[Cryptech Tech] design software

Pavel Shatov meisterpaul1 at yandex.ru
Wed Jan 20 16:47:04 UTC 2016


On 20.01.2016 3:02, Peter Gutmann wrote:
>
> You need to distinguish though between "can audit" and "will audit".  If you
> want to create the presumption of auditability then by all means use some sort
> of open format.  However, if existing practice is anything to go by, no-one
> will ever audit the code.  They may glance through it (which is how some
> existing bugs were found, both the PGP and GPG bugs were found more or less by
> accident), but it'll never get audited unless you pay a third party to do it
> (in which case they will presumably have whatever tools are needed for the
> job).
>
> It just doesn't seem like a good idea to constrain the developers into using
> inferior tools in order to accommodate an event that will almost certainly
> never happen.
>

Well, we already don't have full formal auditability. As Bernd Paysan 
pointed out, the bitstream format for our FPGA is not open, and we use 
closed-source toolchain from FPGA vendor, so we can't prove, that our 
bitstream matches our Verilog sources. In theory this can only be done 
for some older devices from Lattice Semconductor, because people have 
reverse engineered their bitstream format and developed alternative open 
source toolchain. So we can only wait and hope, that some day this will 
be possible for newer devices from Xilinx like the one we're going to 
use in Alpha board.

Given that there's already one "dark corner" we can't avoid, maybe 
closed-source PCB layout tool is not that terrible. At least there's 
still hope, that someone brave enough may clone the design using open 
source tools or maybe better open source EDA software will become available.


-- 
With best regards,
Pavel Shatov


More information about the Tech mailing list