[Cryptech Tech] USB interface

Rob Austein sra at hactrn.net
Tue Apr 7 17:27:53 UTC 2020


On Tue, 07 Apr 2020 01:41:08 -0400, Joachim Strömbergson wrote:
> On 2020-04-06 23:08, Peter Stuge wrote:
...
> > However, it would also be possible to wire both UART and e.g. SPI up,
> > and only ever use UART to begin with. That works with no software change.
> 
> I think this is a very intriguing idea. If you and Pavel can work out
> which components to use and update the design with this we have added
> infrastructure to allow future improvements with just SW.
> 
> How much effort would replacing the FTDI chips and adding extra wires
> between the new chips for SPI be?

I also find this interesting, but allow me to continue playing
hardware-clueless Devil's Advocate:

1) Assuming for purposes of discussion that an attacker captures the
   SADM11, what bad things can that attacker do using the SPI lines
   that the attacker couldn't already do via the UART?

2) Assuming for purposes of discussion that (1) includes any real
   threats, would it help to run those SPI lines through jumpers so
   that they could be physically disconnected?

(I did say "hardware-clueless"....)

> > Ideally I'd like to have such an initial firmware version working already
> > by the time we must decide if we jump off the cliff. Do we know when that is?
> 
> Estimate and decision pretty much about right now. ;-)

Yeah, that's what worries me.  This is cool stuff but we should have
been having this conversation months ago, at this point we may have
missed the window for this board rev.


More information about the Tech mailing list