> Unless your adversary is someone sophisticated enough to do surgery on chips.
Since the threat assessment is important for deciding the strength of countermeasures, let me just add that this isn't as uncommon as you may believe. A company that I worked for had a decent capability to do this, and they were using it just to investigate the failures of electronic subsystems in their projects. Imagine what a more dedicated entity could achieve. This is why standards like FIPS 140-2/3 level-3/4 are very relevant in a significant number of corporate cases.
Talking about chip surgeries, I wish our distinguished expert Ken Shirrif could throw some light on the process. His work on legacy chips is one of the most noteworthy in the field.
I agree that side channel and physical attacks are crucial to stop. The predecessor to Mojo-V (Agita Labs TrustForge) was red teamed for three months including differential physical measurement attacks, and the system was never penetrated. So where there is a will there is a way!
Mojo-V stops software, inst timing, microarchitectural, and ciphertext side channels. Vendors can stop analog attacks if they choose to, but the reference design, which I am building, is meant to be really simple to integrate into an existing RISC-V core. Adding Mojo-V only requires changes to the Instruction Decoder and the Load-Store Queue, regardless of the complexity of the microarchitecture.
Since the threat assessment is important for deciding the strength of countermeasures, let me just add that this isn't as uncommon as you may believe. A company that I worked for had a decent capability to do this, and they were using it just to investigate the failures of electronic subsystems in their projects. Imagine what a more dedicated entity could achieve. This is why standards like FIPS 140-2/3 level-3/4 are very relevant in a significant number of corporate cases.
Talking about chip surgeries, I wish our distinguished expert Ken Shirrif could throw some light on the process. His work on legacy chips is one of the most noteworthy in the field.