Replying to Avatar cloud fodder

I've always wanted something like this, but my paranoia gets in the way. The software, could be possible for me to audit. But how to audit this hardware? (other than building myself, but my soldering iron has a backlog) πŸ€” Cool that you picked a really hard project to passionately work on. A real opensourcer.
Avatar
Dr. Hax 2y ago

Completely reasonable question. Signet has something like 13 components on it. Yeah, that's it.

With one exception, they're all simple conponents (diodes, resistors, caps, a couple switches, a voltage regulator, and a USB connector).

The exception is the STM32, which is the only component to be concerned with (assuming there aren't any "extra" things on your board that shouldn't be there, which is easy fo verify with a visual inspection).

So this STM32 CPU, how can we trust it? To some degree, you're right, it could have some vulnerability in it from ST Microelectronics (the manufacturer of this particular model).

However, you can again inspect the board and see that when the slider switch is put in the "bootloader mode" position, it grounds out a particular pin on the CPU (after going through a resistor). If you look at the datasheet for the CPU, you'll see this puts the CPU into bootloader mode where it will not execute any code, but instead wait for a new firmware image to be flashed onto it.

If you compile and flash the firmware on there, that's about the highest level of guarantee that I know how to give you.

Yes, I've spent some time thinking about this problem. πŸ˜‰

It also might be reasonable to compare the solution above with whatever solution you currently have for password management. Is the possibility of a backdoored CPU a higher risk than what you do now? If so, stick to whatever you've got! Also, please share whatever you have with me, because it's clearly awesome.

Reply to this note

Please Login to reply.

Discussion

Avatar
cloud fodder 2y ago

Nice explanation. So here's a glimpse into my paranoia world.. I know that nothing is safe and all I can do is minimize the risk as much as possible. I usually tend to do this, by trying to stick with a supply or company that would be risking their business if a serious vulnerability was found in their supply chain or hardware. Eg. Lenovo. Yubikey. Bitwarden. Anything further, regarding IoT like components, usually gets a pass because it's not going to be able to pierce into anything sensitive just by doing what it's doing (like being a temperature sensor, or etc.).

Where my paranoia ratchets up in this case is when I think about using it for passwords and that it has USB access... Things that are core to my security posture. Could be a knee jerk reaction, as security becomes sometimes (ie.unknown USB passwords bad). Lol. Your explanation makes sense though..

Whether ST can be trusted and how to determine if it is a genuine ST or something that just looks the same. Or if China realizes the chip is being used for passwords and gives it a higher probability of a backdoor. Would ST have an economic reason not to have backdoors? Would purchasing from you vs. purchasing via other channels lessen the risk? How many people and companies use this particular chip and what do they tend to use it for? That's the kind of thinking that goes through my mind assessing this stuff..

Avatar
Dr. Hax 2y ago

A backdoor found in any CPU would likely mean the death of the company, so your metric of the size of the company makes sense. Bigger companies have more to lose.

I don't have any metrics on how many chips ST Microelectronics sells, but they're pulling in $16 billion/year in revenue. Anicdotally, I can say the STM32 series are very widely used. So they have a lot of incentive to make sure their hardware is legit.

ST microelectronics also has their own fabs, which is better than them sending their designs to another company and having someone else make the hardware.

Counterfit CPUs would be more of a concern, but usually visual inspection will sort that out. The ICs often have different markings, dimples in the wrong places, poor quality screen proving, and so forth. The other tell is... they don't work. Like, at all.

Hackaday wrote a good piece on the topic a few years ago: https://hackaday.com/2020/10/22/stm32-clones-the-good-the-bad-and-the-ugly/

From that article: "If one orders MCUs and development boards from reputable sellers such as Digikey and Mouser, it’s also unlikely to be much of a concern."

I order mine from Mouser. I suppose ordering the parts yourself could be seen as slightly lower risk because you have no way to know I'm not lying and getting the chips from some sketchy source to try to save a few cents.

I think that speaks to all the hardware concerns you mentioned.

Avatar
cloud fodder 2y ago

nice, that's some good info there πŸ™