Schneier on Security

Nick P • October 23, 2015 8:52 PM

@ tt

The discussion Clive is referring to started with my reply here. Interesting to see that NSA’s best recommendation (symmetric PSK’s) was one of mine from years ago. I stay pre-empting the bastards. 🙂

@ Grauhut

“@NPrince: In this case the analog stuff is more scary… Rajeev Venkayya”

Huh? What you referring to?

Nick P • October 24, 2015 10:29 AM

@ Wulf

Thanks for the link to the MAGIC attack. That’s interesting. I’ll have to dig it out of the paywall later. Just wish they’d stop naming hardware stuff MAGIC given all the stuff already using that name, including this nice tool.

Nick P • October 24, 2015 2:54 PM

@ Wael, Clive, name.withheld

When I was digging into HW, one thing I thought was that it could be advantageous to use only combinational circuits in HW design. The reason is that they’re like functional programming for HW with associated advantages in synthesis and verification. I figured it must be really difficult to make such a concept useful for the chip as a whole since the HW people don’t do that. I mean, nobody is accusing them of being stupid given all the magic in EDA, etc. 😉

Anyway, I just stumbled upon a paper that does exactly what I proposed with many advantages, expected and unexpected. The tech is called Null Convention Logic. The paper describes the logic, how to build stuff with it, and some examples. The research site is here. The company pushing the tech was acquired (probably for patents) by another company I can’t reliably track. So, that tech is probably gone. Still have the paper and the R&D company would probably assist EDA tool builders.

Aristotle – A logically determined (clockless) RISC-V RV321

This RISC-V processor was implemented with Null Convention Logic. First time I’ve seen a processor say “No clock, no state machine, no flip-flops, no glitching, no wasted switching.” Logic leads to “No races, No glitches, No spurious transitions.” That while already executing QuickSort at 400MIPS. Wow.

Remember that Sandia’s and some other methodologies do the intial design in a functional language, have equivalent HDL side-by-side with that, do equivalence tests, and synthesize from there. For true HW engineers, these methods might be a boost in productivity and verification. I think there’s more potential to tie this into work by Baranov (high-level synthesis) and Clifford Wolf (YoSys OSS synthesis). Idea being that people treating 350nm-180nm design as a black box with as many tools and few specialists as possible might have an easier time as clockless, stateless methodology knocks out so many issues.

Your thoughts on any of this?

Nick P • October 24, 2015 11:27 PM

@ Wael

Thanks for the link. Digital Design 4th Ed is pretty affordable ($10-20) if Used. The comments on this one are mixed. Some say what you say. Many say the book has several errors per chapter along with no answers to most of the sample problems and some incorrect answers. Two said you needed a professor working with you side-by-side to correct for the errors.

I’ll keep it on my list just in case but that sounds like a lot of trouble for unassisted newcomers. Particularly doing sample problems without knowing if they were right. I like what’s in the Table of Contents, though.

@ tyr

That might be possible lol. There are maybe two teams I’ve seen that keep making really good stuff in asynchronous logic. They always deliver on some overhype. 😉 Just have to do a lot of things differently and most tools are about synchronous design. So, results might vary considerably.

@ name.withheld

“Are you talking about combinatorial?”

I think I’m talking about combinational. Most references I see talk combinational or sequential. The paper (see “Null Convention Logic” link) on pp 20-21 references combinational circuits. So, that’s what I’m going on here. The other term is giving me nothing except combinational references. I’m guessing they’re two different words for the same thing.

“my preferred implementation would be a combinatorial system based on a dual-synchronous analog-digital processor hardware core that could self-correct, or at a minimum, verify operational integrity”

That sounds like some interesting stuff. This is the part where my limited HW knowledge having ass is foolish enough to ask “Why dual-synchronous?” while hoping I’ll understand the answer. 😉

“That’s hilarious, spice model magic, net lists, and transmission line calculations are just hidden by all the stupid Java glue to make it GUI’fied. ”

Bro, if you can do this by hand in a reasonable timeframe for any real-world project then I give props to you. I call the technology that lets designers do most of that something like “magic” even if it could be better. Even an 8-bit micro on 90nm is quite a bit of work despite using best EDA tools and standard cell model. I’d imagine the paper wouldn’t have happened if they were just using hand-drawn ASM’s, MAGIC EDA and a SPICE tool. 😉

Most of my HW studies have been about methodology and tooling for advanced nodes. From those details, I respect the hell out of what brains went into EDA (esp deep submicron). No surprise each company’s R&D budget is $300+ mil on top of acquisitions. You might laugh at their shitty construction/maintenance/interfaces… we all do haha… but let’s be real about their capabilities.

“I was just looking over some of my older ASM system(s) that I’d built in the past and the platforms they worked on–pretty surprises when you profile their execution on new hardware (tens of orders of magnitude in performance real/user times).”

Move it down to PALcode or microcode with a HLL-to-microcode compiler. Maybe the RISC-V Rocket or VAMP DLX processors so you know the internal states too. 🙂

“Sounds like too much Kool-Aid (TM) there Nick–are you sure you’re feeling okay. The no-clock, no state machine, functional programming killer seems too good to be true. Seems to me it is a “Deterministic” design and merely hides the clock(s) and potentially a bunch of hand waving–if it produces VHD modules that would be worth inspecting…”

Could be. Will find out eventually. Just collecting it and getting comments for now.

“I have several sources I’d recommend but after a full day at work it might not be till next week that I get back to you with something substantive.”

Look forward to it.

Nick P • October 25, 2015 11:08 PM

@ name.withheld

“I share your sentiment… There, that’s a confusion I’ve made public.”

Damn. Sorry to hear it. The error just came from not spotting those kinds of patterns. The kind of thing that takes practice and determination to understand such things. 😉

Hope you have more fortune in the future.

Nick P • October 26, 2015 9:09 PM

@ Wael

(Looks like I just missed you. Darn.)

Just got my Electronic Principles book by Malvino. You’re right: it’s very well-written and comprehensive. I think that, despite not getting all underlying terms, I now have a basic understanding of pops I hear in speakers messing with cords, how crystal oscillators work, certain types of noise down to the atoms (avalanche noise basically = uranium chain reaction), somewhat how to protect digital circuits from voltage spikes, and so on. Lots of concepts that I bet would’ve been less clear in another text that drowned me in formula and jargon without anything helping. The guidelines and stuff to remember parts are also helpful as they encapsulate the wisdom (esp heuristics) that people would have to learn with trial-and-error. There are other parts where it seems author just kind of runs through stuff where I’m going to have to do extra Googling and thinking, but overall good.

Thanks for the reference.

Now, relative to a prior discussion here about TRNG’s.

1. Warning: don’t exceed 50V on rectifier diodes. Oh, I think we will and then measure the avalanche that comes out of it.

2-1. Warning: careful around 4V as the Zener effect can kick in with both Zener and Avalanches possible at 4V-6V. Oh, I think we’ll definitely add a circuit in that range and watch the weird stuff it does.

2-2. Might even feed output of one varying circuit into another that swings the voltage randomly between 4V-6V. Should make it weirder.

1. MOSFETS have low noise properties. We’re not using them lol. Well, they’re excellent for digital and so we’ll use them for the I/O logic that reads the noisy analog.
2. Electric and magnetic fields cause noise that requires shielding. We shield everything but one part that’s an input. It’s only shaped just enough to keep it from screwing up the circuits while maintaining its irregular properties.
3. Power supply ripple: use regulated power supply or shielding. We’re using the cheap shit instead. However, if possible, filter outgoing stuff to look boring and have no relation to internal state.
4. Microphonic noise. Going to need some inductors, capacitor plates, or whatever. A whole array of them with interlocking rubber-bands suspended in mid-air in front of a fan. That way, we introduce odd motion (and noise) via the fan while optionally pimp-slapping the board. Inject more randomness by putting a laser pointer on it with a cat in view.

5. Thermal noise: “we can eliminate the effects of (insert above) but there is ‘little we can do about thermal noise.’ ” Music to my ears. So, we’re going to put a bunch of different voltages across a bunch of different resistors, ensure high bandwidth, throw in plenty resistance, amplify any resulting voltage differences (size and shape), filter out everything but the differences, and do this in an oven. Cat should move faster in there, too, increasing vibrations from it bouncing off the board and rack. Ethical concerns mean might need to put the board in front of a heater instead with the cat just hitting something attached to it but not so hot. Will leave it undefined in the formal spec so the implementer can decide on what’s right for them.

So, we combine all those on some boards or an ASIC with ADC’s sampling them as often as possible. They might end up XOR’d together unless there is an analog equivalent of XOR. I’m guessing it would vary based on the technique used, though, as what’s randomized in the signal is different among techniques. The sampled data is further trimmed with statistical outlier detection and removal to keep only the most random parts. Then it’s whitened. Result should be a thorough TRNG with decent bandwidth whose overall effectiveness is minimally impacted by environmental change as there’s always at least one circuit the change can’t effect. If anything, its effective entropy can only be reduced. So, the CRNG should just assume that minimum production and collect multiples of it until at the desired, minimum amount for seed.

So, how close am I to what might actually be done by an analog engineer for this or how far away from a solution has my electronically-clueless ass gotten me?

Note: He actually defines what the word “analogy” means in the glossary. I feel for the reader who needed help with that but expects to get through the rest of the book. 😉

Note 2: The dedication:

“My brilliant and beautiful wife without whom I would be nothing. She always comforts and consoles, never complains or interferes, asks nothing and endures all, and writes my dedications.”

My emphasis added. For a second, might have thought he was unusually good at marrying the right woman or just brown-nosing one. Then, a specific phrase jumps out at me. I think his wife had mastered in books the whole “My gf is perfect. I love her forever… you’ve been hacked by gf!” Facebook scheme long before Facebook had been invented. Now I wonder how many other dedications like that were written by the wives lol…

Nick P • October 26, 2015 10:22 PM

@ Wael

“Please preserve my mood and tell me this is a nasty typo! You meant “germanium”, right? Uranium will fu#k up all your electronics!”

In a Uranium chain reaction, a neutron hits the atoms to convert it into other atoms plus neutrons. Those neutrons hit more atoms which do the same. It multiplies. This is usually drawn with circular atoms & nuclei branching off in a V shape.

The book explains the chemical/physical processes of how electronics work. A lot of those were the circumstances under which electrons move between materials. An example was the minority-carrier current in reverse-biased diodes. Now, increasing the voltage to breakdown causes the minority carriers to smash atoms of crystals hard enough to send electrons flying out of them. Those hit other atoms with 1 free electron releasing 1 valence to get 2 electrons. It multiples. Book shows it in a V shape that gets wider.

Looks a lot like the semi-conductor and electron equivalent of a nuclear chain reaction. And that avalanche effect will also “fu#k up all your electronics” if they don’t counter its noise during operation. 😉

“I’ve been searching all my books for it, but couldn’t remember for the life of me which book it came from! ”

It’s one of my favorites. I don’t think I’ve seen that line in another book. Clever.

” Sometime in the future I’ll share with you another related introduction from another book (that I remember.) it’s a digital signal processing text, this time .)”

Sure thing.

“I’ll get back to your other comments later. Still upset I went stargazing with a full moon! Was a spontaneous thing, though :(”

That sucks. One good aspect of being in the Mid-South is that we have lots of rural areas with minimal light pollution. Not sure how dark it is objectively compared to other areas. It’s like a whole different sky than our cities, though. 🙂

@ name.withheld

Thanks for the reference to the book. The reviews already tell me it’s a must have and covers other topics that involve black magic (eg heuristics from experience). Too expensive even at $36 on my current budget but will get it later. I think the amount of money it would save PCB designers over time far exceeds the purchase price, though, much like with Wael’s analog book.

“As you may be aware, Jim had quite a reputation and is sorely missed.”

I wasn’t aware of Tim’s reputation but the reviews indicate plenty wisdom. Amazon only lists three books with two being on Electromagnetic Compatibility: another thing I’ll need to add to the collection probably. What was he known for in general or other good books?

Quick Edit before post: will check out WiseWarthog.com

@ Wael, name.withheld

Wael supposedly has a good RF book that he’s holding out on. I’m probably way the hell away from learning that even if I start on hardware. Nonetheless, I’m mainly collecting and reviewing these to get others (esp in college) on a good start. Anyway, one reviewer of Wilson’s book recommended these for RF:

“For those wanting more design level info on RF electronics see Chris Bowick’s “RF Circuit Design”. If you need more basic, but more diverse info see Jon Hagen’s “Radio Frequency Electronics”, and if you are in need of some testing guidance you won’t be dissapointed in Joseph Carr’s book “Practical Radio Frequency Test & Measurement””

Any thoughts on those or other RF texts? What I hear of the field indicates it needs better books than most due to the nature of the material.

Nick P • October 27, 2015 12:00 AM

@ The Circuit Designer’s Companion

Thanks for the link and you’re welcome. 🙂

Nick P • October 27, 2015 12:39 AM

@ Wael

You’re tripping me out guy. Far as analog vs digital, I think they’re fair to think of as almost totally different things because of design & implementation style. Hell, even SOC designers I’ve run into on HN talking about Standard Cell model describe it as monkey work because tools & existing I.P. do most of the work. Analog? Totally different story.

“There goes $38+ down the smartthrone (high end toilet) i can’t believe this sh#t :(”

LMAO I was thinking it as I read it. Let’s look at the bright side: you’ll still be at home reading it while everyone else is in jail. Maybe.

@ Figureitout

“Most humans don’t (myself included, I try…), the field is too vast, and that’s just electricity getting squished around metallic structures and flipping switches.”

You need to get the book Wael recommends: it’s really thorough and only about $6-7 with shipping. It plus name.withheld’s and a digital book will get you pretty far. Can cheat on digital with a synthesis focus esp with open-source flows like Qflow. Maybe cheat on RF by putting it outside your main system’s Faraday cage with optical communications between what’s inside and outside. Still thinking there’s potential there.

“We must never forget those simple batteries
–Well, the chemistry is most definitely not simple (I kind of don’t care, just want the electricity) and they’re not cheap. Otherwise, they’d be cheap and easy to find in your local supermarket.”

Wait, that was a mental slip on my part. I was thinking about 9 volt batteries. I remember some projects used them with quite a long lifetime. Never seen 3.6V batteries until Googling them tonight. Not that I recall. Gotta be cheaper alternatives. I’ll force you to code up a solution on a 4-bitter if nothing else works. 😛

“Absolutely, and it’s getting lower w/ more features… :p That means passive listening devices need to be closer and someone has to place it there…”

I believe you’re stumbling onto an EMSEC best practice. Maybe.

“That was the company whose initial product (engineering samples or whatever) was vulnerable to the EMSEC attack lol.”

Hmm, was it a passive or active attack? And did it use common RF bands? That would be fairest assessment. If it was/did, then they’re lame asses haha.

“The attacks would get really interesting if they can trigger an activation on an XY-plane as in mutual capacitance, that would mean clicking on things you didn’t want to…”

The porn addicts are screwed then…

Nick P • October 27, 2015 1:01 PM

@ name.withheld

“Sorry Wael, I was appealing to Nick P’s propensity to garner information related to design books.”

Appeal accepted!

“The book sees the relevance and importance of both a analog and digital view of the world. Nick P has been struggle with his own analog/digital divide. ”

“I believe Tim is correct…our world is, for the most part, and analogue system. Discrete components in the digital world have little on our photo-chemical biological systems that compromise most of the living world. Many assume digital technology is the be-all-end-all, to my mind digital technology is best expressed by linear-only thinking and not non-linear reality.”

Well put on 2nd one. The world is certainly analog from electronics to even our brain. Hell, I pushed in some forums for neural nets to include more analog circuitry to reflect the fact that they’re analog and for performance/power advantages. One product designer told me they’re doing exactly that. 🙂 In any case, it’s clear that the world isn’t binary and the binary devices all reduce down to wires at the bottom. The crystal ocillators, power supplies, transistors, pads, and so on make a giant-ass, analog circuit (or circuits).

Now, what about the divide where people look at them as separate? It’s not ignorance or a myth: there’s a real divide. I think you’ve been in the custom stuff too long to see why people think that. A generalist like me with a foot in a dozen doors can see the various perspectives clearly. So, let me repay the favor and help you out this time.

It starts when we learn certain transistors and constructions are better for digital. Certain ones for analog. We then learn that digital logic can be expressed almost entirely in primitive cells and a few macro-cells. They come with weird wiring (analog) we don’t understand plus truth tables and math functions we do understand. We find that about any function can be reduced to these cells. We learn that there’s rules for how to power them, connect them, lay them out, and so on. There’s abstract languages to help with that along with tons of tooling for every aspect of it with much automated. Analog is still just wires and schematics at this point. Divide begins there. Now let’s look at methodology.

The digital designer of today will likely use Standard Cell model. Designer first tries to understand the problem. The problem will be modelled somehow, maybe simulated. This gets converted into a VHDL/Verilog representation that will also be simulated/tested. That’s typically synthesized into RTL. There’s ways to prove the two are equivalent. This might also feature 3rd-party components (macrocells) with their associated RTL, timing, and power data. The RTL is further synthesized into pre-made gates with optional gate-level simulation or equivalence checking before a prototype is made. This part might get reworked with different inputs into the tools based on resulting delays, yield, errors, power-usage, etc. The designer can do a lot of this while barely understanding how the cells themselves work: just the rules for working with them. Tools like Calibre or MAGIC will even catch many mistakes in that with design rule checking. Example of the process here.

The analog designer has a custom flow with mostly different tools and rules. The designer also takes a guess at solving the problem. The designer goes right to a sketch of a potential circuit/schematic maybe with some blanks. Then, the designer starts building and testing circuits in their toolset to try to match that. They don’t work. So, the designer measures things like voltages in blocks and then individual components trying to figure it out. The designer modifies the circuit to fix that. The designer looks for various forms of noise and instability, modifying circuit to handle it. This process of guessing, measuring, and tweaking continues until circuit seems to work. In ASIC’s, maybe boards, the designer must also work with digital people to ensure circuit works with their system and account for the fact that their digital circuits create noise that affects the analog. Altogether, a very tedius, manual process that happens with little to no abstraction right at the wires themselves.

So far, comparing analog with digital, one would think the two had nothing in common. Looking at papers, people might notice a detail here or there that are common but they’re too rare to make a broad, mental connection. That’s because digital’s binary little world and simple representations of cells let it be synthesized, analyzed, transformed, moved around, and so on to the heart’s content. The tools for doing this do so much of the work that many digital designers’ job is more about figuring out what to input into the tools to get results right than really understanding the circuits themselves. Many of them would probably look confused if you asked them how they’d do it with op amps. They’d probably struggle if you asked them to design the function with custom gates, flip-flops, etc with specific electrical properties. This means the divide is real rather than just in our minds and is driven by the different work requirements/flow.

Now, that brings me to where I see the two applying simultaneously: full-custom, digital design. That works at the gate and transistor level directly. Some of this builds on the boolean stuff as usual. However, the lower levels resemble analog work and the kind of thinking those engineers do to get things done. It took me a while to connect these because of endless repetition by industry that certain transistors/flows were for digital and others for analog. Yet, it was easy to call bullshit the first time I saw how library cells are designed. This method is for digital use, but employs analog methodology above. It’s certainly tool-supported, but not created by tools: engineer’s creativity and knowledge produces the circuit itself with much trial-and-error in verification. So, here we can see that the two are the same thing underneath.

Past that, they’re still totally opposite. So, the methods, tools, and so on make standard-cell, digital design totally different from analog design. However, the more correct way to put it might be that there’s a huge divide between standard cell model and full-custom design. I think that model is really where the divide is. People versed in it think it is digital design rather than a limited, abstract form of is. Real digital design works same as analog design if done at full-custom. So, the proper division should be standard cell vs full-custom analog/digital. Haven’t gotten there yet in my studies so I’ll leave it to you to determine if my division is proper way to look at it. I’m more sure of my assessment of the digital-vs-analog divide because signs of it are in every non-full-custom, digital paper I read.

Another way the fascade is crumbling is in mixed-signal ASIC’s. The modern ASIC’s are having to use many more analog components than in the past. They have to tie them together pretty closely with the digital blocks. The demand side of this pushes for more people to know both digital and analog design. Especially, for them to see when they should switch from one to another for a particular function for performance, power, or precision. Leads to next part of your post.

“I find what Tim Williams is emphasizing is a need to be able to see both sides of different coins and that our classic education produces unimpressive results. He also emphasizes the power of our institutions to produce mediocrity that passes for qualified engineers and designers.”

I totally agree: they need to be doing much more for analog and fundamentals. I think part of it is visible in the common gripe from students that analog is too hard, boring, or irrelevant. The reason must be their teachers and textbooks. Hence my search for good starter and supplementary books to solve part of that problem. Narrowed it down to 3-5 books that cover vast majority of what people need for theory and practice. Given size of the field, that’s quite a result in itself.

A curriculum would be next step. It needs well-thought exercises that not only teach students but help them learn incrementally and enjoyably. Should be lots of toy projects, breadboard, and SPICE work. Maybe throw in a hint of elitism once they see standard cell model and huge monstrosities it produces vs their creations. They know they could probably do better on any individual component, can customize the gates/latches/macrocells if need be to make tools do better, and can drop in analog where it counts (esp signal processing or calculus functions). Gotta be motivation and real value in it for them.

There is a flip side to that. Universities often try to produce what’s in demand. Most of demand side is digital with standard cell model. That’s how almost everything is produced basically for cost-effectiveness and time-to-market. The university making all its students practice analog for years will probably have no digital I.P. to license, cool tech published, or cheap ASIC engineers to bring to market. So, the incentive probably is to teach them just enough EE to understand digital logic and working with those tools. Plus, they can teach them the tools while letting them try to make stuff. These factors produce both a need and incentive to skip passed analog or true understanding.

So, what to do? I’m not sure. I’d say there’s two routes. Option A uses a book like Electronic Principles to teach analog first during maybe first two years of college. That it’s not math-heavy or anything means EE’s could in theory pick up a good bit of it by Associates degree. Might also teach basic, digital logic or discrete mathematics at this phase. By Bachelors, they start doing digital design and more analog in parallel. Students should have mastery of digital/boolean logic and fundamentals for RTL in first six months. Rest of their Bachelor’s is VHDL/Verilog along with how to use it with synthesis tools with FPGA’s for practice. At some point, the students will be working in analog classes on same types of gates and primitives their digital tools use. The mental connection between two fields will start here. By Bachelor’s completion, the student is already useful in the marketplace as cheap labor for FPGA’s at least and probably in a good position for self-study with various books/articles.

However, education continues with Masters level. The student already can do basic, Standard-Cell designs while understanding analog enough to have many projects and PCB’s under their belt. The student continues learning tricks like those in High-Speed Digital Logic to improve the performance and reliability of their digital ASIC’s. Much focus on verification here, too. The analog transistions into more full-custom work that might benefit digital designs. Should be at least one class or project covering cell libraries with advantages of specific types of flip-flops, gates, tri-state buffers, etc. End of Masters should be a competent digital or analog designer who can also do basic mixed-signal ASIC’s. The student sees how each side connects with the other and how they work underneath.

Note: PhD’s can all focus on better approaches to any existing problem in digital or analog. Preferrably improving EDA tools for synthesis, testing, and formal verification. Put the brightest on that with industry partnerships so they’re informed of real-world issues by pro’s. Keeps the methods practical.

So, there’s my guess at how it might be done based on my non-existing knowledge of analog and digital hardware design. 🙂 In any case, the proposal must push for real understanding you speak of while simultaneously being practical on digital side with real deliverables for universities and market. So, a parallel approach will be necessary. I think the mental divide will help in this situation. Trying to learn C and Java at same time, for instance, can trip someone up because things in one are supposed to look like the other for familiarity. Trying to learn Standard Cell synthesis and full-custom analog simultaneously shouldn’t cause any problems at all given the stark contrast. By time student gets to full-custom digital, the student will just be applying his or her analog skills to produce specific, digital functions. The mental integration should happen at that point and divide disappears assuming parallel learning hadn’t eliminated much of it already.

Your thoughts?

Nick P • October 27, 2015 2:14 PM

@ name.withheld

“8-bit micro with 64KB of RAM enough to do any task”

I’m not sure about this due to my inexperience with 8-bits. I do know that what SymbOS can do, despite it being a marvel, doesn’t compare to my desktop in the slightest. Besides, didn’t a wise person say all we needed was 640KB rather than 64KB? 😉

“64-cores”

Now we’re talking something I might use outside a toaster.

“Two of 64 are for inter-processor communication.”

Dedicated I/O processors go back to mainframe era with Channel I/O. I pushed that for embedded, too, with Ganssle’s Embedded Muse publishing that post. Ganssle pointed out even embedded suppliers are re-introducing the concept with some chips that have higher-end core for computation and low-end core for I/O offloading. In my own designs, I also include at least 2 for one of two reasons: storage and networking are two forms of I/O that are heavy with interrupts, maybe justifying their own cores; can split trusted and untrusted functions to avoid/reduce covert timing channels.

“dynamic I/O controller for GPU usage.”

What the hell does that even mean? GPU’s are best done with custom hardware. When not, they do enough work to saturate your whole processor doing just their job. I’m not seeing it good for a GPU.

“modern computing is computationally serialized, data wide, processing model”

You must have missed the volumes of articles in past 10 years on SIMD, “multicore era” and CUDA/OpenCL. Along with all the tech to use them better. 😛

” A very light ASM controller and synchronization core could work as the glue instead of a microkernel architecture (my preference).”

The microkernels are relatively simple so that could work in theory. I’ve considered it myself. Actually, it’s worth remembering that Intel’s i432 APX did many kernel functions in hardware and microcode. A little-known benefit of this, demonstrated in ancient Nucleus kernel, was that key primitives of the system can be standardized below OS level and keep its architecture consistent as a whole. Quite opposite of what we see with Intel, C, UNIX/Windows, etc.

“a two by thirty two hardware platform”

I’m not getting that part. It doesn’t match any topology I’ve seen in either HPC or multicore. They almost always use multiples of 4 if there’s lots of nodes with interconnections to minimize delay and keep coherence. Many onchip networks have rings in their diagrams as well. I can see many tiny cores as this has already been done many times. I just don’t see the part where two at a time are repeated 32 times on same SOC given how NOC’s typically work.

“Clocks could be shunted where cores are not powered/needed.”

Or we just do clockless given asynchronous approach has already been applied to microcontrollers down to (I think) 45nm. They had performance boost plus huge power savings. Eliminates requirement to synch timing, too. Every paper mentions how that contributes to first or second time success in silicon. Middle ground is Sandia Secure Processor’s use of regular logic plus asynchronous I/O to avoid interrupts and similarly ease analysis.

“don’t know of an architecture that is generally available that meets this type of operational behavior.”

There’s been quite a few. They all bankrupted due to no demand (FPGA’s/DSP’s/GPU’s were good enough) or got acquired by competition. Ambric is a good example and one of my old favorites. Just a very tough market. Only thing I see that’s consistent is whatever you build has to use an easy programming model on software end (see GPU/CUDA success) or do better than Xilinx/Altera’s FPGA’s on hardware end. A tough nut to crack even for embedded given all the good DSP’s and FPGA’s with great performance-to-watts ratios.

I thought it was funny when I saw you mention 64 8-bit cores given I recently emailed Jack Ganssle a joke about how I’d propose a multicore chip for high-end, embedded market with 128-1,000 cores! They’d think it was great until I said they’re 8-bit. They’d all leave lol. I had to follow-up on that email when I found out my joke already happened. It had a 32×32 stripe config which matches other topologies that I think were symmetrical and kind of tiled.

Far as streaming, I’ve visited this before because I needed an open GPU during my research into open, non-subverted hardware. The problem is nobody ever pulled off an open GPU to completion. I also noted use cases for SIMD, MIMD, DSP, pure streaming, and so on. Budget, if I ever got it, would be too limited to do it all so need consolidation like in CPU side of things. I then noticed that many people did SIMD stuff and emulated GPU’s with DSP’s. Designs like Ambric and Tilera might handle it, too. So, I figured a nice start would be a streaming processor with a lot of cores that could handle about any data-parallel workload, including graphics. One design that could be used in anything at least until workload-specific stuff was developed.

That would be hard, though. So, what to do? I remembered academics constantly produce SIMD’s, DSP’s, graphics-specific stuff, etc. Surely a good one exists that might just be licensed/bought/free and source coming with ASIC’s optionally. The best one I found, with unknown licensing, was this family. That’s enough cores to get some stuff done. The old one is on an nicely accessible 180nm process while the new one could be exceeded on a 45nm process with pro’s and EDA tools. The AsAP2 could have a few custom units specific to graphics like what was in old SGI InfiniteReality graphics. Just whatever gets it at least OpenGL 1.0 to take advantage of all existing tools or libraries that targeted it. Additionally, the versatility, core count, and their power should help on DSP workloads.

If it’s not available, just copy it and tweak it with your specific ideas. The method is already proven down to 65nm with 1 trillion ops/sec at 9.2 watts. Other one was 600Mhz at 2V, which is still good. Even Kilocore might have been more interesting with such an approach. However, I still think it’s better to use 32-64 bit cores for computation and key I/O given what people use multicore for. Just more suited. However, could make it heterogenous with tiny cores on board for whatever they could handle like keyboard/mouse, power management, sensors, whatever. Maybe a lot more given what I/O I see on 8-bitters. So, it seems one could knock out some of the heavyweight cores for lighter ones. I’d suggest keeping the programming model as similar as possible at least at assembler or interface levels for the two core types.

While that’s interesting and all, I still think the coolest thing I’ve seen is the Archipelago FPGA. They are still working to add things like MAC to transform it into a real contender. However, making that thing work with or without MAC on a good toolchain (esp Qflow w/ YoSys) at 45nm or even 90nm would be the best thing a person could do for OSS hardware. Combined with breadboards or existing “maker” products, it would make hardware design a lot more plug-and-play with us able to understand everything down to the logic slices. And for pro’s, down to the transistors as the FPGA itself and tooling are open to verification. People could even respin it on new fabs if they wanted.

From that, a matching via-customized approach a la eASIC’s Nextreme would be developed for increased efficiency and reduced cost. I know just the people for the algorithsm. From there, an ASIC conversion strategy that pro’s could use at RTL level to quickly turn it into a pure ASIC with it ideally designed for the FPGA/S-ASIC like in the link. Real advantages to doing that. From there, optionally do a metal-configured, S-ASIC offering as I have a paper or two showing they’re superior to via-configured S-ASIC’s in metrics important in volume production.

So, there you go. Look into the academic offerings in DSP comparables to shortcut a DSP or GPU development. Also, an open FGPA on a low-enough process node can simulate anything you can think of esp if it’s 8-bit and the S-ASIC might be more efficient than your actual ASIC due to power advantages of deep-submicron nodes. Far as CPU’s, the best CPU design that supports easy customization into a tagged/cryptoed/whatever processor for secure computation AND an I/O processor for secure I/O handling. The two can share quite a bit of their inner machinery with outer layers being where most differences are. Sharing = NRE reduction. These are the three best projects to tackle in terms of hardware as they solve the most problems. The FPGA is really the most important given FPGA’s can effectively or half-assed solve almost any hardware problem in computation or simulation.

So, there’s my $20,000 worth. Feel free to send the check in the mail promptly rather than lazily. 🙂

Nick P • October 27, 2015 5:34 PM

Aha! Took another stab at it and hit pay dirt. The author explains PLL’s so clearly that I understood exactly how they work before the article got to the first example. I’m sure it’s more complex when syncing multiple clock domains on nano-whatever processors but probably a variation on same tricks. Good stuff.

Nick P • October 27, 2015 6:17 PM

@ Wael

A data diode is best modelled as a one-way flow, not a prison. You’d more easily represent it with a metaphor of a waterfall of information than a Prison: water always comes down from high but can’t come up due to physics. I mean, I might look at it differently once I know the EE forces that make them work but the model is one-way flow. The flow model is also so simple that this security technique is instantly understood by any layperson I talk to in a way that’s still technically accurate. A rare feat.

Re “Back to C-v-P: Don’t think of it as Clive-v-Nick P! Both architectures and methods you proposed are hybrid C/P, if you will! ”

Now you’re beginning to understand: that was one of my major objections in a previous discussion. I pointed out Prison matched isolation architectures esp with communication and concurrency. Further, the trust issues Clive described for Castle apply to his when it’s on an ASIC because you essentially have to trust whole thing, its tools, and its mask maker. So, past a fun discussion, its application weakened to the point we were arguing the metaphors more than the characteristics of the actual tech.

And my changes on that led to huge improvements in security effectiveness per dollar or watt invested over prior approaches with separation kernels, ARTIGO’s, KVM’s, etc. So, strengths and weaknesses of specific schemes is what I prefered to discuss. Gotta work out which knock out the most risk at what tradeoffs and implement from there.

Nick P • October 27, 2015 6:54 PM

@ Wael

You should’ve given this Darwin Award winner your RF book and maybe some brain stimulants:

“Telephone relay company night watchman Edward Baker, 31, was killed early Christmas morning by excessive microwave radiation exposure. He was apparently attempting to keep warm next to a telecommunications feedhorn. Baker had been suspended on a safety violation once last year, according to Northern Manatoba Signal Relay spokesperson Tanya Cooke.
She noted that Baker’s earlier infraction was for defeating a safety shut-off switch and entering a restricted maintenance catwalk in order to stand in front of the microwave dish.
He had told coworkers that it was the only way he could stay warm during his twelve-hour shift at the station, where winter temperatures often dip to forty below zero.
Microwaves can heat water molecules within human tissue in the same way that they heat food in microwave ovens.
For his Christmas shift, Baker reportedly brought a twelve pack of beer and a plastic lawn chair, which he positioned directly in line with the strongest microwave beam.
Baker had not been told about a tenfold boost in microwave power planned that night to handle the anticipated increase in holiday long-distance calling traffic.
Baker’s body was discovered by the daytime watchman, John Burns, who was greeted by an odor he mistook for a Christmas roast he thought Baker must have prepared as a surprise. Burns also reported to NMSR company officials that Baker’s unfinished beers had exploded. ”

@ Clive

Alright, alright point proven lol… I was just saying I think I understood the concept behind how they work. Im guessing when syncing clocks, they all modify the signal (s) or oscillator to deskew it based on a circuit(s) detecting drift. I get what they’re doing more clearly if not a specific implementation. The sheer number of things in the intro book shows me the actual details will be a learning experience and many surprises for a long time if I pursue analog.

Thanks for the specific details and parts as I might look them up to see how creative people are getting. I know I saw a recent paper that did all-digital PLL or something like that. Apparently, it’s pretty hard…

Nick P • October 28, 2015 5:40 AM

@ Clive Robinson

Great guess and nice writeup: got it off Wael’s joke site. Already covered by Snopes. Story changes with every iteration. Funny shit, though.

@ name.withheld

“Dude, I worked on the NUMA architecture both prototyping SIMD, MIMD with global and local memories of various layouts, constructs, and architecture….(Paragon, 390S, and PowerPC).”

I know you worked on such cool stuff. It’s why I had to call BS on your other comment that dismisses billions of dollars worth of tech and HPC market. While most stuff is sequential, there’s plenty in parallel and multicore work with more stuff in academia on it than ever. Not in industry as much since things keep getting acquired and disappearing.

“Again, I am not sending you a check–I have envisioned to near RTL level a hardware-based FPGA/ASIC uProc multi-core architecture that is not dissimilar to what Clive has described.”

You loose 10 years good luck without the check but you’ll survive. Far as your specific scheme, like I said, it’s been done before plenty minus the specific I/O config or Clive’s hypervisor concept. Always fails in the market because (a) other stuff is better (price/performance/energy) or (b) it’s too hard for [lazy] people to use. That’s what all most people in the market see when they look at such tech. Even mighty IBM couldn’t pull it off with their market connections the few times they tried. So… good luck.

“I do appreciate all your banter though, it serves the community as a whole. For me, been there done that. ”

I appreciate the compliment but I doubt you’ve been there done that. My solutions boiled down to open-source, verifiable versions of:

(a) A flexible CPU design that can be used in desktops, embedded, I/O coprocessors, etc with immunity to code injection or leaks.

(b) A massively-multicore design (eg AsAP2) that can be used for GPU’s or DSP’s with massive parallel and streaming performance per watt.

(c) A FPGA architecture, implementation, bitstream generator, and tooling through open-source synthesis + place & route.

You haven’t done any of these I’m pretty sure. They’re each a better idea than what you describe in terms of practical application and possible uptake. Each can be watered down to embedded level if desired although Rasp Pi’s success shows you minimum you need for mainstream adoption. A bunch of 8-bitters & weird programming model ain’t gonna cut it. Do what you will, though. Meanwhile, academics have been cranking out variations of the above and that work is likely to do us much more good. Just not enough of it happening and almost exclusively by amateurs w/ short-term focus.

“I used to be a member of CPSR…that ought give you a flavor concerning my demeanor (the older I get, the demeanor I get). ”

Never heard of them. They must have not done shit in practice or been so good that their effects were invisible and embedded in everything. Given state of IT, I’m leaning toward former.

“Today, as in recently, I have given up on the tech community as it has been unable to address the EFFECTS of technological BS and the impacts ON/TO SOCIETY.”

Exactly! Now that I can agree with! Now you see why I considered controversial topics (eg high-assurance, lawful intercept) and why I say curbing NSA’s abuses is impossible without political (not tech) solution. Technologies are fucking the world in general. Laypeople don’t understand them. Technologists haven’t done a good enough job on handling that. Government understands them enough to know they’re great tools of power. So, yeah, we’re fucked and the tech community did a lot to get us there.

It’s why I keep telling you to distance yourself from risky activities of the past, maintain whatever positive things you have going, and use your undeniably, strong skills in HW/SW/INFOSEC to build the shit people need. You might not change the system or live in a great world. However, for the niche that cares, you might make part of it better or safer. Worst case, you’re using your craft to make what others can’t. Knowing one is elite is its own reward even when others don’t materialize. At least the investment into talent got you somewhere, ya know?

Note: I plan to watch your “documentary” soon to evaluate what you claimed from a Southern perspective. Just decided what free time I had recently was best spent reading, thinking, and writing instead. Just wasn’t in the mood for a downer of a movie. 😉

Nick P • October 28, 2015 6:51 PM

@ name.withheld

“Honest to a fault. It has cost me more work than I’d like to admit. It is exactly because industry continues to fail in delivering “best-of-bred” and in parallel (pun intended) with your other argument, we are in complete agreement. ”

Same here. Otherwise, I’d have made millions and a lot more of my stuff in Snowden leaks. Or 2008 Goldman leaks. Or something similarly awful but high-paying (eg RSA conference goods). :O

“I’ve even had responses to these ideas that include “How do we support an implementation that others cannot conceptualize.” My response–“WHAT?””

They were building a Brainfuck interpreter in silicon with a 10 stage pipeline and accelerators MPEG1 decoding, right? I told those idiots nobody would buy the shit. MPEG1 is too unusable. Sorry you had to deal with them.

” I received the…”We have to cover our ass, and you are the problem.” response. Not only would the senior scientist on the project buy off on this, but the program manager, under his breath, agreed.”

That’s fucked up. I’d have given you a bonus esp if there was flexibility plus cost savings.

“I have this habit of going into meetings having had the tacit support of my peers and then once in the meeting, crickets. Because engineers and scientists DON’T HAVE THE SEX ORGANS TO STAND FOR SOMETHING/ANYTHING.”

You have weaker social skills. I do, too, but I’ve tried to improve a bit for negotiations. Trick is to identify a compromise on what they’ll tolerate for their goals that includes yours. Make sure any changes let them save face or maintain their ego. The ideal level, which I’m not at, is seeding it into their head so it’s their idea. I mean, I can do that sometimes for day-to-day things but not technical stuff people don’t know lol.

“Griped the steering wheel and considered my fate…the story remained interesting for another half-hour after that but–that is another story.”

I look forward to hearing it sometime.

“Tell me, Nick P, how heated have your arguments gotten?”

You’ve seen them. On bad days, enough to not matter and make people tune-out. It’s why I try to be more diplomatic where it counts. Not online much. I still screw-up a big one at least once every few months.

“I DO, NOT JUST SAY!”

What you’ve been lacking is someone with the gift of gab that’s skilled at getting what’s in your head into their head. A good negotiator. I think you just didn’t want to work with one for whatever reason. Would’ve helped you, though.

“Had lunch with Carl and his brother Larry, and suggested over lunch (explained information/search theory, scooter which was DEC’s spider tech AKA Alta Vista, and that it was the query not the data that represented contextual value/import) ”

You’re not suggesting you’re behind PageRank, are you? It’s advantage is that it was a clever hack that got around the search and meaning problem entirely. That’s Larry and Sergi’s main achievement. Still be an accomplishment if you and Carl motivated his involvement in search. Still cool stuff, esp talking to Carl.

” We [IBM] often had team meetings between Japan, Germany, and Israel that we’d convene for weeks. ”

Israel (Haifa) is where they do a lot of their processor research for POWER and verification with formal falsification (esp RuleBase). Did you get to work on any of that stuff?

“and a very light, think of OS-9 or QNX’s microkernel design”

John Nagle keeps mentioning QNX on Hacker News due to it’s ultra-clever, performance optimizations plus general properties for reliability. He always insists someone should make an open-source version of it that keeps those properties. I was concerned the optimization(s) might short-cut separation too much with a security vulnerability or two lurking in there. Too much to analyze, though. I figure you’ve already done analysis if you used it given how you work. What’s your thoughts on that?

Note: I also like the INTEGRITY RTOS’s strategy of forcing user-mode processes to donate their own CPU time and memory for any kernel call they make. Not sure exactly how they do that but I think it’s really smart. I always push for any OSS microkernel to copy that somehow.

Nick P • October 29, 2015 4:39 PM

@ name.withheld

re personal account

Damn, what a story. Glad you made it.

re RTOS’s, etc

That makes sense. However, you have to admit that it makes sense to try to pick a versatile RTOS and component that you can reuse to amortize the cost of high assurance development. RTOS’s I don’t have a solid opinion on as, like you said, different one’s seem better in different situations. The reuse thing might be applied at interfaces, protocol engines, scheduling algorithms, etc with some reference implementations that can be modified from device to device. Not as easy as a compiler like CompCert where I say “just build on and improve what was verified already!”

Real trick on your end will be making the middleware easy to specify while the resulting implementation is both safe and efficient. The message passing schemes are often safer but not efficient if you’re really doing POLA. There’s shared memory schemes that are very efficient but not quite so safe. The schemes that are safe and fast usually can’t take advantage of a MMU, etc properly for protection. Kind of an open problem if we’re talking embedded. Will be interesting to see what you eventually come up with.

@ Wael, name.withheld, Clive, Figureitout

Free EDA?

Mentor Graphics just did something unusually modern: they put a browser/cloud-based EDA tool online for free. It’s free if what you’re doing is public and shared, while private projects have to pay a fee. The tool does design and simulation for combinations of analog, digital, mixed-signal, and mechanical systems. Already a bunch of circuits online. Go give it a spin and see what it can do.

Note: Don’t put anything significant on it unless you read the license carefully. I’m sure you all already know that, though. 😉