Hector Martin

Your posts just reminded me of it, so maybe it'll provide some new viewpoints for you?

i mean, I used to do silicon-level circuit design and layout, and architecture design. both at separate points, mind you, but i know the problem pretty well. the issue is that simple hardware is slow hardware, and asking for a complete architecture redesign is no small thing.

Like, it's hard to overstate the benefit of modern architecture changes. pipeline improvements, specex, etc, have made hardware /drastically/ faster by reducing fundamental bottlenecks. It's a tall order to ask people to go back to that level of simplicity.

That being said, my "ideal" solution to architecture problems in general isn't to fix architecture problems, its to have a physically separate introspection processor. One which is cheap, simple, open source, and replacable, which runs a watchdog firmware that monitors the CPU.

It's the easiest way to fix these flaws: have a fundamentally separate SoC with a small attack surface in a purely management role, which is responsible for confirming main CPU's behavior is in line with expectations. Like ME, but external and auditable.

How would this work? If it has to monitor everything the main CPU does, it has to be as powerful as the main CPU. If it doesn't, then you could make the main CPU do evil things that it wouldn't catch.

It wouldn’t be to different from monitoring software currently used. The goal is detection of malicious activity, so if you can do classification and identification fast enough you don’t need to replicate the CPU.

I mean, we all know antivirus doesn't work. Reactive technologies are great and all, but how would you fundamentally distinguish malicious behavior from normal operation besides known signatures?