[Cryptech Tech] Alpha board strategy

Joachim Strömbergson joachim at secworks.se
Thu Feb 19 09:22:13 UTC 2015

Previous message: [Cryptech Tech] Alpha board strategy
Next message: [Cryptech Tech] Alpha board strategy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Randy Bush wrote:
> meet the full set of functions for EACH use case, i.e. any one use
> case, not all at once.  i.e. dnssec signing does not need ec.

True. But if we for example want to have sha1-512, trng, RSA-4096 and
AES-ESSIV key wrapping a Cyclone V A7/C7 may have headroom enough, or
mabye not. If we want to give ourselves slack and move forward fast
having support for two FPGAs is a proper solution.

We haven't been discussing FPGA configuration very much yet. There are
several ways to do it. And they could be seen as being more or less secure.

One way to do it, which is very flexible and nice is to do it like the
Novena. On the Novena it is the CPU that configures the FPGA. This
allows you to change your FPGA HW in a few seconds to meet new
requirements. But if the CPU is 0wned, they could for example download a
FPGA design that extracts the Master Key from its memory.

The opposite configuration version is to have separate configuration
memories on the board that requires you to physically connect a
programmer with a cable to write to the memory. The CPU cannot alter the
configuration.

A middle ground is to have the CPU be able to write to the configuration
memory and then force the FPGA to recofigure itself. The write enable
signal from the CPU could then also be equipped with a physical switch
that would allow you to block the write operations. This makes it easy
to debug and then lock down a configuration that you trust prior to
deployment.

For the alpha board (rev one) I would think that we want to have either
full cpu control or cpu via configuration memory.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJU5atFAAoJEF3cfFQkIuyNucsQAIgZtm6NqcR1T/USXKMGG579
SmrUX7oMlmJLtUSSM7C8/HuAzjbGrUzVQ+2aAVQ/84gITe79XyR4Kk13wMzHQpss
hCnAUdpQB3mh0yydfwRRQpmtfuV5W4XrQ2H4kIH5k3RtvHUgNHEJO81c8z5HqZf8
iVZ8pbqAC1nk5cZpoCLpgLmKgrUhTe++cs5HUg8gYSS3bdRgbkOJ18q+s8pmBGDt
gpUn3f8Jcb74XVjfAJBGnP1H5xibWW3mWBh7ZEbElun1xVCBkLLvJ9iQpMIt/hQA
rsCbVdjXPAfiAXbpVkzrcqNUE/BZ1nPfTYd7/kBO9iXK3h5bmhUBCiKzFEPYt19E
51GriKmv/mT2Ck+iLPdaUxsqDSDJFTZAoxcElM6sOl6dHFAyIpmZv/fr85+DOvdx
lZ/CE+wAc/k2/DV6LuTH+4iZKZY6n811ct0NpdIzNbstTEz633Xa25V63wp5+hVT
YdMhFSs7QlyZDnrQb98jRbGjfjc1XYGrbOmdRO7yAKPhOMgXLlNH9RQaZEXYiRQv
/C6qlHiCmqjmjlfisSF/5R39LVn54AkKhXl9H428XMezcy9JCfXAX9pKngci/6Fb
0fhJY0oSbg6/ZMhIeKVaRF9yM1opdKLJ22rM+GQWU4JaLSPZprqtktbahxgnKj1h
/G3H61bRXhSQgZVqyK6W
=WbUU
-----END PGP SIGNATURE-----

Previous message: [Cryptech Tech] Alpha board strategy
Next message: [Cryptech Tech] Alpha board strategy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list