Reply by Simon Clubley●December 21, 20102010-12-21
On 2010-11-17, Matthew Hicks <mdhicks2@uiuc.edu> wrote:
> For those interested in practical attacks and practical defenses please see
> my paper, "Overcoming an untrusted computing base: detecting and removing
> malicious hardware automatically" from this year's IEEE Security and Privacy.
> We describe attacks that pass all processor certification tests that can
> be triggered by opcodes or data. Unfourtanetly the SA article didn't present
> the latest and greatest in the area.
>
Yes, I know the post I am replying to is a month old, but I have a reading
backlog and just got around to reading this paper :-).
It's a interesting paper, which covers a detection technique which can be
useful in many circumstances. The crucial thing however, is that the
technique only works when the overall hardware producer can be trusted
as the technique is designed to find a rogue subcontractor who makes
unauthorised modifications to a design.
It doesn't cover the case when the overall hardware producer is willing
to insert a backdoor at the request of a third party (eg: a nation's
security organisation).
However, it's still a interesting read and explains multiple and viable
ways of implementing and triggering backdoors in hardware, one or two of
which I had not really considered.
Simon.
--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
Reply by ●November 17, 20102010-11-17
For those interested in practical attacks and practical defenses please see
my paper, "Overcoming an untrusted computing base: detecting and removing
malicious hardware automatically" from this year's IEEE Security and Privacy.
We describe attacks that pass all processor certification tests that can
be triggered by opcodes or data. Unfourtanetly the SA article didn't present
the latest and greatest in the area.
---Matthew Hicks
www.firefalcon.com
> On Nov 1, 5:48 pm, "Paul E. Bennett" <Paul_E.Benn...@topmail.co.uk>
> wrote:
>
>> Simon Clubley wrote:
>>
>>> On 2010-10-31, Paul E. Bennett <Paul_E.Benn...@topmail.co.uk> wrote:
>>>
>>>> So you think it might just be sensationalism then?
>>>>
>>> Yes and no.
>>>
>>> There's clearly a major element of sensationalism, but there's also
>>> a real potential issue which has been identified as well. What I
>>> don't have a feeling for is where viable reality becomes
>>> sensationalism.
>>>
>> [%X]
>>
>>> One could argue the hardware based approach allows malicious logic
>>> to be more easily hidden, but are there less risky ways of achieving
>>> your goals ?
>>>
>> Software based attacks seem to be doing just fine for the moment.
>>
>>> If there is a real advantage, is that advantage sufficient for the
>>> risks and resources involved in taking a hardware based approach ?
>>>
>>> I honestly do not know.
>>>
>> I am not sure anyone does.
>>
>>> Simon.
>>>
>>> PS: BTW, just out of interest, which stack based processors do you
>>> use ?
>>>
>> Have used Novix NC4016, Harros RTX2000 and 2010. More recently I have
>> been looking at the Intellasys SeaForth chips but am probably going
>> with the Green ArraysGA144for the next projects.
>>
> What sorts of projects do you expect to be using the GA144?
>
> Rick
>
Reply by Ulf Samuelsson●November 16, 20102010-11-16
2010-11-11 22:41, rickman skrev:
<snip>
>>
>>>>> Atmel doesn't make the flavor you need, go pound sand. With ARM you
>>>>> can go to another vendor to find just the mix that suits your app
>>>>> best.
>>>> OK, where do I order samples with 512 kB Flash and floating point unit?
>>>> Kinetis wont be available for a year.
>>
>>> Here is a perfect example of the problems with sole sourced parts. To
>>> work with an AVR32 I have to use the Atmel site. There the floating
>>> point is listed as something that "will be" offered. So is the site
>>> wrong or are you wrong? With the ARM community if I don't like one
>>> vendor because they have a poor web site and poor selection guides.
>>> In fact, the only selection guide I can find indicates the AVR32 has
>>> no peripherals other than Ethernet, USB and... well, that's it! It
>>> also shows no parts with FPU...
>>
>> You can download the AT32UC3C Series Preliminary Datasheet from:
>>
>> http://www.atmel.com/dyn/resources/prod_documents/doc32117.pdf
>>
>> Brief Overview at:http://www.atmel.com/dyn/corporate/view_detail.asp?FileName=Atmel_Int...
>>
>> The part is released to production.
>> There are rev C samples and development kits in stock.
>>
>> The production revision is Rev D.
>> The difference between rev C and rev D is increased functionality.
>> Rev D includes Ethernet and additional USART and I2C.
>>
>>
>>
>>> http://www.atmel.com/dyn/products/param_table.asp?family_id=607&Order...
>>
>>> This is exactly the sort of stuff I mean when I talk about the
>>> advantages of having multiple vendors for your chosen CPU.
>>
>>>> Truth is that it is so easy to change CPU architecture nowadays,
>>>> that you can live with multiple architectures.
>>>> If you don't find an ABR32 which will do the job, you
>>>> can go to an ARM, but why select a poor chip when you can get a good chip?
>>>> That is what consultants do all the time.
>>
>>> Yes, this is what I would expect to hear from the AVR32 vendor. But
>>> why select a dead end chip when I can select any of literally hundreds
>>> of variations in an ARM and simply not need to change tools and
>>> startup code? But you can ignore what your customers want...
>>
>>> BTW, when are your CM4 parts due out? Oh, that's right, you haven't
>>> gotten your CM0 parts out yet...
>>
>>> Rick
>>
>> --
>> Best Regards
>> Ulf Samuelsson
>> These are my own personal opinions, which may
>> or may not be shared by my employer Atmel Nordic AB
>
> I repeat the question... is the web site wrong or does Atmel consider
> this part not yet available?
>
> Rick
Since the part was put up on the website 2010-11-10,
neither of the alternatives are correct.
Best Regards
Ulf Samuelsson
Reply by Paul E. Bennett●November 16, 20102010-11-16
rickman wrote:
>> > PS: BTW, just out of interest, which stack based processors do you use
>> > ?
>>
>> Have used Novix NC4016, Harros RTX2000 and 2010. More recently I have
>> been looking at the Intellasys SeaForth chips but am probably going with
>> the Green ArraysGA144for the next projects.
>
> What sorts of projects do you expect to be using the GA144?
One is a logging instrumentation node.
The other project, more for fun than anything else, is a small robot with
binocular vision sensing.
--
********************************************************************
Paul E. Bennett...............<email://Paul_E.Bennett@topmail.co.uk>
Forth based HIDECS Consultancy
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-510979
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************
Reply by rickman●November 16, 20102010-11-16
On Nov 1, 5:48=A0pm, "Paul E. Bennett" <Paul_E.Benn...@topmail.co.uk>
wrote:
> Simon Clubley wrote:
> > On 2010-10-31, Paul E. Bennett <Paul_E.Benn...@topmail.co.uk> wrote:
> >> So you think it might just be sensationalism then?
>
> > Yes and no.
>
> > There's clearly a major element of sensationalism, but there's also a
> > real potential issue which has been identified as well. What I don't ha=
ve
> > a feeling for is where viable reality becomes sensationalism.
>
> [%X]
>
> > One could argue the hardware based approach allows malicious logic to b=
e
> > more easily hidden, but are there less risky ways of achieving your goa=
ls
> > ?
>
> Software based attacks seem to be doing just fine for the moment.
>
> > If there is a real advantage, is that advantage sufficient for the risk=
s
> > and resources involved in taking a hardware based approach ?
>
> > I honestly do not know.
>
> I am not sure anyone does.
>
> > Simon.
>
> > PS: BTW, just out of interest, which stack based processors do you use =
?
>
> Have used Novix NC4016, Harros RTX2000 and 2010. More recently I have bee=
n
> looking at the Intellasys SeaForth chips but am probably going with the
> Green ArraysGA144for the next projects.
What sorts of projects do you expect to be using the GA144?
Rick
Reply by rickman●November 11, 20102010-11-11
On Nov 10, 3:09=A0pm, Ulf Samuelsson <u...@a-t-m-e-l.com> wrote:
> rickman skrev:
>
>
>
> > On Nov 2, 7:41 am, Ulf Samuelsson <u...@a-t-m-e-l.com> wrote:
> >> rickman skrev:
> >>> On Oct 30, 8:58 am, David Brown
> >>> <david.br...@removethisbit.hesbynett.no> wrote:
> >>>> On 29/10/10 22:59, rickman wrote:
> >>>>> On Oct 29, 4:07 am, David Brown<da...@westcontrol.removethisbit.com=
>
> >>>>> wrote:
> >>>>>> On 29/10/2010 02:36, hamilton wrote:
> >>>>>>> On 10/28/2010 3:18 PM, Ulf Samuelsson wrote:
> >>>>>>>> The AVR32 is more in the Cortex-M4 class, than the M3.
> >>>>>>> How does the AVR32 compare to the MIPS processors ??
> >>>>>> It compares with difficulty.
> >>>>>> MIPS is a family of licensable cores covering a huge spread. =A0Th=
e
> >>>>>> microMIPS cores will be probably be smaller and lower power than a=
n
> >>>>>> AVR32 (though it will depend on the implementation), while the big=
gest
> >>>>>> cores are orders of magnitude faster. =A0"MIPS" is more like "ARM"=
in this
> >>>>>> respect.
> >>>>> I guess you can't knock the MIPS parts for being a poor step child
> >>>>> like the AVR32. =A0It may not be available from more than one maker=
as a
> >>>> I don't know quite what you mean about the AVR32 being a "poor step
> >>>> child" - it's an independent modern 32-bit processor architecture wi=
th
> >>>> all the advantages and disadvantages that brings.
> >>> Yes, poor step child as in not getting all the same stuff that the
> >>> others get... like a huge following, open source tools (not sure abou=
t
> >>> that one),
> >> There is a complete S/W environment available free of charge from Atme=
l.
> >> The source code of most stuff can be downloaded fromwww.atmel.com.
>
> >> =A0> but the main thing is that it is 100% sole sourced. =A0If
>
> >>> Atmel doesn't make the flavor you need, go pound sand. =A0With ARM yo=
u
> >>> can go to another vendor to find just the mix that suits your app
> >>> best.
> >> OK, where do I order samples with 512 kB Flash and floating point unit=
?
> >> Kinetis wont be available for a year.
>
> > Here is a perfect example of the problems with sole sourced parts. =A0T=
o
> > work with an AVR32 I have to use the Atmel site. =A0There the floating
> > point is listed as something that "will be" offered. =A0So is the site
> > wrong or are you wrong? =A0With the ARM community if I don't like one
> > vendor because they have a poor web site and poor selection guides.
> > In fact, the only selection guide I can find indicates the AVR32 has
> > no peripherals other than Ethernet, USB and... well, that's it! =A0It
> > also shows no parts with FPU...
>
> You can download the AT32UC3C Series Preliminary Datasheet from:
>
> http://www.atmel.com/dyn/resources/prod_documents/doc32117.pdf
>
> Brief Overview at:http://www.atmel.com/dyn/corporate/view_detail.asp?File=
Name=3DAtmel_Int...
>
> The part is released to production.
> There are rev C samples and development kits in stock.
>
> The production revision is Rev D.
> The difference between rev C and rev D is increased functionality.
> Rev D includes Ethernet and additional USART and I2C.
>
>
>
> >http://www.atmel.com/dyn/products/param_table.asp?family_id=3D607&Order.=
..
>
> > This is exactly the sort of stuff I mean when I talk about the
> > advantages of having multiple vendors for your chosen CPU.
>
> >> Truth is that it is so easy to change CPU architecture nowadays,
> >> that you can live with multiple architectures.
> >> If you don't find an ABR32 which will do the job, you
> >> can go to an ARM, but why select a poor chip when you can get a good c=
hip?
> >> That is what consultants do all the time.
>
> > Yes, this is what I would expect to hear from the AVR32 vendor. =A0But
> > why select a dead end chip when I can select any of literally hundreds
> > of variations in an ARM and simply not need to change tools and
> > startup code? =A0But you can ignore what your customers want...
>
> > BTW, when are your CM4 parts due out? =A0Oh, that's right, you haven't
> > gotten your CM0 parts out yet...
>
> > Rick
>
> --
> Best Regards
> Ulf Samuelsson
> These are my own personal opinions, which may
> or may not be shared by my employer Atmel Nordic AB
I repeat the question... is the web site wrong or does Atmel consider
this part not yet available?
Rick
Reply by Ulf Samuelsson●November 10, 20102010-11-10
rickman skrev:
> On Nov 2, 7:41 am, Ulf Samuelsson <u...@a-t-m-e-l.com> wrote:
>> rickman skrev:
>>> On Oct 30, 8:58 am, David Brown
>>> <david.br...@removethisbit.hesbynett.no> wrote:
>>>> On 29/10/10 22:59, rickman wrote:
>>>>> On Oct 29, 4:07 am, David Brown<da...@westcontrol.removethisbit.com>
>>>>> wrote:
>>>>>> On 29/10/2010 02:36, hamilton wrote:
>>>>>>> On 10/28/2010 3:18 PM, Ulf Samuelsson wrote:
>>>>>>>> The AVR32 is more in the Cortex-M4 class, than the M3.
>>>>>>> How does the AVR32 compare to the MIPS processors ??
>>>>>> It compares with difficulty.
>>>>>> MIPS is a family of licensable cores covering a huge spread. The
>>>>>> microMIPS cores will be probably be smaller and lower power than an
>>>>>> AVR32 (though it will depend on the implementation), while the biggest
>>>>>> cores are orders of magnitude faster. "MIPS" is more like "ARM" in this
>>>>>> respect.
>>>>> I guess you can't knock the MIPS parts for being a poor step child
>>>>> like the AVR32. It may not be available from more than one maker as a
>>>> I don't know quite what you mean about the AVR32 being a "poor step
>>>> child" - it's an independent modern 32-bit processor architecture with
>>>> all the advantages and disadvantages that brings.
>>> Yes, poor step child as in not getting all the same stuff that the
>>> others get... like a huge following, open source tools (not sure about
>>> that one),
>> There is a complete S/W environment available free of charge from Atmel.
>> The source code of most stuff can be downloaded fromwww.atmel.com.
>>
>> > but the main thing is that it is 100% sole sourced. If
>>
>>> Atmel doesn't make the flavor you need, go pound sand. With ARM you
>>> can go to another vendor to find just the mix that suits your app
>>> best.
>> OK, where do I order samples with 512 kB Flash and floating point unit?
>> Kinetis wont be available for a year.
>
> Here is a perfect example of the problems with sole sourced parts. To
> work with an AVR32 I have to use the Atmel site. There the floating
> point is listed as something that "will be" offered. So is the site
> wrong or are you wrong? With the ARM community if I don't like one
> vendor because they have a poor web site and poor selection guides.
> In fact, the only selection guide I can find indicates the AVR32 has
> no peripherals other than Ethernet, USB and... well, that's it! It
> also shows no parts with FPU...
>
> http://www.atmel.com/dyn/products/param_table.asp?family_id=607&OrderBy=part_no&Direction=ASC
>
> This is exactly the sort of stuff I mean when I talk about the
> advantages of having multiple vendors for your chosen CPU.
>
>
>> Truth is that it is so easy to change CPU architecture nowadays,
>> that you can live with multiple architectures.
>> If you don't find an ABR32 which will do the job, you
>> can go to an ARM, but why select a poor chip when you can get a good chip?
>> That is what consultants do all the time.
>
> Yes, this is what I would expect to hear from the AVR32 vendor. But
> why select a dead end chip when I can select any of literally hundreds
> of variations in an ARM and simply not need to change tools and
> startup code? But you can ignore what your customers want...
>
> BTW, when are your CM4 parts due out? Oh, that's right, you haven't
> gotten your CM0 parts out yet...
>
> Rick
--
Best Regards
Ulf Samuelsson
These are my own personal opinions, which may
or may not be shared by my employer Atmel Nordic AB
Reply by rickman●November 2, 20102010-11-02
On Nov 2, 7:41=A0am, Ulf Samuelsson <u...@a-t-m-e-l.com> wrote:
> rickman skrev:
> > On Oct 30, 8:58 am, David Brown
> > <david.br...@removethisbit.hesbynett.no> wrote:
> >> On 29/10/10 22:59, rickman wrote:
>
> >>> On Oct 29, 4:07 am, David Brown<da...@westcontrol.removethisbit.com>
> >>> wrote:
> >>>> On 29/10/2010 02:36, hamilton wrote:
> >>>>> On 10/28/2010 3:18 PM, Ulf Samuelsson wrote:
> >>>>>> The AVR32 is more in the Cortex-M4 class, than the M3.
> >>>>> How does the AVR32 compare to the MIPS processors ??
> >>>> It compares with difficulty.
> >>>> MIPS is a family of licensable cores covering a huge spread. =A0The
> >>>> microMIPS cores will be probably be smaller and lower power than an
> >>>> AVR32 (though it will depend on the implementation), while the bigge=
st
> >>>> cores are orders of magnitude faster. =A0"MIPS" is more like "ARM" i=
n this
> >>>> respect.
> >>> I guess you can't knock the MIPS parts for being a poor step child
> >>> like the AVR32. =A0It may not be available from more than one maker a=
s a
> >> I don't know quite what you mean about the AVR32 being a "poor step
> >> child" - it's an independent modern 32-bit processor architecture with
> >> all the advantages and disadvantages that brings.
>
> > Yes, poor step child as in not getting all the same stuff that the
> > others get... like a huge following, open source tools (not sure about
> > that one),
>
> There is a complete S/W environment available free of charge from Atmel.
> The source code of most stuff can be downloaded fromwww.atmel.com.
>
> =A0> but the main thing is that it is 100% sole sourced. =A0If
>
> > Atmel doesn't make the flavor you need, go pound sand. =A0With ARM you
> > can go to another vendor to find just the mix that suits your app
> > best.
>
> OK, where do I order samples with 512 kB Flash and floating point unit?
> Kinetis wont be available for a year.
Here is a perfect example of the problems with sole sourced parts. To
work with an AVR32 I have to use the Atmel site. There the floating
point is listed as something that "will be" offered. So is the site
wrong or are you wrong? With the ARM community if I don't like one
vendor because they have a poor web site and poor selection guides.
In fact, the only selection guide I can find indicates the AVR32 has
no peripherals other than Ethernet, USB and... well, that's it! It
also shows no parts with FPU...
http://www.atmel.com/dyn/products/param_table.asp?family_id=3D607&OrderBy=
=3Dpart_no&Direction=3DASC
This is exactly the sort of stuff I mean when I talk about the
advantages of having multiple vendors for your chosen CPU.
> Truth is that it is so easy to change CPU architecture nowadays,
> that you can live with multiple architectures.
> If you don't find an ABR32 which will do the job, you
> can go to an ARM, but why select a poor chip when you can get a good chip=
?
> That is what consultants do all the time.
Yes, this is what I would expect to hear from the AVR32 vendor. But
why select a dead end chip when I can select any of literally hundreds
of variations in an ARM and simply not need to change tools and
startup code? But you can ignore what your customers want...
BTW, when are your CM4 parts due out? Oh, that's right, you haven't
gotten your CM0 parts out yet...
Rick
Reply by Simon Clubley●November 2, 20102010-11-02
On 2010-11-01, Paul E. Bennett <Paul_E.Bennett@topmail.co.uk> wrote:
> Simon Clubley wrote:
>
>>
>> PS: BTW, just out of interest, which stack based processors do you use ?
>>
>
> Have used Novix NC4016, Harros RTX2000 and 2010. More recently I have been
> looking at the Intellasys SeaForth chips but am probably going with the
> Green Arrays GA144 for the next projects.
>
Thanks for the pointers. It's always interesting to read up about new (to me)
processor architectures.
Simon.
--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
Reply by Ulf Samuelsson●November 2, 20102010-11-02
rickman skrev:
> On Oct 30, 8:58 am, David Brown
> <david.br...@removethisbit.hesbynett.no> wrote:
>> On 29/10/10 22:59, rickman wrote:
>>
>>
>>
>>> On Oct 29, 4:07 am, David Brown<da...@westcontrol.removethisbit.com>
>>> wrote:
>>>> On 29/10/2010 02:36, hamilton wrote:
>>>>> On 10/28/2010 3:18 PM, Ulf Samuelsson wrote:
>>>>>> The AVR32 is more in the Cortex-M4 class, than the M3.
>>>>> How does the AVR32 compare to the MIPS processors ??
>>>> It compares with difficulty.
>>>> MIPS is a family of licensable cores covering a huge spread. The
>>>> microMIPS cores will be probably be smaller and lower power than an
>>>> AVR32 (though it will depend on the implementation), while the biggest
>>>> cores are orders of magnitude faster. "MIPS" is more like "ARM" in this
>>>> respect.
>>> I guess you can't knock the MIPS parts for being a poor step child
>>> like the AVR32. It may not be available from more than one maker as a
>> I don't know quite what you mean about the AVR32 being a "poor step
>> child" - it's an independent modern 32-bit processor architecture with
>> all the advantages and disadvantages that brings.
>
> Yes, poor step child as in not getting all the same stuff that the
> others get... like a huge following, open source tools (not sure about
> that one),
There is a complete S/W environment available free of charge from Atmel.
The source code of most stuff can be downloaded from www.atmel.com.
> but the main thing is that it is 100% sole sourced. If
> Atmel doesn't make the flavor you need, go pound sand. With ARM you
> can go to another vendor to find just the mix that suits your app
> best.
OK, where do I order samples with 512 kB Flash and floating point unit?
Kinetis wont be available for a year.
Truth is that it is so easy to change CPU architecture nowadays,
that you can live with multiple architectures.
If you don't find an ABR32 which will do the job, you
can go to an ARM, but why select a poor chip when you can get a good chip?
That is what consultants do all the time.
>
>> But MIPS has been around for decades - it's older than ARM, and
>> certainly much more established than the modern popular ARM cores. MIPS
>> also have more experience at the higher end - they had 64-bit cores long
>> before the amd64 architecture (or even Intel's disastrous IA-64), and
>> SMP is standard stuff for MIPS. But they haven't had so much at the low
>> end until recently - the microMIPS extensions are quite new. And they
>> have always targeted a few big customers rather than being used by the
>> "little people".
>
> I got no problem with MIPS. But if there is only one supplier of a
> MIPS MCU, it has the same limitation that AVR32 has.
>
>
>>> standard part, it does have a huge base of users, etc. So it is not
>>> likely to go away... at least not as a core. Has Microchip been
>>> selling these chips in high enough volume to assure that they will
>>> continue to make them for years to come? That would be my biggest
>>> concern at this point.
>> MIPS is a core that will never go away - it is far too established for
>> that. People who want a CPU core for their chips that will be used for
>> the next 20 years pick either MIPS or PPC cores.
>
> Isn't that what I said, it is not likely to go away... as a core. As
> an MCU it may or may not make the cut. Why do you think ARM is not
> good for the next 20 years? They are running away with the MCU market
> at this point.
>
>
> Rick
--
Best Regards
Ulf Samuelsson
These are my own personal opinions, which may
or may not be shared by my employer Atmel Nordic AB