If you're a technology user or even a systems designer, you deal with microprocessors as they are described by their manufacturers, having an enumerate list of capabilities and interfaces, there for you to use or ignore.

But (smart) hardware engineers know better.



The smartest hardware engineer I know is Andrew "bunnie" Huang, and he's not just brilliant, he's a brilliant explainer. In his latest post, "What is a System-on-Chip (SoC), and Why Do We Care if They are Open Source?" Huang reveals deep secrets of chips.


A System-on-a-Chip is a low-cost workhorse of computing, a single chip that contains all the components that were distributed across the motherboard of a PC a decade or two ago.


· · Web · 1 · 9 · 11

The SoC is ubiquitous - and mysterious.

First, SoCs are mysterious because of trade secrecy. The docs and errata (bug list) for an SoC run to thousands of pages, and can only be accessed after signing an intense and foreboding nondisclosure agreement.

But that's just the top layer. The real mystery lies within.


As Huang explains, the cost of adding new circuits to a chip is vast - $1m worth of new masks and a 70-day delay for each new circuit added in the design phase - while removing a circuit is far cheaper, $10k and a few days delay.

That's because the circuit isn't "removed," it's "deactivated": left in the chip but removed from service.

Chip designers start with TONS of extra just-in-case circuits, debugging facilities, and features, and chip them away through the design and QA phase.


Huang likens this to a sculptor chipping away the marble to leave behind the form within. But it's an imprecise analogy, because the chip's sculptors don't really remove the excess components, they just turn them off.

Michaelangelo: "Every block of stone has a statue inside it, and it is the task of the sculptor to discover it"

Huang: "Every SoC mask set has a datasheet inside it, and it is the task of the validation team to discover it."


All of this Dark Matter in our embedded systems constitute "a hazard for an unpatchable, ecosystem-shattering security break." Why compromise a computer's ROMs or bootloader when you can do code-injection from the SoC's built-in-self-test infrastructure?


What's more, SoCs incorporate components from a small number of vendors supplying designs for USB, DDR, and PCI controllers: "this means the same disused logic motifs are baked into hundreds of millions of devices, even across competing brands and dissimilar product lines."


This is chilling stuff, the kind of thing that can give you nightmares if you think about it for too long. Huang's essay originated as an update to backers of his crowdfunding campaign for the Precursor, an open-from-the-silicon-up mobile platform.



Precursor doesn't uses an FPGA, a far more flexibile (but slower and more expensive) alternative that users can reconfigure: "there is no dark matter in Precursor, as every line of code is visible for inspection. If bugs are found in the Precursor SoC, they can be patched."


Huang's post is mostly a fascinating look at how this FPGA-based SoC will work, but as cool as that stuff is, it's not my main takeaway here: that would be, "Holy shit, dark matter in our embedded systems is going to kill us all!"

Here's a link to the Precursor crowdfunder:


I'm a backer - and I've backed other Huang crowdfunders and I've never been disappointed.


@pluralistic it doesn't use an fpga, it uses two fpga's!! the fpga's both use open source designs on them. one is a kind of general system manager, the other bigger fpga is the main application processor.

@pluralistic me:Reading that it is cheeper to deactivete bloat later in the valadation process then it is to add new functionality. Oh no I know where this is going and I don't like it one bit.

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré

Mamot.fr est une serveur Mastodon francophone, géré par La Quadrature du Net.