I post here to clarify a few things about efuses and their possible use.
The technology of efuses is not new, they were the basis of old one time programmable rom chips (OTP-ROMs), the predecessors of today's eeproms and flash chips. You could write these chips once once, by burning out bits with the writing voltage. When you were done with the programming, you could burn the write enable fuse and make the otp-rom a true rom. Until the write enable bit was burned you could erase the memory by burning all fuses of an already written address. (either to all zeros or all ones depending on the design) This technology is still in use in pic microcontrollers with one time programmable memory, but slowly gets pushed out by cheap flash based ones. But even some flash based ones have a write disable bit in their configuration range, that allows full write or even external read protection. The technology is good enough to be used as memory but the size of a classical efuse comes from the 20 year old process that was first employed them, so they are quite large compared to today's transistor sizes. The programming is usually done with a serial programming interface and once completed, it can not be undone.
Now for the uses of such circuits. They are used on today's intel cpus to disable certain features, lock clock frequencies and allow higher yields by allowing redundancy in certain circuits. On the normal ibm power cores, they are used to disable broken cache lines and activate the reserved backup lines. They can be used to deactivate certain computing elements too and to allow for a microcode patch. The ibm cell cpu has 8 i/o processors but only 7 of them are active. One is a manufacturing reserve, so if one of the 7 cores blow during manufacturing they can use the reserve one and still sell the cpu as a fully working one.
Another use for efuses is the secure storage of serial numbers and enrcyption keys. Once programmed the only way to read them would be to cut the chip and use an electron microscope to scan them in. This was reportedly done by some eastern european nations during the cold war.
What is needed for a secure cpu? A public/private keypair that is unique for every cpu, and the public part of the manufacturer key so they can issue bulk software. According to the ibm documentation, there is a possiblility that some parts of the cpu cache are never swapped out. The graphic chip reportedly uses this area for communication with the cpu. The so called hypervisor can reside in this memory area too. During the boot process, the cpu reads in a flash chip and decrypts it's contents with it's private key. The chip is encrypted with the cpu's public key, so only the cpu could read it. All normal memory contents that gets swapped out of the cpu's l2 cache into the system memory will also get encrypted with the same key or some faster symmetric block ciper based on the private key. The os that later gets loaded into the system can't decrypt data signed by the manufacturer. For this it has to ask the hypervisor. So the encryption is double, everything in ram is encrypted by the cpu key and every data that is on an inport media is encrypted by the manufacturer key. The os can't break the cpu key since it never sees it and can't break the manufacturer key, because the hypervisor never let's the os touch it. The hypervisor can even check the os and even every data file for consistency and refuse to boot it if it's not signed with the right key.
For secure network communications we need two keypairs. A private/public pair on each side and the other side's public key, so man in the middle attacks can be deteced. For normal public key exchange there is a fingerprint, but it has to be validated on a different channel, this is what certificate providers are for. If the public keys are exchanged during manufacturing there is no need for that. This model also allows device locked downloads, where the content is encrypted with the public cpu key, only allowing the content to be played back on the hardware that has the right key embedded. This technology is already in use by some mobile phone manufacturing companies like sony ericsson, but its usage is currently not enforced by network operators.
In the end, some speculations and some advice. First there is a high chance that the new cell chip, also made by ibm will have a similar strategy, since the hypervisor can allow unsigned content or even a full os (linux) to be run on a system, even along with trusted content. For the xbox360, a good example of this is the possibility of external flash connectivity for the playback of unsigned mp3s.
How can it be turned off? It can't be, but you can do three things:
-get a working singing key (possible for dev boxes only, they have a per box manufacturer key)
-get the release signing key (possible, but almost as hard as getting the same for a credit card system)
-break any of the keys (it's a hard problem!)
-clear out the keys to a known value (not possible electronically since usually there is a write disable fuse, but can be done with concentrated radiation, as already shown for simple sim cards)
The last option is only possible with high tech equipment, present only in some laboratories. But they can even copy the whole chip and make a flash based version of it. (so you can swap keys, like you can do with ethernet mac addresses)
The third option is possible with enough computing power, but it's currently unknown how much.
Thanks for reading this.
Author
Topic: Efuses (Read 1053 times)