Long story short, this is really wanting me to obtain the gerbers for the motherboards I use, and verify the parts on the board are the parts listed. This the basis of open source hardware.
The next step is to obtain firmware for each chip, and compile and load it on all programmable chips. Again, but open source firmware.
Then moving up, we need an open source OS, which we have.
The last area is having open source silicon... but given that it's $10m minimum for a basic fab, this isn't happening anytime soon. Although, FPGAs could supplant some hardware. Then we'd need the synthesis code for the design.
Long story short, is there a way to make a trustworthy OS if you don't trust the underlying hardware? Is that even possible?
An xray or optical inspection would never be able to detect the doping of the silicon so it's possible to alter the behavior of the chip in such a way as to allow an attacker to cripple something like Intel's random number generator RdRand yet have this be basically undetectable in software.
University security would not be adequate for the purposes of attestation for the level of stringency required. Universities are primarily academic environments that specialize in narrowly focused ideas and they hold up poorly to eg nation state level exploitation.
You're building something for the purposes of verification, not manufacturing; it doesn't need to actually build working chips, it just needs to scan them. So you don't need the same level of exacting precision throughout the design+fabrication process. And so it's easier to build in not just 1 "ooh, interesting", you could build in 1,000. I really do think so.
We now have precedent that maybe there's vested interest in hiding stuff. So security requirements would be so high as to make the project unviable because of its domain obscurity.
Oh, indeed! What I'm saying is that if hardware was FPGA, we could reprogram with recompiled/resysnthesized FPGA code and upload with better-trusted code (think of binary reproducibility).
We still have to deal with 'trusting the compiler(synthesizer)' but with iceStorm, we're a good way there. It's still ugly around the edges, but I think this is one of the better ways forward in creating a fully supported FPGA platform (thinking the difference in microprocessor dev prior and after GCC inclusion of Atmels).
The next step is to obtain firmware for each chip, and compile and load it on all programmable chips. Again, but open source firmware.
Then moving up, we need an open source OS, which we have.
The last area is having open source silicon... but given that it's $10m minimum for a basic fab, this isn't happening anytime soon. Although, FPGAs could supplant some hardware. Then we'd need the synthesis code for the design.
Long story short, is there a way to make a trustworthy OS if you don't trust the underlying hardware? Is that even possible?