[Cryptech Tech] Cryptech HSM Reference Design Datasheet

Peter Franušić pfranusic at gmail.com
Fri Nov 13 20:32:16 UTC 2015


2015.Nov.13.2100.UTC

Hi folks. Happy Friday the 13th.

I had hoped to complete a preliminary "Cryptech HSM Reference Design
Datasheet" by today.  The rationale for such a datasheet is for
someone (like me, for example) who knows almost nothing about the
Cryptech HSM reference design to get a quick understanding of what the
HSM is and what it can do.  But at this point I only have a few ideas
(see below) and a request for comments on them.  (Hello, Heather?)

There are several existing Cryptech documents that have been
especially enlightening with respect to the creation of a datasheet.
One is the "Cryptech Alpha Board" drawing by Joachim dated
2015-May-27.  This drawing has kept me busy sifting through the
Artix-7 and Cortex-M4 specs to discover the various resources these
two devices provide to potential users.  These resources should be
identified in the datasheet.  Also a simplified block diagram.

Two other Cryptech documents I found enlightening were the two
slide-shows titled "Building a More Assured HSM with a More Assured
Tool-Chain" and "Building a More Assured HSM and Obsessing About the
Tool-Chain".  These two slide-shows are very similar, of course.  But
together they provide an overview of the security requirements that
Cryptech intends to meet over several development iterations.  These
requirements should be identified in the datasheet.

I was especially impressed with the attention to trust in the
tool-chain, because I believe that for an open-source HSM, an
open-source tool-chain is an absolute necessity, however difficult
that is to achieve.  Yes, "It is very hard to get an open Verilog
compiler" or any other HDL compiler, not to mention open
place-and-route software.  Anyway, the point is that the
identification of an open-source tool-chain should be part of the
datasheet, even if it's just a wish-list.

The "Begging" slide especially hit home with me: "We have no organized
funding effort as everyone is overworked" and "We need to give funding
assurance to a small team of very senior engineers".

The preliminary datasheet has always been a marketing tool, as this
old anecdote illustrates...  A design engineer is quite impressed with
the device featured in a preliminary datasheet.  He calls an
application engineer at the manufacturer and asks for a few samples.
The application engineer responds "Oh, so _that's_ what we're going to
be working on next."

Ciao.


More information about the Tech mailing list