aboutsummaryrefslogtreecommitdiff
path: root/tracwiki/RoughV1.trac
blob: a142056b669352620fd944de14657ace6d0131be (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
= Rough Cut at v0.01 Proof of Concept Feature Set =

[[PageOutline]]

This is a proposed version 0.01 product as a proof of concept.  The
intent is not to have a very useful product, but rather to gain
confidence in our architecture, tools, and team.  The result is intended
to be the basis for further development into a more useful second stage,
in the sense of 
[https://en.wikipedia.org/wiki/Agile_software_development agile development].
It very intentionally is not a
[https://en.wikipedia.org/wiki/Waterfall_model waterfall design],

The interface between the Green and Yellow layers is seen as an important design
inflection.

Some code will be in C in the Green (auxiliary core) because we can get it open 
source out of the can.  for v.2 (or whatever) we would move it down to the FPGA in
Verilog.

== FPGA Overview ==
[[Image(HW_sketch_v0001.png)]]
\\
\\
== Sketch of TRNG Chain ==
[[Image(HW_RNG.png​)]]
\\
\\

== Off-FPGA ==
* Persistent Storage
 * For Keys and Time
 * Or the battery for tamper wipe is big enough to hold the FPGA up
 * Or the Green processor has enough non-volatile store
* Entropy Source
* Realtime Clock
* Tamper Mechanism

== Layers ==

{{{
#!html
<h1 style="text-align: left; color: blue">
  Blue / FPGA
</h1>
}}}

* TRNG
* !BigNumber, Modular, & Exponentiation (expose to green for RSA)
* SHA-256
* AES-128
* EC for ECDH. Curve3617 would be nice, but whatever we can get open source to start
* OpenRISC Core or ARM to support Green (maybe !FreeScale from Bunnie)

{{{
#!html
<h1 style="text-align: left; color: green">
  Green / On-Chip Core
</h1>
}}}

* RSA 2048 & 4096 (move to blue later) [ 1024 for Tor? ]
* MACs: HMAC, 1305, uMAC
* DH (move to blue later)
* Device Activation, Move Authorization, Wiping

{{{
#!html
<h1 style="text-align: left; color: yellow">
  Yellow / Off-Chip Support
</h1>
}}}

* Interface to Red
 * PKCS!#8
 * PKCS!#11
 * PGP Support
* X.509 and PGP
* PKCS!#11 for POLA resistance
* No PKCS!#10 because it will take a year
* Backup may be just dump/restore of the whole FPGA/!CoreState

{{{
#!html
<h1 style="text-align: left; color: red">
  Red / Applications
</h1>
}}}

* X.509 CA
* DNSSEC
* PGP (asymmetric key sign/verify + symmetric message encryption/decryption)
* Tor consensus(?)

== Issues in v0.01 ==

* License of tool chain to build
* License for borrowed components (open cores, open fpga)
* License for result
 * What we build ourselves - BSD
 * What components we ship - life is compromise
* Toolchains, Verilog, C, ...
* FPGAs and ASICs use a Verilog-based toolchain.  There are no mature open
  Verilog compilers so the [http://www.dwheeler.com/trusting-trust/ DDC approach]
  will not work.  Net-list optimization is also an issue.  We're looking into this, 
  but it's going to be really hard.  Research for v2.
* Protoyping platform
 * [http://www.bunniestudios.com/blog/?p=3265 Bunnie's Novena laptop]
 * Altera Evaluation Board
* RTC, external connectivity to et some sort of assured time
* Repository - too many git junkies.  Keep main repo on our server for the security boundary.  Can mirror on !GitHub to be socially cool.
* Emacs or vi (no Rob, not TECO) :)