SoylentNews is people
SoylentNews
http://www.bbc.com/news/technology-40326544
A European Parliament committee wants end-to-end encryption to be enforced on all forms of digital communication to protect European Union (EU) citizens. The draft legislation seeks to protect sensitive personal data from hacking and government surveillance. EU citizens are entitled to personal privacy and this extends to online communications, the committee argues. A ban on "backdoors" into encrypted messaging apps like WhatsApp and Telegram is also being considered.
[...] "The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, email, internet phone calls and personal messaging provided through social media," said a draft proposal from the European Parliament's Committee on Civil Liberties, Justice, and Home Affairs.
(Score: 1) by pTamok on Thursday June 22 2017, @05:41PM (2 children)
The thing is, ARM don't sell chips. They sell chip designs. What you buy from ARM is a Hardware Description Language (HDL) description of an ARM processor, which you then get a foundry to build for you. The US military have access to trusted foundries*, so can get their supply of ARM chips from trusted foundries, and also, because they buy the HDL, can audit the design.
Buying actual pre-made chips is different. ARM don't sell ARM chips. If you buy a chip with an ARM core, you have to trust that the foundry haven't added (or been forced to add, for National Security reasons) their own modules to the HDL.
*Look up "Trusted Foundry Program" in your Internet Search Engine of choice. There is a list of trusted foundries here: http://www.dmea.osd.mil/otherdocs/AccreditedSuppliers.pdf [osd.mil] ; and more details here: http://www.dmea.osd.mil/trustedic.html [osd.mil] . Many of the links you find in the search go to .mil domains and raise alarms in browsers, as the TLS certificates are not in the browsers's list of trusted certificates and/or the CA authority is not known to the browser.
(Score: 2) by bob_super on Thursday June 22 2017, @05:53PM (1 child)
I used to sell chips with ARM cores inside to military suppliers.
I was not allowed to listen to the Classified discussions between our Cleared guys and theirs, but whatever was revealed in those briefings did not prevent the chips from being considered in the context of Classified programs.
(Score: 1) by pTamok on Thursday June 22 2017, @08:30PM
You don't say if you worked for ARM, a foundry, or someone else. I'll guess not ARM.
If the foundry using ARM's intellectual property were a trusted foundry, then there's no problem. It doesn't mean ARM processor cores in general should be trusted, it just means that chips built in trusted foundries using ARM's intellectual property might be trustworthy for your purposes, assuming the foundry is trusted by you.
ARM do not sell chips, they sell licences to implement their chip design. Once you have their HDL, you can audit it, but you also need to make sure the implementation in the foundry is trustworthy. Quite apart from someone adding a hardware module that you don't know about in the HDL, there are hardware hacks to compromise chips that are difficult to detect for example: https://phys.org/pdf298789584.pdf [phys.org] . The paper two which it refers should be at http://people.umass.edu/gbecker/BeckerChes13.pdf, [umass.edu] but is now a 404. The Internet Archive has a copy here: https://web.archive.org/web/20140209150713/http://people.umass.edu/gbecker/BeckerChes13.pdf [archive.org] - it is interesting reading.
ARM may well be selling designs without back-doors. But ARM have no control over what you subsequently do to the design.
(By the way, although I'm talking about foundries and HDL, foundries don't actually get to see the HDL - they get layout masks. They key point is, though, that you have to be able to verifiably trust all stages in the chip's manufacture.)