We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Self-Hosting (Almost) All The Way Down

0
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of FOSDEM VZWFOSDEM VZW
 Somlo, Gabriel L.

Formal Metadata

Title
Self-Hosting (Almost) All The Way Down
Subtitle
A FPGA-based Fedora-capable computer that can rebuild its own bitstream
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
I will demonstrate FPGA-based 64-bit RISC-V computer, capable of booting and running the riscv64 port of Fedora. Using Free/Libre packages available as part of the Fedora repositories, this machine is capable of recompiling not only its own software (e.g., kernel, glibc, gcc), but also its own gateware (i.e., FPGA bitstream), completely from source code, all the way down to (but not including) the physical (FPGA) silicon. Modern hardware development shares many similarities with software: design and specification in a programmatic hardware description source language (HDL), and compilation of said sources into either photolitographic masks etched into silicon for Application Specific Integrated Circuits (ASICs), or into configuration data (bitstream) for a Field Programmable Gate Array (FPGA). Hardware vulnerabilities (accidental or intentional) can be inserted during any such lifecycle stages: as part of the design in HDL sources, during compilation where buggy or malicious toolchains generate malfunctioning designs from clean HDL sources, or during ASIC fabrication, where masks are altered to etch backdoors or Trojans directly into the silicon. Once fabricated, ASICs are difficult, expensive, and impractical to check for vulnerabilities, which can be as bad as a privilege escalation backdoor allowing for a total system compromise, even in the absence of any software exploits available to the attacker. Let's begin by mitigating against ASIC fabrication-time backdoor insertion by using soft-IP-core hardware blocks on FPGAs, which are fabricated in the absence of any knowledge of the final design details, and also consist of a regular grid of identical, generic configurable blocks -- making it easier to inspect for defects. Having settled on FPGAs for hardware designs requiring enhanced assurance, we can mitigate against HDL source and toolchain vulnerability insertion by insisting on openly available sources to both, and on the ability of the system to be self-hosting, i.e., to rebuild everything, from source, without relying on assistance from any external "black box" or proprietary components. I will demonstrate a Fedora capable RISC-V computer based on the Rocket CPU, using LiteX for the rest of its chipset, deployed on a Lattice ECP5 FPGA board, with the bitstream generated from sources by a fully Free/Libre toolchain consisting of Yosys, Trellis, and NextPnR. Most importantly, the computer will be capable of (slowly) rebuilding its own bitstream, by being capable of directly executing the Yosys/Trellis/NextPnR toolchain.