IfMCkNfLT5cGMC8yEWRpwNwhFNYwgYRPqK3EVx
ricy8599bvVZerkIyU8nHBsJYke6jYOsKftq7D+pJ46C03ElUiVRFc9DFXzVJ7Ks
L0MDgfYF56NFW0QlmxawXYK1TihnpMdS51Dx4PSp6tl+O6yySFdNFLIXpyluFy1S
2mKZ0RX6kF5rS9HIgN/61IeTYTfUijsDGLN/H9R82H1vdEBYNGzqyzEt9CIydIvd
MIAZwdkvqS5p2P2D0sRzpvDvw+T/ZvoaSnxSL/ZKXbSk/zsVMx2jIq1RJi/uD7y0
+YDV1Zn6yILGDAMMYSbEQssCEtfqtZq8iwfO42REluUE/CdnxyY4Aib6bWeRN+c7
l04kgXAvLQQbhl8Nwfs+GhXKW7pZDEHPd9rZJG6GJh7Z0HMM90Uw8+1GqR+XepKE
ACPkzYcIFSFh1ltoABlClxW7J4g4d+DDg+9wEdHKa1YUcudJZ0U/36PcZuxjrweG
KrTrkIiYS5Bi7nnxTl5Z
=l0J2
-----END PGP SIGNATURE-----


More information about the Core mailing list