I haven’t kept up with it, but OpenCores is a balwark against this type of thing. FPGAs, while not as efficient as fab silicon, AFAIK lets one implement CPUs, interconnects and peripherals without any predefined channels to target for subversion. The NSA or other boogeymen couldn’t craft a backdoor for your FPGA CPU, since the FPGA is just a ‘blank slate’ until programmed so they have no idea even what to attack beforehand. The chip could be literally anything once programmed. FPGAs by design have to faithfully implement the basic gates, with no jiggery-pokery, otherwise it would be evident immediately that something was up. Right?
That was my thinking, yes. They could put in a very generic remote kill-switch, perhaps… fry the entire chip or reset it or something; but as they would have no idea ahead of time what sort of logic the user would put in there, there’s no way they could design a specific backdoor to anything.
The one exception might be if you use an FPGA for a network controller and the channels used to send data were predefined as part of the chip’s design, a generic backdoor could somehow exfiltrate that data via other means (same for wireless emissions – but TEMPEST-style techniques are now very well-known and defences can be erected outside of your local system).
FPGAs are mostly proprietary products with proprietary technology inside. Many also have “hard” IP blocks for various things sometimes including a “hard” ARM based computer subsystem.
If you are getting one and flashing your own CPU to it it will be harder to attack, but definitely not impossible. There have been vulnerabilities in FPGAs before.
I haven’t kept up with it, but OpenCores is a balwark against this type of thing. FPGAs, while not as efficient as fab silicon, AFAIK lets one implement CPUs, interconnects and peripherals without any predefined channels to target for subversion. The NSA or other boogeymen couldn’t craft a backdoor for your FPGA CPU, since the FPGA is just a ‘blank slate’ until programmed so they have no idea even what to attack beforehand. The chip could be literally anything once programmed. FPGAs by design have to faithfully implement the basic gates, with no jiggery-pokery, otherwise it would be evident immediately that something was up. Right?
I honestly do not know. Couldn’t the FPGA hide a backdoor routine on some kind of ROM?
Sure, but it wouldn’t be a backdoor into your ROM.
That was my thinking, yes. They could put in a very generic remote kill-switch, perhaps… fry the entire chip or reset it or something; but as they would have no idea ahead of time what sort of logic the user would put in there, there’s no way they could design a specific backdoor to anything.
The one exception might be if you use an FPGA for a network controller and the channels used to send data were predefined as part of the chip’s design, a generic backdoor could somehow exfiltrate that data via other means (same for wireless emissions – but TEMPEST-style techniques are now very well-known and defences can be erected outside of your local system).
FPGAs are mostly proprietary products with proprietary technology inside. Many also have “hard” IP blocks for various things sometimes including a “hard” ARM based computer subsystem.
If you are getting one and flashing your own CPU to it it will be harder to attack, but definitely not impossible. There have been vulnerabilities in FPGAs before.