I've always wanted something like this, but my paranoia gets in the way. The software, could be possible for me to audit. But how to audit this hardware? (other than building myself, but my soldering iron has a backlog) π€ Cool that you picked a really hard project to passionately work on. A real opensourcer.
Open source software is only possible because it's subsidized by corporations.
I wish it weren't true.
Some corporations directly pay the salaries of open source developers, others make donations to open source foundations. Most FOSS contributors just have a day job, but that's still enabling them to eat, have a place to stay and publish their work on their off hours.
The only exception is the rich people who are set for life.
In all other cases, there has to be some day job, because being able to afford food and shelter is unattainable otherwise. People seldom pay for open source software at all, and when they do, it only covers a tiny fraction of the cost.
I know this because I've been a FOSS developer, living off my savings for almost two years now. Reporting and patching bugs here and there, finding 0-days and fixing them, decentralizing password management while improving the security, allowing people to break free from companies like Google... it's what I do.
Outside of Nostr, it has earned me nothing. In fact, I'm over $1000 in the hole from trying to build out the hardware.
Nostr has paid me. Including all the wisecracks or other posts that got zapped, that's earned me 12,249 sats. Enough to buy some cinnamon twists at Taco Bell.
At some point the money is going to run out and I'll have to go back to work. I'll still try to do open source stuff, but it'll be at a greatly reduced pace.
Now some would say that I'm not good enough at promoting my work. That's fair. However, I'd argue that would be paying me for tooting my own horn more so than doing the actual engineering.
I'm trying to give it one last shot to have the world prove me wrong. I'm going to pour my effort into just one of my projects: #Signet. That's the encrypted, open source password manager.
I'm going to set up one store to sell them for fiat, and another store to sell them or #Bitcoin at a discount.
I'll do something that is extremely out of character: agree to be a guest on podcasts. I'll even go to places I loathe like Twitter and LinkedIn to spread the word there. I want to see this value 4 value model work.
If I make a profit, it'll fund building more hardware, and the software development, which is the heavy lift. After that, it'll go to the software projects I've built upon. They deserve it.
But I assure you, the hardware sales won't do it alone. They're sold just barely above cost. Priced to just cover the cost of bad boards and screw ups where I ordered the wrong component or made some other mistake somewhere along the line.
If people step up and start making donations so I can keep cranking out hot tech, I will eat all these words. I'll become a loud advocate for the #v4v model and have the first hand experience to back it up.
After nearly 2 years of having none of this happen, I'm extremely skeptical.
Check it out at https://hax0rbana.org/signet and buy one once I get a store set up (the last two I instigated had vulnerabilities that leaked private keys, so it's taking longer than expected). Go a step further and tell your friends. Show me this work is valuable to the world (or not).
Discussion
Completely reasonable question. Signet has something like 13 components on it. Yeah, that's it.
With one exception, they're all simple conponents (diodes, resistors, caps, a couple switches, a voltage regulator, and a USB connector).
The exception is the STM32, which is the only component to be concerned with (assuming there aren't any "extra" things on your board that shouldn't be there, which is easy fo verify with a visual inspection).
So this STM32 CPU, how can we trust it? To some degree, you're right, it could have some vulnerability in it from ST Microelectronics (the manufacturer of this particular model).
However, you can again inspect the board and see that when the slider switch is put in the "bootloader mode" position, it grounds out a particular pin on the CPU (after going through a resistor). If you look at the datasheet for the CPU, you'll see this puts the CPU into bootloader mode where it will not execute any code, but instead wait for a new firmware image to be flashed onto it.
If you compile and flash the firmware on there, that's about the highest level of guarantee that I know how to give you.
Yes, I've spent some time thinking about this problem. π
It also might be reasonable to compare the solution above with whatever solution you currently have for password management. Is the possibility of a backdoored CPU a higher risk than what you do now? If so, stick to whatever you've got! Also, please share whatever you have with me, because it's clearly awesome.
Nice explanation. So here's a glimpse into my paranoia world.. I know that nothing is safe and all I can do is minimize the risk as much as possible. I usually tend to do this, by trying to stick with a supply or company that would be risking their business if a serious vulnerability was found in their supply chain or hardware. Eg. Lenovo. Yubikey. Bitwarden. Anything further, regarding IoT like components, usually gets a pass because it's not going to be able to pierce into anything sensitive just by doing what it's doing (like being a temperature sensor, or etc.).
Where my paranoia ratchets up in this case is when I think about using it for passwords and that it has USB access... Things that are core to my security posture. Could be a knee jerk reaction, as security becomes sometimes (ie.unknown USB passwords bad). Lol. Your explanation makes sense though..
Whether ST can be trusted and how to determine if it is a genuine ST or something that just looks the same. Or if China realizes the chip is being used for passwords and gives it a higher probability of a backdoor. Would ST have an economic reason not to have backdoors? Would purchasing from you vs. purchasing via other channels lessen the risk? How many people and companies use this particular chip and what do they tend to use it for? That's the kind of thinking that goes through my mind assessing this stuff..
A backdoor found in any CPU would likely mean the death of the company, so your metric of the size of the company makes sense. Bigger companies have more to lose.
I don't have any metrics on how many chips ST Microelectronics sells, but they're pulling in $16 billion/year in revenue. Anicdotally, I can say the STM32 series are very widely used. So they have a lot of incentive to make sure their hardware is legit.
ST microelectronics also has their own fabs, which is better than them sending their designs to another company and having someone else make the hardware.
Counterfit CPUs would be more of a concern, but usually visual inspection will sort that out. The ICs often have different markings, dimples in the wrong places, poor quality screen proving, and so forth. The other tell is... they don't work. Like, at all.
Hackaday wrote a good piece on the topic a few years ago: https://hackaday.com/2020/10/22/stm32-clones-the-good-the-bad-and-the-ugly/
From that article: "If one orders MCUs and development boards from reputable sellers such as Digikey and Mouser, itβs also unlikely to be much of a concern."
I order mine from Mouser. I suppose ordering the parts yourself could be seen as slightly lower risk because you have no way to know I'm not lying and getting the chips from some sketchy source to try to save a few cents.
I think that speaks to all the hardware concerns you mentioned.
nice, that's some good info there π