Noted maker Andrew 'bunnie' Huang has published an update on the Precursor project, an effort to create a pocketable development platform for RISC-V projects, in which he takes a look at the device's security — by trying to break through it.
Huang unveiled the Precursor project two months ago, promising a smartphone-like device which was as open as possible — to the point that its processing core is an implementation of the free and open source RISC-V instruction set architecture running on a field-programmable gate array (FPGA). The device is an offshoot of an earlier project to develop a high-security mobile communication platform — and the move to a more generalised device hasn't seen security abandoned.
"Making and breaking security go hand in hand. I’ve talked a lot about how Precursor, a mobile hardware development platform for secure applications, was made," Huang writes in a blog post on the project. "In this post, I try to break it."
Huang's blog post goes into considerable detail about how electronic devices are attacked and the means by which the Precursor design helps to prevent these attacks — including how implementing the CPU on an FPGA increases transparency to provide trustable hardware. But then there's a key secondary issue: "Despite any claims you may have heard otherwise," he explains, "tamper resistance is a largely unsolved problem."
The Precursor solution? Having discovered that the most likely physical attack against the device can be avoided by gluing the housing shut - but that any such protection could be bypassed, with enough technical knowledge and funding, by carefully CNC milling the case and PCB open to access the JTAG ports. "That being said, such an attack would likely be noticed," Huang notes. "In other words, if your device is functional and its seals intact, your Precuror has probably not been tampered with.
"But, if it is confiscated or stolen, you can assume its secrets could be extracted in as little as a few hours by a well-prepared adversary. This is not ideal, but this barrier is still higher than countless other 'secured systems' ranging from from game consoles to smartphones to crypto wallets that can be broken with nothing more than a data cable and a laptop."
Huang has confirmed that all Precursor devices will ship with an easy-to-mix binary epoxy in the box, allowing for the device to be potted post-inspection — and combined with self-generation of an encryption key and re-encryption of the FPGA bitstream, plus blowing a fuse which prevents the device from booting from any other source, the resulting handset should be as secure as it is reasonably possible to make it.