Moral from the original ACM paper: “The moral is obvious. You can’t trust code that you did
not totally create yourself. (Especially code from com-
panies that employ people like me.) No amount of
source-level verification or scrutiny will protect you
from using untrusted code. In demonstrating the possi-
bility of this kind of attack, I picked on the C compiler.
I could have picked on any program-handling program
such as an assembler, a loader, or even hardware mi-
crocode. As the level of program gets lower, these bugs
will be harder and harder to detect. A well-installed
microcode bug will be almost impossible to detect.”
And that’s why it makes sense to use RISK-V processors made by yourself, instead of processors by other companies.
But make sure you have drawn the masks yourself and not used generating software by some other company, or there may be malicious changes done by them.
I didn’t watch the video but thanks to you, I know it was on “Reflections on Trusting Trust”.
Moral from the original ACM paper: “The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from com- panies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possi- bility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware mi- crocode. As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect.”
And that’s why it makes sense to use RISK-V processors made by yourself, instead of processors by other companies.
But make sure you have drawn the masks yourself and not used generating software by some other company, or there may be malicious changes done by them.
I didn’t watch the video but thanks to you, I know it was on “Reflections on Trusting Trust”.
deleted by creator
deleted by creator