Latest hardware architecture without any (patchable) firmware components
most people will probably know that not only every modern PCs include a whole bunch of HW components, which contains (patchable / modifiable) firmware: Looking at x86 based HW, this fact is valid at least since the introduction of the PCI standard - Virtually every PCI component contains such firmware, and it can be said for sure that since a certain point of time those firmware components could also be 'patched' not just by physical, but also by remote access (if anyone should be interested in this: much more info on this can be found on blackhat.com etc.). This possibility of firmware being able to get patched / modified by remote access (to give a concrete example on how this can be done: e. g. network devices receive so-called 'magic numbers', which set them to a certain mode - from this point on not only the network device, but the whole system can get 'patched' / compromised ) could be considered as a 'flaw in design (on purpose)' security risk, which would apply to this whole issue.
Now my big question is: Which HW architecture (or a concrete microcomputer) would 1) not contain ANY patchable firmware components, while 2) providing the highest performance / usability?
E. g., I could say that this would apply to the C128, which has a quite powerful Z80 CPU inside (and which would allow running a custom designed Linux / 'Linux-like' distro on it, and which would also allow someone to access the internet for basic things like sending e-mails).
In my opinion, this would not applicable for any Amiga model - But what about other systems based on the 68000 CPU (which would be probably more suited for running a Linux distro on it and providing internet connectivity / usability / performance compared to the Z80 CPU), like the original Apple Macintosh or Atari ST models?
Any hint on this would be highly appreciated.
I would bet that not even the C128 is bullet -proof. I seem to think on most Z80 platforms the address of the ROM routines gets copied to RAM at startup to allow patching. Same as with Atari ST
Always looking for an Analogue Computer
I'm sorry for replying on this after one year - I've been so busy with several things that I missed checking the thread for replies, and it was just yesterday when I saw the very interesting reply posted by g4ugm.
I already sent him a PM, because his comment really aroust my interest regarding this particulat issue mentioned by him ("ROM routines gets coied to RAM at startup to allow patching"), but maybe there are some other people being interested in this aspect and know some stuff about this matter, so I'm going to address this issue in this thread as well, mainly quoting the PM I already sent, since that basically contains the relevant part.
Having thought about what g4ugm wrote, I think that he is right with his objection that even the Z80 can't be considered as being 'bullet-proof' regarding the question whether it would be 'patchable' in some way or not. I think the same issue (ROM routines getting copied into the RAM, therefore making them patchable) applies to the 6502 and related CPUs.
Does anyone know know a platform/system where this is not the case?
Or better still: Any system where this would not be the case AND which would be suitable for using it with a (minimalistic) implementation of Unix (like LUnix https://en.wikipedia.org/wiki/LUnix for 6502 based systems or Cromix http://majzel.blogspot.nl/2014/03/running-cromemco-cromix-inside-z80.html for Z80 based systems) or BSD?
I don't know whether you are interested in security-related issues as I am. After having done years of research on this I can definitely say that all those (OS or in another way software-based) approaches currently being developed for this purpose all create the opposite effect by making people 'build their own honeypot'. E. g. running QubesOS (an approach based on virtualization) on any kind of hardware which is being used these days will probably give people the perfect illusion of having found a '100% secure solution' - Until their network device receives packages containing 'magic numbers' which first set it into 'maintenance mode' allowing the network adapter's firmware to get 'patched', and from this point on it's no problem that the whole 'QubesOS stronghold' gets 'maintained' (which got demonstrated quite a while ago already, but obviously people are not interested in the largest attack surface, which is their hardware and not their OS/software).
Even when not considering this specific aspect, I wouldn't even trust open-hardware x86/x64 based solutions for related reasons (To mention only one among endless reasons for this: I remember a QubesOS security bulletin, which informed about that fact the XEN developers (!) openly admitted that they can't be 100% sure anymore whether they understand every single piece of the current x64 architecture, since it just became too complex - And it should be clear what this implies in regard to the security of QubesOS, which totally relies on XEN).
I once talked about this topic with developers of GNU Hurd, who are quite aware of all this, but believe that they can overcome those problems by the approach of isolation. I wouldn't be able to find better words than one of those guys, who (quoting from my memory) was able to put this whole fundamental issue in a nutshell by saying, "Well yes, it's a matter of fact that a modern computer can't be considered as being one system, but as multiple systems, which partly run independently while still being able to access/manipulate the other systems." (Maybe the ACPI subsystem is one of the best examples for this - But there are enough other components being affected by this as well [PCI components etc.].)
So that's the concrete reason why I'm very interested in this topic and think that it should be considered as being very important for finding ways to ensure informational security (if this is required).
Thanks in advance for any opinions and kind regards
I think that basically ALL platforms contain some type of vulnerability if you can get physical access. I see that even the Microsoft secure boot locked down systems have been found to contain easily patchable components.
I guess that as its safe to assume that all software contains bugs, even the simplest..
so it needs to be patched, so it will have security holes....
... and even the original UNIX had a back door... for example...
... I guess the other old adage applies, the only secure system is one no one uses.....
Always looking for an Analogue Computer
But this is exactly what I wanted to stress: Of course no computer could ever provide any kind of security if you 'invite the NSA for a cup of tea' (granting anyone physical access) - However, modern systems don't need any kind of physical access but can simply be 'patched' by remote access (s. above).
Preventing physical access is much easier to achieve than preventing your system to be patched by remote access. And I would assume that (just as an example) a C128 being connected to the internet can't get 'patched' by receiving packages containing those magic numbers, which is the case for modern systems' network devices (including the consequences of this).
BUT still you are right that Linux, BSD or any other OS running on such a system would still have many vulnerabilities - I think the first step should be to minimize the attack surface, and this is most definitely the existence of firmware that can be patched by remote access. Once you have closed this fundamental security hole you can start to figure out how a secure OS could be implemented on a secure hardware.
A C128 is probably secure but useless. Most things connect via some sort of ADSL router and these are all flashable...
Always looking for an Analogue Computer
1) If this router-specific problem can't be solved (s. below), connecting the C128 via TOR to the internet MIGHT be a solution for this (assuming that TOR could be considered to be 'secure', which I doubt though).
2) You are absolutely right that this problem regarding flashable routers is a big problem. I'm not sure though whether this really applies to all (affordable) routers, e.g.:
[Among all routers I compared regarding their possible vulnerabilities this at least appeared to be the most reasonable choice.]