|
|
|
|
|
|
by tachyonbeam
2651 days ago
|
|
|
With intel/AMD you have an assurance that your chip does contain a backdoor. I know this is probably difficult to do, but if we have access to published architecture specs/layouts, it might be easier to audit the chip design, even if doing so requires an x-ray microscope. |
|
|
This is the crux of the matter. While your statements are perfectly correct, their implications aren't. The assumption with open source is always that it's easily auditable and anyone can see the source (code, floorplan, etc.) which somehow implies the finished binary or chip that you have received is "safe". And herein lies the problem:
1) Assuming the source is really clean there's no guarantee the end product is;
2) Even if the source appears to be clean you have no guarantee it was actually (thoroughly) checked because "someone else" always checks.
The best example I can give you is OpenSSL, a library used by most of the internet and hundreds of billion+ $ companies (and hundreds of thousands of million+ $ ones). It took 2 years for anyone to notice it. And there are far more qualified SW engineers around that could have spotted the bug than there are HW engineers capable of finding the equivalent backdoor in a complex piece of silicon. So I am very skeptical that someone would notice one if one was there.