[Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

(Response to an old email.)

★ STMAN ★ wrote:
> - Novena’s implementation of the Xilinx LX45 FPGA is not equipped 
> with EPROM/FLASH : It only has SDRAM : Implementing a processor with 
> it means that, not only the Bitfile of the FPGA must be transferred 
> through the I2C Bus with the risk or Bitfile corruption by an NSA 
> Malware, but also, implementing a « common processor » or « SoC » 
> with it would force the designer to add some supplementary VDHL code 
> in order to have the bootstrap, programs, and OS binaries to be also 
> transferred from the Non-Secure FreeScale Quad core processor to the 
> FPGA’s SDRAM memory using the I2C Bus again, before being able to « 
> boot the FPGA’s made processor

Yes, the ability for the FPGA on the Novena to boot independently is an
issue. But you can still use that board to develop the functionality you
need in a controlled mannner using the Novena since you would always
generate a new configuration file using another machine and for another
board.

We probably have a different definition of development and prototyping
boards. For the security levels you need you will probably need to
modify or do a clean slate board design. But you can always use ready
made development boards. That is the common way to develop most systems.


> Logic Blocs), but I think it would be necessary to have bigger FPGA 
> (I would say minimum LX75 for example) with at least 75k CLB in
> order to be able to implement a full SoC equivalent to a « Raspberry
> Pi » SoC into the FPGA (FYI the Maximum being LX150 with 150k CLB).

Ok, this is important. We (Linus and I) didn't discuss in great detail
what functions is needed, the performance targets and what would be
acceptable system partitions.

What we for example talked about was a simple key store and possibly
signig machine that would allow you to move that functionality off the
main system. This machine would not need a proper CPU nor very high
speed communication. But if the idea is to build a full blown custom
specific router then we are talking about a completely different beast.


> For all these reasons, using Novena as a platform for experimenting 
> the development of Secure TOR Routers / End Points is not an easy 
> task, and some important security concerns related to the injection 
> of the Bitfile AND the binary code that the « FPGA emulated 
> processor/SoC will run through the I2C Bus remain a very important 
> problem : It is obvious that if the NSA or any other agency is aware 
> we are working on such things that they will develop some 
> spyware/tools to interfere with the BitFile / Binary code 
> transmission through the I2C Bus.

Yes. And if they mess with the development board so what? The final
bitfile will not be the same unless the Novena board is actually used
for the final system. You should worry more about macros inside the
FPGA, the opaque tool chain used to generate the bitfile, attacks on the
source files since they will be the same.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJT4dDpAAoJEF3cfFQkIuyNo2cQALLRiGX0WF+MR05UPQNqGBxu
iHZEznGua/At9A7yv/lanaZd0eVmndIcmFxmWsq+AGxaG7boIlZYD8KkC8dHCCIh
2Y0VHKtowGJeuqxDHP8Jpq/aECjg4Rty0GQn6mHTbyE8ZaEWIVq8A60EIsw8n9kX
+W37Gv8u2tizyyDchU41E4d5AbXdP47vJeYRF2cTJZwIER3BctqTUZoAAU+3/B8Y
WhVSvHRy4hrQ+G+gPTjZxD7qTa+q8vbjfcvmBJWfZMYUBqYKzQvtxdx8Sjfp7ka1
87nV7sNpiREMy0xxmitTsaN9Cr4hOwtsEZghLtWDvrrVZzSXrAACifOMx1dBV2FN
xpI71ux1E5P+0zLE0/TvDr02ycrfFb9JU01VpTQv6dM+tKBd5JzaH1Byxn4JhJti
rn8F3FFEgZLitnI+TIwEkTRF6QQKaSzxOBNQp6mUhHqZpllhyhC2G0YikFfb5MEo
TP1tS/4dJlB+KPIBCyNFvPCWEb4TRbqmJf+5yU7BbvEDZ2XZ63GMAqPv/SEieqpI
W3qwUMiO2vT/r7gZZRdlDgm1Q427ICYNGZTIxJuXEo63rWQrLd8H3gK5SOz7C7qy
vqwXmQa17IpusdVgho08KztctetgI8BZhBKSj63n6ox8M/xwAmjNH1PmwbrNm1M9
SXr2977Im6TpPRhziWH+
=nzql
-----END PGP SIGNATURE-----