The Bootstrapping Exam: Escaping from “Trusting Trust”

&gt; Assuming you can trust your hardware. At this point hardware supply chain attacks are a real threat and nobody seems to know what to do about them. The problem seems somewhat intractable.<p>Which is a big assumption. Going to such extreme measures to bootstrap from scratch could be worth it if it provided an ironclad guarantee you couldn&#x27;t get any other way. But if, after all that, you&#x27;re still relying on a giant mass of proprietary code that just happens to be written in Verilog instead of C… then what&#x27;s the point?<p>That said, for a recent attempt to at least make progress on trustable hardware, see Precursor:<p><a href="https:&#x2F;&#x2F;www.crowdsupply.com&#x2F;sutajio-kosagi&#x2F;precursor" rel="nofollow">https:&#x2F;&#x2F;www.crowdsupply.com&#x2F;sutajio-kosagi&#x2F;precursor</a>

I assume step 7 could be accomlished by tccboot, a c compiler capable of booting linux straight from source code. Expand it with the possibiliy to show the hash of the source code in ROM. No POSIX system needed. You&#x27;ll need to translate the 140k C source to assembler, time consuming but not impossible.<p><a href="https:&#x2F;&#x2F;bellard.org&#x2F;tcc&#x2F;tccboot.html" rel="nofollow">https:&#x2F;&#x2F;bellard.org&#x2F;tcc&#x2F;tccboot.html</a>

This is the ultimate &quot;test your backups and recovery&quot; story. If we can&#x27;t do this all modern technology is at risk.