Anonymous payment for hardware tokens

NIIBE Yutaka gniibe at
Wed Feb 4 13:56:57 CET 2015

On 02/04/2015 08:59 PM, Brian Minton wrote:
> Showing a hash wouldn't prevent a malicious entity from making a
> fake token that prints whatever hash the user expects. There's no
> way to verify that the hash is if code actually on the device, or
> that the hashed code is the only code on the device.

Thank you for your insight.  Yes, if "show"-ing is by its program, it
could be also fake.

I meant, something in a JTAG/SWD protocol layer (not by user
program), built-in _hardware_ feature by semiconductor manufacturer to
show hash of flash blocks.

Scenario is like:

   (1) Firmware is written to flash ROM on MCU, by a firmware author.
       Possibly it's protected to be read.

   (2) It is possible for an end-user to send command to MCU by
       JTAG/SWD channel (even if flash ROM is protected).  Like:

       show_hash <BLOCK_NUM_START> <BLOCK_NUM_END>

   (3) An end user can confirm that the hash is the correct one as the
       firmware author says.

Does it make sense?

Sorry, I should have written down clearly, in the previous mail.

More information about the Gnupg-users mailing list