I will demonstrate FPGA-based 64-bit RISC-V computer, capable of booting and
running the riscv64 port of Fedora. Using Free/Libre packages available as
part of the Fedora repositories, this machine is capable of recompiling not
only its own software (e.g., kernel, glibc, gcc), but also its own gateware
(i.e., FPGA bitstream), completely from source code, all the way down to (but
not including) the physical (FPGA) silicon.
Modern hardware development shares many similarities with software: design and
specification in a programmatic hardware description source language (HDL),
and compilation of said sources into either photolitographic masks etched into
silicon for Application Specific Integrated Circuits (ASICs), or into
configuration data (bitstream) for a Field Programmable Gate Array (FPGA).
Hardware vulnerabilities (accidental or intentional) can be inserted during any
such lifecycle stages: as part of the design in HDL sources, during compilation
where buggy or malicious toolchains generate malfunctioning designs from clean
HDL sources, or during ASIC fabrication, where masks are altered to etch
backdoors or Trojans directly into the silicon.
Once fabricated, ASICs are difficult, expensive, and impractical to check for
vulnerabilities, which can be as bad as a privilege escalation backdoor
allowing for a total system compromise, even in the absence of any software
exploits available to the attacker.
Let’s begin by mitigating against ASIC fabrication-time backdoor insertion by
using soft-IP-core hardware blocks on FPGAs, which are fabricated in the
absence of any knowledge of the final design details, and also consist of a
regular grid of identical, generic configurable blocks — making it easier to
inspect for defects.
Having settled on FPGAs for hardware designs requiring enhanced assurance, we
can mitigate against HDL source and toolchain vulnerability insertion by
insisting on openly available sources to both, and on the ability of the system
to be self-hosting, i.e., to rebuild everything, from source, without relying
on assistance from any external “black box” or proprietary components.
I will demonstrate a Fedora capable RISC-V computer based on the Rocket CPU,
using LiteX for the rest of its chipset, deployed on a Lattice ECP5 FPGA board,
with the bitstream generated from sources by a fully Free/Libre toolchain
consisting of Yosys, Trellis, and NextPnR. Most importantly, the computer will
be capable of (slowly) rebuilding its own bitstream, by being capable of
directly executing the Yosys/Trellis/NextPnR toolchain.