Claire Xen  🏳️‍⚧️ 🏳️‍🌈 🧙🏻‍♀️ BLM  🏴 🚩

Why are crypto/smartcard ICs (for example ATECC608) always so poorly documented / NDA-walled? The software/networking space is very open (TLS, IPSec, etc) and use of a proprietary cipher vs something like AES is massively frowned upon. So why is sec-by-obscurity OK in HW??

If you're willing to go under the constraints of the NDA and various business practices to get access, some of the secure ICs are quite well documented and even have decent tooling. But outside NDAs and approved paths for access, info is limited.

That was my point. I can buy some of these chips in qty 1 on digikey, but without any documentation for the host interface I can't use them. And I don't want to sign an NDA for an open-source project.

It's not clear that signing the NDA and utilizing the chip in a real design would prevent you from producing open source software which utilizes the chip in your design. You just have to ensure every bit of what you code is strictly necessary to the design and don't explain.

Yes, but being under NDA would force you to not comment register writes, etc and generally produce poorly maintainable code. Unless you had a "secret" version of the code and then deleted the comments for the public copy.

If you have a "secret" version and only publish something with the comments removed then you are in violation of clause 2 of the open source definition, i.e. it is not open source anymore.

Interesting perspective. Are missing comments considered missing code in the spirit of "fully" open source? I wonder what @MicrochipTech has to say, given this conversation mentions their ECC608 crypto chip.