Self-Hosting (Almost) All The Way Down
A FPGA-based Fedora-capable computer that can rebuild its own bitstream
- Track: RISC-V devroom
- Room: K.4.601
- Day: Sunday
- Start: 09:00
- End: 09:40
- Video only: k4601
- Chat: Join the conversation!
I will demonstrate FPGA-based 64-bit RISC-V computer, capable of booting and running the riscv64 port of Fedora. Using Free/Libre packages available as part of the Fedora repositories, this machine is capable of recompiling not only its own software (e.g., kernel, glibc, gcc), but also its own gateware (i.e., FPGA bitstream), completely from source code, all the way down to (but not including) the physical (FPGA) silicon.
Modern hardware development shares many similarities with software: design and specification in a programmatic hardware description source language (HDL), and compilation of said sources into either photolitographic masks etched into silicon for Application Specific Integrated Circuits (ASICs), or into configuration data (bitstream) for a Field Programmable Gate Array (FPGA).
Hardware vulnerabilities (accidental or intentional) can be inserted during any such lifecycle stages: as part of the design in HDL sources, during compilation where buggy or malicious toolchains generate malfunctioning designs from clean HDL sources, or during ASIC fabrication, where masks are altered to etch backdoors or Trojans directly into the silicon.
Once fabricated, ASICs are difficult, expensive, and impractical to check for vulnerabilities, which can be as bad as a privilege escalation backdoor allowing for a total system compromise, even in the absence of any software exploits available to the attacker.
Let's begin by mitigating against ASIC fabrication-time backdoor insertion by using soft-IP-core hardware blocks on FPGAs, which are fabricated in the absence of any knowledge of the final design details, and also consist of a regular grid of identical, generic configurable blocks -- making it easier to inspect for defects.
Having settled on FPGAs for hardware designs requiring enhanced assurance, we can mitigate against HDL source and toolchain vulnerability insertion by insisting on openly available sources to both, and on the ability of the system to be self-hosting, i.e., to rebuild everything, from source, without relying on assistance from any external "black box" or proprietary components.
I will demonstrate a Fedora capable RISC-V computer based on the Rocket CPU, using LiteX for the rest of its chipset, deployed on a Lattice ECP5 FPGA board, with the bitstream generated from sources by a fully Free/Libre toolchain consisting of Yosys, Trellis, and NextPnR. Most importantly, the computer will be capable of (slowly) rebuilding its own bitstream, by being capable of directly executing the Yosys/Trellis/NextPnR toolchain.
Speakers
Gabriel Somlo |