Can you actually trust a chip?
I’m getting into hardware, and so far I mostly have questions. So much of security bottoms out in the silicon, and the silicon is where I understand the least. This one is a seedling on purpose: the things I keep turning over, written down so I can come back to them.
- Can you detect a hardware Trojan hidden among billions of transistors, without destroying the chip to check?
- Can side channels ever be eliminated, or only mitigated?
- What do you anchor a root of trust in, when it bottoms out in something you just have to assume is correct?
- Can a Trusted Execution Environment actually deliver on its promise, or is trusting the CPU vendor against a physical attacker a fundamentally broken threat model?
- Could you build a formal model of what a processor leaks, when the ISA says nothing about timing or power?
- Does open hardware like RISC-V help security through inspectability, or just hand attackers the blueprints?
- How do you get a market to pay for security that is invisible when it works?
If you have answers, or better questions, tell me.