[aa-jv]

I think the more important maxim to follow is this: if you didn't manufacture your own sillicon, you are infinitely more hackable than if you did.

Alas, no matter how hard we try to trust our compilers, we must also adopt methods to trust our foundries.

Oh, we don't have our own foundries?

Yeah, thats the real problem. Who owns the foundries?

[pydry]

When has anybody ever been hacked via a foundry?

While having your own foundry is undoubtedly a good thing from the perspective of supply chain resiliency, if hacking is what you're worried about there are probably easier ways to mitigate (e.g. a bit more rigor in QC).

[kragen]

Roughly everybody you've ever met, 100% of the time.

There's a reason the NSA can get Intel CPUs without IME and you can't. Given the incentives and competence of the people involved, it's probably an intentional vulnerability that you can't escape because you don't fab your own chips. There's strong circumstantial evidence that Huawei got banned from selling their products in the US for doing the same thing. And the Crypto AG backdoor (in hardware but probably not in silicon) was probably central to a lot of 20th-century international relations, though that wasn't publicly known until much later.

And this is before we get into penny-ante malicious hardware like laser printer toner cartridges, carrier-locked cellphones, and HDMI copy protection.

No amount of QC is going to remove malicious hardware; at best, it can tell you it's there.

[pydry]

I can. Purism and system76 disable the IME.

This is also a completely different threat model but whatever.

[kragen]

I think they're using me_cleaner, which does appear to work, but using software to disable a hardware backdoor is inherently unreliable.

[pydry]

Either way this isnt a foundry covertly inserting a back door. It is a foundry openly inserting a back door and turning it into a feature.

A small country that imports these chips and wanted to protect its national security by providing "me disabled" chips wouldnt need a whole foundry of its own to turn it off or to verify that there isnt a "hidden" ME. The cost of this would probably run into low millions not billions.

[purplehat_]

Not exactly what you're asking, but multiple CVEs have been found in Intel's Management Engine (ME) which have been used in spyware.

It might not be an intentional backdoor, but it very much seems designed with out-of-band access in mind, with the AMT remote management features and the fact that the network controller has DMA (this enables packet interception).

[IAmBroom]

"When" is what we will likely never know, given the subterranean depth of trust and visibility there. Probably never...

[aa-jv]

Do you know what "your" CPU is doing? Do you really?

[lisbbb]

I always figured the spy crap was programmed right in to the chips themselves and the BIOS.

[smithkl42]

Nah, if I manufactured my own silicon, I'd be infinitely more hackable than I am right now - just like if I wrote my own crypto code. 99.9999% of people are going to be more secure if they just rely on publicly accessible cryptography (and silicon). Otherwise you're just going to be making stupid mistakes that real cryptographers and security folks found and wrote defenses against three decades ago.

[MomsAVoxell]

If you could make your own silicon, you could create a guild or a federation to audit it, and then your trust circle would be smaller and therefore safer.

>Otherwise you're just going to be making stupid mistakes that real cryptographers and security folks found and wrote defenses against three decades ago.

Yeah, thats the point, learn those same techniques, get it in the guild, and watch each others backs.

Rather than just 'trusting' some faceless war profiteers from the midst of an out of control military-industrial complex.