From b58c60bcc4a6f3d3ccf4194ef862a808fdc3313b Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 14 Feb 2021 01:55:38 +0000 Subject: Hack images, store outputs in git again for now Easier to track what each script change does if we keep the before and after versions of the markdown in git too. Clean this up eventually, but simplifies development. --- markdown/RoughV1.md | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 markdown/RoughV1.md (limited to 'markdown/RoughV1.md') diff --git a/markdown/RoughV1.md b/markdown/RoughV1.md new file mode 100644 index 0000000..1891975 --- /dev/null +++ b/markdown/RoughV1.md @@ -0,0 +1,125 @@ +# Rough Cut at v0.01 Proof of Concept Feature Set + +[[PageOutline]] + +This is a proposed version 0.01 product as a proof of concept. The +intent is not to have a very useful product, but rather to gain +confidence in our architecture, tools, and team. The result is intended +to be the basis for further development into a more useful second stage, +in the sense of +[agile development](https://en.wikipedia.org/wiki/Agile_software_development). +It very intentionally is not a +[waterfall design](https://en.wikipedia.org/wiki/Waterfall_model), + +The interface between the Green and Yellow layers is seen as an important design +inflection. + +Some code will be in C in the Green (auxiliary core) because we can get it open +source out of the can. for v.2 (or whatever) we would move it down to the FPGA in +Verilog. + +## FPGA Overview +[[Image(HW_sketch_v0001.png)]] +\\ +\\ +## Sketch of TRNG Chain +[[Image(HW_RNG.png​)]] +\\ +\\ + +## Off-FPGA + +* Persistent Storage + * For Keys and Time + * Or the battery for tamper wipe is big enough to hold the FPGA up + * Or the Green processor has enough non-volatile store +* Entropy Source +* Realtime Clock +* Tamper Mechanism + + +## Layers + +``` +#!html +

+ Blue / FPGA +

+``` + + +* TRNG +* BigNumber, Modular, & Exponentiation (expose to green for RSA) +* SHA-256 +* AES-128 +* EC for ECDH. Curve3617 would be nice, but whatever we can get open source to start +* OpenRISC Core or ARM to support Green (maybe FreeScale from Bunnie) + + +``` +#!html +

+ Green / On-Chip Core +

+``` + + +* RSA 2048 & 4096 (move to blue later) [ 1024 for Tor? ] +* MACs: HMAC, 1305, uMAC +* DH (move to blue later) +* Device Activation, Move Authorization, Wiping + + +``` +#!html +

+ Yellow / Off-Chip Support +

+``` + + +* Interface to Red + * PKCS!#8 + * PKCS!#11 + * PGP Support +* X.509 and PGP +* PKCS!#11 for POLA resistance +* No PKCS!#10 because it will take a year +* Backup may be just dump/restore of the whole FPGA/CoreState + + +``` +#!html +

+ Red / Applications +

+``` + + +* X.509 CA +* DNSSEC +* PGP (asymmetric key sign/verify + symmetric message encryption/decryption) +* Tor consensus(?) + + +## Issues in v0.01 + + +* License of tool chain to build +* License for borrowed components (open cores, open fpga) +* License for result + * What we build ourselves - BSD + * What components we ship - life is compromise +* Toolchains, Verilog, C, ... +* FPGAs and ASICs use a Verilog-based toolchain. There are no mature open + + Verilog compilers so the [DDC approach](http://www.dwheeler.com/trusting-trust/) + will not work. Net-list optimization is also an issue. We're looking into this, + but it's going to be really hard. Research for v2. + +* Protoyping platform + * [Bunnie's Novena laptop](http://www.bunniestudios.com/blog/?p=3265) + * Altera Evaluation Board +* RTC, external connectivity to et some sort of assured time +* Repository - too many git junkies. Keep main repo on our server for the security boundary. Can mirror on GitHub to be socially cool. +* Emacs or vi (no Rob, not TECO) :) -- cgit v1.2.3