[Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.

Joachim Strömbergson joachim at secworks.se
Wed Aug 6 07:01:29 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

★ STMAN ★ wrote:
> Hi Joachim & Linus & Lilith,
> 
> For the replacement of the Novena which is not « suitable » for 
> prototyping secure TOR routers (Too many custom additionnal hardware 
> to build for being fully operationnel), I am think for the moment to 
> this develpment board :
> 
> http://www.em.avnet.com/en-us/design/drc/Pages/Xilinx-Spartan-6-FPGA-LX75T-Development-Kit.aspx
>
>
> 
- - It has all what is needed to do the job right. - It is not
> expensive. - It is suitable with its PCIexpress bus to fit in 
> standard PC’s. - It has a standard FMC expansion connector :D

Avnet makes pretty good boards. But are you really considering using
PCIe for connectivity? AFAIK there are no complete PCIe open source
cores. Would you really trust the Xilinx PCIe macro?

I assumed that given the security requirements you would have, the
machine we are discussing would either be:

- - A simple addon connected using a fairly simple though also fairly slow
interface to a common PC.

- - A complete, self contained system.

I don't think the Avnet board is imho not very usable for either of
those to solutions.

In either case I would use the Novena and the TerasIC boards (for
diversity) to develop the main functionality (key signing for example).
And then in parallel design a more application specific board. For
example using one of the TerasIC boards and remove the cruft not needed
and add things like manual switches directly in the path of a key store
flash to block remote changes.

I really like the TerasIC boards. They are easy to use (connects cleanly
to the tools) and have good documentation including schematics,
reference designs etc.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJT4dLJAAoJEF3cfFQkIuyNQtoQALEttQruLSegEndiwlF/oHAM
VH01VVu944ZVCclrpCk9SPk4TlDmPDEKpRWg3lnhRzDPvd4/EnB2i2cWpK5W49fy
T77WPJJYox49QsO79kzvO1X9XB8zcrY0vN+ADv3pUnb5sCQBVVDHjupQb2AOQZdp
Ki9spCwdSXArKYesK8v3wyBBzedNadJR0YfnXckAU1A1ggaJ5U7r3sd4Ok6OyYC1
D+2sLcJR6QUl8Ay7tCSkENRe6feGmOX5z2rlJEzLJdC579IrE1x8hYU4Ug/Ltv0t
+itA0VomEdObmIa4C/JEBMLHF4wOiptkfbA/M+lyVk81Ne93aVqMLat/12znUp6h
w7KP8GtmxZXIiHAAJFtoH4pRY26dV2J0WLGBY4skZGTqUfZNf2InpqPHKezPl3MP
tNK0StF7Wkk3BxZ3waJqq/SIaNZfm93XVes5UIXPKUhlACJ//D6/RQW1v++20po1
Nven73AhQE1u9kcnpXcutLP19UIawz2qexeDHDTGhgmcKjVXCy2YlQ5COnYBlUEt
k499Z7NyGdThs/YKLm6Rq58Wy+iv6g6u0bVh4jqP3KVqZxNdeVDUVGQwSFgpge0j
O0XYGTJ61Ve4Qtz/Jrrng62WCy7ySI3NsoEiCkn+tREAlaGIoUOgRzkRVkkvFGvw
kD5YNXqZJFPmHs4NHcQ9
=/OQa
-----END PGP SIGNATURE-----


More information about the Tech mailing list