Slashdot Mirror
Project IceStorm Passes Another Milestone: Building a CPU
beckman101 writes: FPGAs — specialized, high speed chips with large arrays of configurable logic — are usually highly proprietary. Anyone who has used one is familiar with the buggy and node-locked accompanying tools that FPGA manufacturers provide. Project IceStorm aims to change that by reverse-engineering some Lattice FPGAs to produce an open-source toolchain, and today it passed a milestone. The J1 open-source CPU is building under IceStorm, and running on real hardware. The result is a fairly puny microcontroller, but possibly the world's most open one.
I'm pretty sure CPUs are supposed to be closed so as to keep dust out.
There are plenty of fully open source CPUs around.
There is a community building CPUs from discrete logic (http://mycpu.selfhost.it/), from transistors (http://www.extremetech.com/computing/128035-how-to-build-an-8-bit-computer-from-scratch) and even from relays (http://www.nablaman.com/relay/).
There are also Forth CPUs which are freely embeddable into a FPGA (the J1: http://www.excamera.com/sphinx/fpga-j1.html) and which can be purchased now (http://excamera.com/sphinx/gameduino/).
Forget the future, they are here and they are advertised as features:
https://en.wikipedia.org/wiki/...
It's kind of the same issue with open source software, as far as the "most people don't care" aspect, but at an even greater disadvantage that open source software. I don't have a chip fab (at least I could compile open source software), and so even if I were capable of understanding the chip design, there's not much of a guarantee that the physical chip I purchase doesn't have some proprietary back door built into it.
Like most people, I'm even lazy about the open source software I use. While I try to download from trusted sources, there's no guarantee that what I actually install matches the current stable version in the repo. I'm taking a leap of faith.
In both cases (including the former where I indicated my ignorare about chip design), presumably I am counting on other experts to understand the chip or understand the source code for me, but only in the latter case could I actually assemble the product myself in order to guarantee matching the reviewed, stable code.
--Jim (me)
Most people don't care because they aren't even interested in computers.
If you talk about Slashdot readers then they have all read enough articles to know that open source itself doesn't provide a perfect protection against backdoors.
You also have to read the source to see that no backdoors are put in place, and you need to build the executable to make sure that the version you are running isn't built from a version of the source with backdoors in it.
Now, assume that a processor like this becomes as mainstream as Intel and AMD CPUs, do you really think it is impossible to manufacture an FPGA with backdoors?
For people to use the CPU it has to reach a stable point at some time. A stable CPU and a stable toolchain to build it will have a known layout and can be targeted with backdoors in the FPGA in the same way the CPU would have backdoors.
So knowing that it isn't sufficient to just have an open design but that you also need to verify the hardware, why just not just skip the open part and verify the hardware directly?
As a Slashdot reader you should at least have seen the reverse engineered 6502 visualizer. It is a much simpler CPU, but it has been reverse-engineered and its function is emulated in javascript with the transistors of the chip lit up. No room for backdoors there.
A similar analysis has been done for the M68000, I couldn't find the slides from the presentation on it I saw, but here is a pdf with a rough overview that doesn't go into as much detail.
Since you need to do that kind of analysis of the FPGA anyway it seems to me that the open source CPU part is more about "Not Invented Here" than about protecting against backdoors.
That means that most people who you would think would care. They like the idea of it, but not this implementation since it isn't the one they did themselves.
? Program Forth in who want
They don't understand that Intel/AMD CPUs could or will have backdoors. If not now, then very soon in the future.
I usually decap my CPUs and inspect them before installing them. I haven't seen anything suspicious so far.
The real problem is Windows. Having to disassemble/inspect the OS before installing wasn't too bad, it's the constant stream of patches that gets me down.
No sig today...
At some point you have to trust someone, be it the distributor from whom you're getting the os, the manufacturer or reseller supplying the hardware or even the supplier of the compiler...
The only thing you can practically do, is ensure everything you use is available from multiple opposing sources... Something that's in use by both the us and russian governments is unlikely to be backdoored as both organisations have sufficient resources to perform the due diligence checks.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I am not much better. I do, sometimes, review the source for interesting parts. At best, absolute best, I will find a bug and then go through the code and see if I can actually determine a fix. If I find a fix I send the code to the authors for inclusion and, obviously, with no strings attached. I have been able to do that on only a trivial number of occasions, I can think of three though it may have been more for I am old and my memory is faulty.
"So long and thanks for all the fish."
You can actually see some of the Windows source code if you want. You must sign an NDA and you have to justify your access (at least you did while I was still in the MVP program - and that was as an MVP, some of the most trusted folks) but the program to do so is called the Shared Source Initiative or at least was. Meh, a quick Google indicates it still is.
So you can see the source, in part, if you want to. We had to tell them what we wanted to do with it (usually it involves tying an application in cleaner or a security review) but I never saw or heard of anyone getting denied when the program started and for the first few years that I was involved in it. Hell, they let *me* access it and I was known as the Linux geek amongst the group. (It took correction, on my part, to point out that I was a Unix geek. I have only recently switched to almost all Linux and little Unix.)
Anyhow, for those curious, I was an MVP in Shell, Security, and IE/OE. It was kind of fun. The rewards were nice and the community was cool. They accepted that I was not a zealot for Unix (nor a Microsoft zealot). I just use what suits my needs best for the task at hand. I stuck around for quite a while, helping many thousands of people in their newsgroups and on a site/forum that I ran at the time. Eventually I had some issues where I fell in love with a girl and we meandered across the planet without much direction. I had little time and stopped participating and was not re-awarded. She is gone and I just pay for my MSDN subscription. Life is easier.
"So long and thanks for all the fish."
An Intel i7 Quadcore has 1.7 Billions transistors on board. A Haswell E 18 Core monster chip 5.5 billion. Even a simple ARM Cortex has 26 million transistors.
Do you think any single person at Intel knows everything about such a chip? Even the experts of the experts? How do do you think you are going to even comprehend such a thing even if it is open source? It really makes no difference, and no open source community is going to design a modern high-performance CPU. Intel invested 10.6 billion in R&D in 2013.
At some point you are going to have to start trusting someone. Why everything has to be open is beyond me.
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
Do you think any single person at Intel knows everything about such a chip? Even the experts of the experts? How do do you think you are going to even comprehend such a thing even if it is open source? It really makes no difference, and no open source community is going to design a modern high-performance CPU. Intel invested 10.6 billion in R&D in 2013.
Intel is bound by the requirement to run legacy software. Even an ARM system effectively has to be able to run it. A designer of a new open system would have no such constraints. Thus, no need to invest $10.6B and 5.5 billion transistors to reach a reasonable result for a wide range of applications. Attempting to review or redesign an Intel system would of course be a folly, but also completely pointless to begin with.
Ezekiel 23:20
Eh. When laying out silicon, you generally use libraries of simple parts you chain together. You make a register once, and then you replicate it each place you need a register. A TON of those transistors are cache, which is the same pattern repeating over and over again.
I'm not saying there's anyone who's looked at every transistor, but there's probably somebody who's looked at the layout of a cache cell, a register, an ALU, standard multiplexers, etc.
We don't have a state-run media we have a media-run state.
This is cool stuff. Here's some other stuff I found recently for anyone interested in messing with bitstreams, creating an open-source FPGA, or doing hardware more easily. Hardware designers feedback is appreciated.
Open Source Bitstream Generation without R.E. or license violations: http://www.isi.edu/~nsteiner/p...
Archipelago - an open-source FPGA with toolflow support: http://www.eecs.berkeley.edu/P...
Cx, open-source, hardware & synthesis language: http://cx-lang.org/
QFlow Open-source Flow from behavioral synthesis to detail routing: http://opencircuitdesign.com/q...
Have fun people! Especially building on the first two. I'd appreciate experienced people telling me how good the Cx system is for (a) people doing FPGA with high-level synthesis tools and/or (b) beginners using behavioral verilog wanting something better.