[Cryptech Core] alpha schematics
Pavel Shatov
meisterpaul1 at yandex.ru
Fri Dec 18 11:00:38 UTC 2015
On 17.12.2015 11:22, Joachim Strömbergson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Aloha!
>
> Pavel Shatov wrote:
>>> On sheet 2, there is a "Jumper deciding if FPGA/ARM/None should be
>>> allowed to turn off the entropy source (default On through
>>> pull-up)". It's not immediately clear why we would want to allow
>>> that.
>>
>> Repetitive avalanche breakdown causes degradation of P-N junction in
>> the noise circuit. As far as I remember, rather rough estimate of
>> board's expected lifetime is around two years. At some point we
>> thought, that it may be a good idea to power down the noise circuit,
>> when it is not needed to extend board's lifetime. I don't know,
>> whether we need this feature at all, and I also don't know what the
>> control algorithm should be. Fredrik and I decided to just provide
>> for this feature and discuss this issue on the tech list after we "go
>> public".
>
> I would suggest that the ability to turn the entropy source on or off is
> given to the FPGA. (Which of course could expose the control via the
> core API).
>
> If the control is done by the CPU or Tamper-MCU, then we could easily
> end up reseeding the CPRNG using only the ring oscillator based entropy
> provider.
>
> Having support for turning the entropy source off ana on adds quite a
> lot of complexity in terms of warm up times and startup testing vs
> starvation of RNG output and race problems.
Yes, that's what I'm worried about too. Fredrik and I decided so far,
that this on/off support will be disabled by default, i.e. the avalanche
entropy source will always be enabled. Later we can enable support for
turning it off by insertion of a jumper, but we'll need to thoroughly
discuss it on @tech before that.
--
With best regards,
Pavel Shatov
More information about the Core
mailing list