A Case For Open-Source Processors
The disturbing revelation of two critical CPU vulnerabilities – called Meltdown and Spectre – has once again sparked a debate over the security issues that are threatening us at the hardware level.
Earlier this year a group of security researchers disclosed that nearly every modern computer fitted with chip manufactured by Intel can be accessed by hackers via the two physical design flaws existing in the circuits of Intel CPU chip.
The first device flaw, Meltdown, opens the door for a malicious software to access our passwords and all the data stored on our system, while the second bug, Spectre, “allows a hacker to trick error-free programs into leaking their secrets”.
Add to this the confirmed existence of tiny ‘spy chips’ inside nearly all of Intel’s CPUs (the Intel Management Engine Flaws) and it becomes clear that we seriously need to consider to move away from highly proprietary hardware to an open-source hardware.
After all, what good is all that hard work that’s being put into improving the security of our software if the hardware is at least as vulnerable to cyber attacks?
Many would discard the idea of developing modern CPUs in an open manner as ludicrous, given the complexity and fierceness of the CPU market.
However, there are some ongoing initiatives that are probing the field for developing an open-source CPU design, and things could be about to change.
Linux kernel developer Jonathan Corbet, a firm proponent of the open-source hardware initiative, lists the OpenPOWER effort as one such initiative that could help tip the scales in favor of the open-source approach.
While not a truly open-source effort, OpenPOWER is an example of making a processor design available for collaborative development.
The downside of this effort is that it is focused on the high end of the computing spectrum, which means that chips based on this design are unlikely to appear on your laptop anytime soon.
Another initiative cited by Mr. Corbet is OpenSPARC, which saw Sun Microsystems open-source the design specifications of both the SPARC T1 and T2 processors via the OpenSPARC project.
This initiative, however, is already a decade old, and the few projects that have been running with it are yet to report on their progress.
Then there’s OpenRISC – an open design for a processor aimed at embedded applications.
Although some commercial versions of the OpenRISC have been produced, activity around its development seems to have stalled and OpenRISC appears to have lost some of the moments.
These days, it seems, the momentum is with the RISC-V architecture, a project primarily aimed at the instruction-set architecture (ISA) which was designed to facilitate the addition of ‘hardware acceleration techniques’ and extensions.
Western Digital recently announced that its storage products will be equipped with RISC-V processors, a decision that could see RISC-V be shipped by the billions.
For those that would like to tweak and play with this processor, there is a development kit with a number of designs for cores.
Unlike OpenRISC, RISC-V is also meant to be applicable across a broad variety of use cases, and its simple RISC architecture should’ be too difficult to make.
In terms of cyber protection, the RISC-V Foundation said in a media statement that its architecture was not vulnerable to Meltdown and Spectre because it did not perform any speculative memory accesses.
Taking all this into account, it is not difficult to see that the openness of its development model could enable swift implementation of the best security ideas from the community and improve our overall cybersecurity.