[avianes]

> But you’re really getting what the memory controller decides to give you.

Yes, here the memory is read through a debug bus.

> I could design a memory controller with landmines, as in “if you ask for 0x1234 I will go into a mode where I send back garbage for all future reads until power is cycled.”

Yes, it basically looks like a backdoor, and you can do it the other way around: The memory read through the debug bus is exactly the content of the ROM, but the memory controller is made so that when the processor reads a specific address or data it doesn't return the value in memory but something else.

This way even a person who would use a visual or an intrusive memory extraction method would not notice the backdoor. The only way to discover it is to do a full inspection of the logic, which probably nobody will do.

> Is this a thing?

Yes, sometimes some addresses in a memory system are effectively not readable (write only). As for example with some memory-mapped configuration registers, a 0-value may be returned instead of the register contents.

But your question sounds to me more about mechanisms to hide a backdoor.

Regarding hardware backdoors, they are always theoretically and practically possible, and almost always undetectable. Since nothing prevents the designer from introducing logic that has malicious behaviour and it's nearly non-observable.

This is the problem with theories about backdoors in modern processors. Without evidence, these theories fall into the realm of conspiracy theories. But it's almost impossible to have evidence and no-one can say that it doesn't exist.

[chii]

> But it's almost impossible to have evidence and no-one can say that it doesn't exist.

except for intel, if they publish how their hardware and microcode works internally? aka, opensourcing their internal design?

Of course, they can't since it will allow competitors to copy it, but would that work theoretically?

[ohazi]

No, this would not work.

Even if they released absolutely everything, there's no way to verify that the chips they actually make and sell conform to a design that they release without inspecting the actual chip. If you're really paranoid, you'd have to inspect every chip, and that's usually a destructive operation.

[gxt]

And the fab, or a rogue employee, or anyone/anything on the critical path to manufacturing, could decide to alter the design. Eg Stuxnet style where a worm gets in the fab via a contaminated usb key, a 3rd party could get to airgapped systems. With a sufficiently advanced attack, not Intel, not the fab, no one would know that a backdoor has been put in except the attacker himself.

And here's the million dollar idea, to verify you'd need to destructively inspect your chips at EOL to verify you haven't been screwed over. Anyone wants to start a business?

[avianes]

> And here's the million dollar idea, to verify you'd need to destructively inspect your chips at EOL to verify you haven't been screwed over. Anyone wants to start a business?

it only protects against backdoor injection by the fab (or the company that produces your masks)

And there are other solutions such as logic-locking.

The idea of logic-locking is to add XOR gates (or a more complex type of gate) to the circuit on well-chosen logic paths. To make the circuit behave correctly, it's required to know the value to be sent to each inserted XOR. These values may be generated by an RNG circuit that is seeded by a secret key.

At manufacturing time the key is kept secret, so it's not possible for the fab to reverse engineer your circuit logic to introduce a backdoor.

Once production is complete, the key is loaded into circuits for sale