Title: RoughV1
Date: 2016-12-15 22:43
Modified: 2021-02-14 17:33
This is a proposed version 0.01 product as a proof of concept. The
intent is not to have a very useful product, but rather to gain
confidence in our architecture, tools, and team. The result is intended
to be the basis for further development into a more useful second stage,
in the sense of
agile development.
It very intentionally is not a
waterfall design,
The interface between the Green and Yellow layers is seen as an important design
inflection.
Some code will be in C in the Green (auxiliary core) because we can get it open
source out of the can. for v.2 (or whatever) we would move it down to the FPGA in
Verilog.
- Persistent Storage
- For Keys and Time
- Or the battery for tamper wipe is big enough to hold the FPGA up
- Or the Green processor has enough non-volatile store
- Entropy Source
- Realtime Clock
- Tamper Mechanism
#!html
<h1 style="text-align: left; color: blue">
Blue / FPGA
</h1>
- TRNG
- BigNumber, Modular, & Exponentiation (expose to green for RSA)
- SHA-256
- AES-128
- EC for ECDH. Curve3617 would be nice, but whatever we can get open source to start
- OpenRISC Core or ARM to support Green (maybe FreeScale from Bunnie)
#!html
<h1 style="text-align: left; color: green">
Green / On-Chip Core
</h1>
- RSA 2048 & 4096 (move to blue later) [ 1024 for Tor? ]
- MACs: HMAC, 1305, uMAC
- DH (move to blue later)
- Device Activation, Move Authorization, Wiping
#!html
<h1 style="text-align: left; color: yellow">
Yellow / Off-Chip Support
</h1>
- Interface to Red
- PKCS!#8
- PKCS!#11
- PGP Support
- X.509 and PGP
- PKCS!#11 for POLA resistance
- No PKCS!#10 because it will take a year
- Backup may be just dump/restore of the whole FPGA/CoreState
#!html
<h1 style="text-align: left; color: red">
Red / Applications
</h1>
- X.509 CA
- DNSSEC
- PGP (asymmetric key sign/verify + symmetric message encryption/decryption)
- Tor consensus(?)
- License of tool chain to build
- License for borrowed components (open cores, open fpga)
- License for result
- What we build ourselves - BSD
- What components we ship - life is compromise
- Toolchains, Verilog, C, ...
- FPGAs and ASICs use a Verilog-based toolchain. There are no mature open
Verilog compilers so the DDC approach
will not work. Net-list optimization is also an issue. We're looking into this,
but it's going to be really hard. Research for v2.
- Protoyping platform
- RTC, external connectivity to et some sort of assured time
- Repository - too many git junkies. Keep main repo on our server for the security boundary. Can mirror on GitHub to be socially cool.
- Emacs or vi (no Rob, not TECO) :)