@wasamasa @sir Whisper Systems seems to have always made reasonable decisions in the past regarding Signal, so it is really puzzling why they want to open themselves up to so much risk. "Moxie: Blink twice if you're being coerced!"

So what's going on with Signal's new architecture that retains all user data? It seems like a total reversal of their previous stance and one that dramatically changes their threat model. Their new security properties rely entirely on SGX, which is barely secure against motivated home users, much less nation state adversaries.

Today's success: a risc-v softcore running C code, decoding the spispy fpga's control registers to monitor the data on the SPI bus. Works in simulation and on real hardware!

  • single SPI reads and writes are steered to the correct chip via logic in spi_clk_in domain
  • Reads that span the chip boundaries work fine
  • Writes are not allowed to pass chip boundaries (since they are page aligned)
  • Writes are currently passed through unchanged, which is incorrect for NOR flash, although a buffer is in place to emulate it.
  • No serial communication is in place yet.
  • qspi works in the simulator, need to wire up the direction of the IO pins for quad reads on real hardware.

The easy part of FPGA projects is wiring them: just plug into whatever pin is convenient! That hard part is actually writing working Verilog that can handle clock domain crossing to external devices.

@f0x PGP uses a byte as specified in ISO/IEC 5128:2004, which only defines 0, 1, 2, and 9, leaving 252 possible new genders for your key.

Show more
(void *) social site

(void*)