[trustable-software] I fear we need trustable hardware too...

Paul Sherwood paul.sherwood at codethink.co.uk
Thu Jan 4 11:10:21 GMT 2018


When this discussion list in 2016 we were already seeing enough news 
headlines to realise the scale of the elephant in the room for software 
trustability.

Now it's becoming clear [1] with the discovery of the Meltdown + Spectre 
[2] vulnerabilities (and Rowhammer), we have to think about the elephant 
underneath... in the hardware.

My immediate emotional reaction has been to worry that this is just 
another signal that what we're thinking about is futile. What's the 
point of trustable software, if we can't trust the hardware?

After reflection and discussions with colleagues, we broadly concluded 
that discovering a secret tunnel into the basement doesn't reduce the 
need for us to fix the front door lock.

I need to re-scope and re-think some of my presentations and diagrams to 
include hardware, and expressly escalating hardware risks for customer 
projects.

But I'm interested to get others' thoughts on this, in the aftermath...

- are we wasting our time?
- is there any of what we are thinking about that re-applies to 
hardware?

br
Paul

[1] 
http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
[2] https://meltdownattack.com
[3] https://twitter.com/misc0110/status/948706387491786752



More information about the trustable-software mailing list