Anonymous payment for hardware tokens

[NIIBE Yutaka]

Thank you for your exact comment and discussion.

On 2015-02-04 21:56 +0900, NIIBE Yutaka wrote:
> I meant, something in a JTAG/SWD protocol layer (not by user
> program), built-in _hardware_ feature by semiconductor manufacturer to
> show hash of flash blocks.

On 2015-02-04 14:34:29 +0100, Peter Lebbing wrote:
> But Gnuk is not secret, so the flash doesn't need to be read-protected.

True.  For Gnuk, the code is not needed to be read-protected.

The reason why Gnuk is used with flash read-protection is that: the
granularity of flash protection of (cheaper versions of) STM32F103 is
all or nothing, and we use the read-protection for private keys.

In some sense, Gnuk users depend on the existence of (the practice of)
non-free software.  (This view matches our Buddhism view, by the
way. :-)

> And if you need a JTAG programmer to read the hash, you might as
> well reflash the MCU to your known-good Gnuk.

Yes, I'd rather do that for myself (with/without checking its hash).
Besides, I'd like to promote everyone has programmer (possibly with
free firmware).

My point of built-in hardware feature is not particularly for Gnuk,
but for general purpose.  It's OK not everyone checks its hash for
every product, but, it is important for an MCU to have this feature,
so that the existence of this feature can lower the possibility of
effective attacks.  The fact "we can validate the product" itself
makes sense, I guess.

> All nicely academic musings, in the sense that I don't see an MCU with this
> feature coming to the market soon...

Thank you for your interesting examples.  Morse code by piezo speaker
would be good for me, if not patented.

Well, I'm always wrong, but I believe that engineers in semiconductor
industry is clever in general, and silicon real estate is getting
cheaper to have some room for the feature.

No, I don't bet, though. ;-)
--