Nick, The larger context of all this issue is defense. So on one side there are the five eyes governments wanting it this way. On the other side(and probably very interested in 100% security), you might have various countries supporting terrorist organizations, terrorist organizations, crime syndicates, russia, china, etc.
Doesn't this context hints to us that 100% security would be much harder than creating some design and manufacturing it using standard fabs?
There won't be 100% security because underlying physics fights you and our field is too new. Best we can hope for is making attacks hard and physical. There's great work in secure HW/SW architectures that should knock out about all SW stuff with effort. Details published in all kinds of CompSci publications. HW, too, far as implementing it correctly with some security properties. The rest, esp tamper-resistence, is still in infancy far as having stuff that actually works.
Now, what we're talking about in this thread is having an ISA, chip implementation, firmware, and SW stack that is not a black box and is under your control. Preferably without built-in, convenient spyware. Mainstream FOSS users are currently so far away from this that it's a reasonable, interim goal. So, I had to bring up SPARC as an addition to the list that has side benefit of reducing legal risks.
Ok. Maybe that may work. But what about legal risks? extra-legal risks(like vanishing in the dead of night) ? soft risks - how would the wife of someone who is just the customer will respond when guys in black suits will come to her home ?
Or if you're method will work so well, are you sure TSMC/Samsung will even accept you as a customer ?
Because it doesn't seem like something that could scale without the legal/political side and that's really much harder than the tech(which is hard, no doubt).
Many big players have vested interest in hardware platforms that are not tampered with out-of-the-box, or open to easy tampering, by their adversaries.
The Chinese have an interest in having a hardware platform that doesn't have NSA code baked into it; the US government and major US corporations likewise want hardware that doesn't phone home to Unit 61398. The Russians don't want either but probably have their own ambitions. Etc.
I think that in the next few decades it will become quite accepted that you choose your platform based on who your perceived "adversary" is. If you're concerned about the NSA, you buy a system that's Chinese from soup to nuts. If you're concerned about the PLA, you buy from a vendor with the US Government seal of approval.
It remains to be seen -- and in truth, I am somewhat pessimistic -- about the availability of a hardware/software ecosystem that doesn't require compromise. Hardware fabrication is a capital intensive industry, and capital intensive industries are pretty vulnerable to coercion by the governments in which all their capital equipment sits. ("That's a real nice chip fab you have there. It'd be a shame if something...happened...to it. Maybe you want to reconsider your offer to help us out?")
An open architecture that you could get from any number of vendors, and perhaps use to keep the vendors honest, would be a huge step in the right direction, though. But the underlying problem is extremely hard.
> Hardware fabrication is a capital intensive industry, and capital intensive industries are pretty vulnerable to coercion by the governments in which all their capital equipment sits.
If the spec is open then it should be possible for a fancy lab to verify that the hardware is manufactured to spec, right? So if you have it manufactured in Taiwan but then have random samples verified by labs in the US, Japan and Europe, defectors could be detected. Then the manufacturer would have to risk destroying their business by getting caught inserting a backdoor.
Doesn't this context hints to us that 100% security would be much harder than creating some design and manufacturing it using standard fabs?