From b58c60bcc4a6f3d3ccf4194ef862a808fdc3313b Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 14 Feb 2021 01:55:38 +0000
Subject: Hack images, store outputs in git again for now

Easier to track what each script change does if we keep the before and
after versions of the markdown in git too.  Clean this up eventually,
but simplifies development.
---
 markdown/AssuredTooChain.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 markdown/AssuredTooChain.md

(limited to 'markdown/AssuredTooChain.md')

diff --git a/markdown/AssuredTooChain.md b/markdown/AssuredTooChain.md
new file mode 100644
index 0000000..89ea7d9
--- /dev/null
+++ b/markdown/AssuredTooChain.md
@@ -0,0 +1,16 @@
+# Issues of an Assured Tool-Chain
+
+We do not have any assurance that our basic tools are not compromised.
+
+* Compilers
+* Operating Systems
+* Hardware Platforms
+* Verilog and Other Tools to Produce Chips
+
+
+At the base, is the compiler.  The fear was first formally expressed in
+Ken Thompson's 1984 Turing Award Lecture
+[Reflections on Trusting Trust](http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf).
+
+David A. Wheeler's PhD thesis, [Fully Countering Trusting Trust through Diverse Double-Compiling](http://www.dwheeler.com/trusting-trust/)
+outlines how we might deal with the compiler trust conundrum.
-- 
cgit v1.2.3