The fact that tampering resistant (i.e. make tampering more expensive / complex) processors like developer.arm.com/products/proce require signing an NDA to learn details about the mitigations just goes to show how little faith the designers of the hardware have in their own creations.
Conversation
Replying to
Resistance to physical attacks can have value, but it's a losing battle. If it's a decent design, they'd publish details on how it works to promote it. A good lock doesn't rely on an attacker not knowing how the locking mechanism works. It relies on per-device hardware secrets.
1
1
7
Anti-tampering for computing hardware is primitive and relies heavily on design secrecy and piling on complexity to increase costs. It's just like piling on weak software mitigations not providing fundamental security properties. It can raise costs but it's hard to quantify that.
1
6
Replying to
No, it's not possible. It's like claiming to have a lock that cannot be picked. Some level of tamper resistance is possible and can be useful, but it isn't part of the fundamentals needed to make a hardware security module useful. See the previous thread.
Quote Tweet
A Trezor is a mini computer keeping access to the seed contained to an isolated component with on-device display / confirmation. It's wrong to expect that an attacker with physical access won't be able to extract the seed. That remains true with an obfuscated secure element too.
Show this thread