Is Closed source hardware safe?

I have some questions regarding closed source hardware.

  1. Are Intel and AMD CPUs closed source ? and are their designs publicly available for anyone to check and verify ?

  2. If the most used CPUs in the world are closed source, does that give the manufacturers the ability to embed malware in their chips and products ?

  3. Is there other dangers regarding using closed source hardware ?

  4. For example if we wanna examine a sample of water or food, we can take it to a lab under a microscope and do the necessary examinations on it to make sure nothing harmful is in there. Likewise, Can the CPU and other hardware be checked using some way to verify that there is nothing abusive going on ?

You could be asking about the CPU chip itself (the silicon), or about the firmware that is used to implement some instructions (CPU microcode), or about the homunculus CPU (the Intel Management Engine, in the case of Intel) and in respect of it the same two things (silicon and CPU microcode) plus the software that runs on the homunculus CPU.

I would say that the answer in all 5 cases (for Intel) is “yes”. Closed.

No.

They are certainly not verifiable. Therefore they cannot be known to be safe.

Given the moderate number of bugs that have emerged (for Intel), I think we can say that they are known not to be safe. However we can’t say whether that is intentional or unintentional. Most likely the latter.

In the case of the software for the Intel homunculus CPU, Intel goes out of its way to make it unverifiable.

Yes, but it may not be the most effective approach. Particularly in the case of silicon, if you embed malware then that malware is embedded permanently for everyone, including yourself and your “friends”. In other words, it is a very untargeted approach. You could easily shoot yourself in the foot.

Firmware and software are more desirable approaches i.e. anything that can be updated - so that the backdoor can be targeted.

  • It discourages competition i.e. potentially increases prices and reduces choice for the consumer.

  • It removes control from the user (the ostensible owner of the hardware). You could have parts of the computer communicating with each other or even with other computers, and parts of the computer doing things, where the user has no visibility of what is going on, much less control over it.

  • It also enables closedness at higher levels within the computer. In other words, closedness is like a virus that spreads from the foundation of the computer upwards to all other parts of the computer - until the entire computer is like an Apple-style walled garden.

7 Likes

I can think of one exception. A proprietary hardware solution with a normal 25 year patent. It protects the hardware manufacturer for 25 years from unfair completion (as intended). After that, it is fair game and can be rolled into the above post. (And the customers can determined if they have been fooled for 25 years.)

In addition to what @irvinewade said, I would add that both Intel and AMD have copyrighted reference designs for circuit boards using their processors, which every PC maker uses to some degree when designing their computers. Because Intel and AMD don’t allow PC makers to publicly release their schematics, there are no x86 PCs on the market with published schematics. However, you can occasionally find leaked board layouts for some models, and System76 will provide the schematics to their customers who ask for them and provide the serial number of their PC, but System76 (Clevo) doesn’t allow them to be published. Therefore there are some people who have been able to look at the schematics and board layouts for x86 PCs, but not the general public.

You need the schematics to understand how each wire is connected and the board layout to see where each component is placed on the circuit board. If you want to be able to repair a device or use a multimeter, oscilloscope or function generator to test components, then it helps to have the board layout. If you want to detect inserted spy chips, you need x-rays of the boards, so you can x-ray your own device and compare it with the published x-rays.

Here are the current computing devices with some published info on their hardware, that I know of off the top of my head:

  • RaptorCS publishes the board layout (PDF with normal copyright) for its POWER9 Talos II board (but not for its other boards).
  • OLIMEX publishes all sources for its devices including the CAD files under an Apache 2.0 license, including the TERES-I DIY Laptop with an Allwinner A64 processor.
  • PINE64 publishes the schematics for its devices (PDF with normal copyright) on their wiki. I know that some people have obtained the board layout views of their devices, but they aren’t published, so I assume that PINE64 only shares them with a limited number of people.
  • Purism publishes the schematics and board layout drawings (PDFs under the GPL 3.0) and x-rays (only for Birch so far, CC 4.0 license) for the Librem 5 (but can’t release anything for its x86 devices due to Intel’s copyright restrictions).
  • There are a handful of open hardware SBCs with free/open source licenses: Arduino, Intel Galileo (gen 1 and 2), LittleBits CloudBit, BeagleBone, Olimex OlinuXino, ADI MinnowBoard Turbot.
  • The Raspberry Pi is not open hardware, but it publishes the schematics and basic mechanical drawings (PDF with normal copyright).

If your concern is inserted spy chips, board layouts and x-rays may help you discover that, but I think that it is extremely unlikely that end-users (not servers and routers) have to worry about inserted spy chips for these reasons: 1, 2, 3

3 Likes

Can x-rays help us reverse engineer the CPU and make a detailed 3d model of it ?

You can delid a processor and take photos with a metallurgical microscope, and even use acid take off the top metal layer to get a better photo, as explained in this blog post. If you are looking at processors from 40 years ago, it was possible to see the individual gates in photos, but not with today’s processors that have line widths as small as 5nm. With today’s chips, you are just going to be able to identify the different blocks in the chips, as Tech Insights does in this article:

There are companies that can do cloning of circuit boards. They separate the layers in a printed circuit board to take photos of each layer, so they can recreate it.

By the way, if you want to legally “reverse engineer” something, you have a “clean room” (Chinese wall) where one team examines the product and then writes a spec that describes the product. Then another team recreates the product based on the spec, so they can’t be accused of stealing the intellectual property by copying, since they never saw the original product.

It is possible to see the gates with a scanning electron microscope, but chips consist of many layers so it doesn’t do you much good to get an image of the topmost layer. Here is a cross-section of an Intel Core 10nm chip with 13 metal layers:

Very usefull and insightfull read. Thanks

1 Like

Even if is open source, it can be subverted during fabrication:
Can You Insert Hardware Trojan Spyware IP into an IC at the Fab? Yes

1 Like

Suffice it to say it would take a sophisticated actor to do so. So either you discover who the bad fabs are (by accident or by test?) or assume all fabs are bad actors. Meaning the industry has been compromised everywhere.

If the latter, can lead to interesting situations. What happens when you have two (or more) bad actors attempting to insert spyware into the same chip? This can lead to turf wars. Or have the ownership lines already been drawn? (Like well organized genteel mafia families?)