Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can you list some of these parts that, by your definition, cannot be examined or verified? If you're talking about physical security features to make decapping difficult, surely a high-res xray would be good enough to verify that the hardware is as specified without being able to read the contents of nonvolatile memory, and without compromising physical security.


Question: could an x-ray device be made sensitive/high resolution enough to "read" whether a bit is flipped in silicon? (and extract the private key)


It's a tricky thing, and I fully admit that I have a limited understanding of the specific effects of x-rays on semiconductor devices. My understanding though is that you get higher resolution with higher-energy x-rays, and that as you increase the energy, you're more and more likely to damage the semiconductor (e.g. by inducing bit flips).

Here's some material from a flash memory manufacturer with more details: https://www.spansion.com/Support/Application%20Notes/X-ray_i...


Aren't the contents of NV memory pretty important though?

Anyway, it's just different than software. You can't sha sum your hardware to verify its what you expected.

I'm not sure, maybe an x-ray could see inside. Not unlike how binary blobs can be examined, but usually that's not considered open.


Manufacturers already use x-rays to make sure they're not installing counterfeit chips. Maybe we can look at the verification techniques used for US military procurement or by NASA.

I'd wager that we can have open hardware, and that its correct manufacture can be verified to a satisfactory degree by a combination of auditing and testing without running into limits of the laws of physics or inherent design requirements.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: