That was an amusing read. The big takeaways are even deliciously quotable:<p><i>The irony is that the feature designed to bring more security was the one that completely broke it.</i><p><i>Too much complexity: having lots of blocks that say “AES” and “RSA” in your plan might impress the boss, but it just adds to the attack surface. Always go with the simplest plan that secures against your threat model.</i><p>Security is hard to get right, and retrofitting security features into existing systems is ripe with very subtle traps. Add backwards compatibility into the mix and you've probably created a fragile Frankenstein.
<i>Finally, I will summarize the findings and provide a few tips to fellow engineers in hopes that these kinds of mistakes will not be made again.</i><p>On the other hand, those of us who like to actually own our hardware very much hope that these mistakes do happen again. :-)
A funny thing about the key generator. There was originally a project within the community to raise the funds to do a successful decap of the AES engine and key generator.<p>They successfully raised the $2000 before the person claiming to do a decap (Jl12) stole all the money and disappeared off the face of the earth.<p><a href="http://web.archive.org/web/20121227085042/http://3dbrew.org/wiki/Fundraiser" rel="nofollow">http://web.archive.org/web/20121227085042/http://3dbrew.org/...</a><p><a href="http://web.archive.org/web/20140209211220/http://3dbrew.org/wiki/Fundraiser" rel="nofollow">http://web.archive.org/web/20140209211220/http://3dbrew.org/...</a>
For anyone interested there is PS3 security explained and it's one more proof that complexity don't make system more secure:<p><a href="http://www.psdevwiki.com/ps3/Boot_Order#Chain_of_trust_Diagram" rel="nofollow">http://www.psdevwiki.com/ps3/Boot_Order#Chain_of_trust_Diagr...</a><p><a href="http://www.psdevwiki.com/ps3/Keys" rel="nofollow">http://www.psdevwiki.com/ps3/Keys</a>
Another illustration of the classic thesis "security should be built from the ground up and can't be added later". Also shows the importance of minimizing the attack surface. Would love to hear some inside stories about discussions that ultimately led to these implementation decisions.