[Cryptech Tech] Comments on Alpha board schematics

Joachim Strömbergson joachim at secworks.se
Wed Jan 27 12:57:10 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Fredrik Thulin wrote:
> My point is that we will have to deal with warmup/bootup tests 
> regardless of if we do 1 or N bootups of the entropy source for every
> 1 bootup of the HSM.

No, N bootups will be much, much more complicated.

Warmup once during cold boot of the board is one thing. A lot of things
will take time, initiialize etc. Doing warmup delay, testing multiple
times while the board is quite probably running in operations mode open
up for starvation in SW, possible timeouts etc.

If the entropy source power control and thus warmup is under FPGA
control we can do this only during full reseed. But unless the reseed
gets a headsup, we either power up when it in fact wasn't needed, or we
risk adding the warmup delay right into the reseed time.

One point of having the TRNG chain structured with separated mixer and
FIFOs is that we can do reseed while delivering random data to
applications. This will risk breaking that assumption.

As I said. I can live with having the power down function on the board,
but possible to disable (i.e. it will be from the start.). But I think
it opens up a huge can of worms and will require quite a lot of thinking
and FPGA design to eliminate possible problems.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWqL6mAAoJEF3cfFQkIuyNH9gQAIg54JkJ/DuFivAAS5pqfTQm
RcYbfKXXS5QnN5NIRXT/pan70mAf2HrcTNB3fkos+glVqQbj4Yi7zo3CDzx4hZAK
m6Qi0tWraOrHiKIQhlkE9/HRsanoF5RW0ryECqhGdePsj7f1ObLgWU7arAe/s/Lm
tfDpzn0p/Q/D2RDo1GyogxOO694WiOhPlYXov8FMrsm9NjSSQkEg9xjbvBTBByeZ
sGM6jhe6n0zNZnbCHVJumg19IO1WqEURyoA46JCsZYlcDqr1iHO34R9e6Q3fYjGl
LRSPoTTyfagYovacbHaUHPK6c4/6HoCnd6a+U3/e/jlFnVmCyUDm52AkPJ7CKtyV
drPWN7RTfbs3OQV0xN+0vxfQviTg/Z/splVXxPGa3yy2k5hXSkx7qeSUkGwPaD3Y
HLz9XqrBCRQuhYuDrRQFte/P+UExhrR/Qi8DZqvrqLdFsuAAgtZp+Lw7LSRoMgXX
Br53KTwVtcVJBppn1ddmsCrWFZ/kcdfXy5hhFcxtpLBZFGTkOVvq7S6eYbiBDH/z
dQoFgmUxaY9jec8RikgP3gFYKp+8Rji3HuDa6xZKBLRcd93/tvm8Ru4IZoIhNT4X
XDVySVgP+OxTWa8ZLmxCX589aDg+QQ25MD5tsq9kvM5kE6jrlowgdl7sO3syRWn2
af1s1/l9lQDY8i6Vqhcf
=FScq
-----END PGP SIGNATURE-----


More information about the Tech mailing list