A computer with provable immunity against hacking
Dauug|36 is an open-source minicomputer for critical infrastructure, where the end user has the final say in all design and manufacturing aspects of the hardware.
Unlike contemporary computers that contain non-inspectable, proprietary semiconductor complex logic such as microprocessors, FPGAs, PLDs, and ASICs, the Dauug|36 architecture is built using surface-mount technology using only simple, generic components with dependable characteristics. Inside its security perimeter, a Dauug|36 contains only these logic elements:
- buffer
- inverter
- AND
- OR
- NAND
- NOR
- XOR
- D flip-flop
- SRAM
It is this last component, synchronous static RAM or SRAM, that makes Dauug|36 a competitive machine for many of today’s applications. The architecture is entirely open-source, and physical inspection of an assembled system requires only millimeter-scale visual observation and continuity testing. Only maker-scale assembly tools are necessary, allowing the builder to use hot air hand soldering with tweezers, a reflow oven with a small pick-and-place machine, or any combination. Neither a semiconductor foundry nor purchased VLSI complex logic are involved in sourcing the minicomputer.
Dauug|36 security benefits
Dauug|36 was designed from scratch to exclude exploitable hardware defects, whether they originate in longstanding custom (e.g. arithmetic wraparound), undue complexity (e.g. RowHammer, Spectre, Meltdown), or intentional backdoors (e.g. Clipper). There is no dependence on foreign countries—regardless of where you are—or semiconductor companies for trustworthiness, because the system owner’s own soldering and firmware determines the logical connectivity and operation of the computer. There isn’t a microprocessor or anything like one anywhere in the design.
Compare the following Dauug|36 characteristics to any other computer architecture on the planet, and decide for yourself.
- Sticky, consistent overrange flag for arithmetic
- Stratified opcodes for heterogeneous register signedness
- No privilege escalation via stack
- No access to stack except via
CALLandRETURNvariants - Code and stack memory inaccessible via
LDandSTOopcodes - No branch to addresses not hardcoded in
CALLorJUMP - Faultless paged virtual memory without overcommit
- No privilege escalation via CPU
- No DRAM or DRAM-associated vulnerabilities
- No VLSI complex logic except in attached peripherals
- Every peripheral isolated to its own bus and buffer memory
- No CPU persistent state except for one firmware IC
- No MEMS oscillator for age- and frequency-selected attacks
- No firmware modification without physical access
- No parts that can’t be hand-soldered and probed afterward
- No secret functionality
- No unexplainable S-box constants
- No vendor lock-in
- No encrypted or closed-source firmware
- No license fees to build, use, or modify
- No purpose-of-use limitations
- No planned obsolescence
- No right-to-repair infringements
Dauug|36 specifications
| System classification | solder-defined minicomputer | |
| Logic family | SRAM with 74AUC | |
| Memory protection | paged virtual memory | |
| Multitasking | cooperative or preemptive | |
| Word size | 36 bits | |
| CPU speed | 16–20 MIPS | |
| Number of opcodes | 190 and counting | |
| Maximum code RAM | 4Mi × 36 bits | |
| Maximum data RAM | 8Mi × 36 bits | |
| Registers per program | 512 | |
| Programs ready to run | 256 | |
| I/O buses | planned: SPI and I2C | |
| Hardware license | CC BY 4.0 Intl. | |
| Firmware license | CC BY 4.0 Intl. | |
| Operating system | Osmin or owner-supplied | |
| Design lifespan | 30 years | |
| Manufacturer | anyone |
Dauug|36 limitations
Because Dauug|36 is built at human-visible scale, the speed of light and capability of the underlying components produce a different kind of computer than any other on the planet. Compared to recent single-board computers, a Dauug|36 minicomputer is larger (about 25 x 25 cm), more costly ($1,000–$2,000), slower (about 16 million instructions per second, or MIPS), offers less primary storage (4 Mi x 36 bits code + 8 Mi x 36 bits data), and requires more power (10 watts estimated). Moreover, Dauug|36 breaks compatibility with every prior computer on the planet so that its design can be correct. But for applications where these drawbacks are acceptable (and there are more than most people realize), provable immunity to hacking makes this architecture very attractive.
Present status and progress toward availability
- An electrical simulation of the circuit board works for some 190 opcodes.
- The maximum simulated speed is 16.729 MIPS across −40 °C to +85 °C.
- Paged virtual memory and preemptive multitasking work correctly.
- Paravirtualized I/O is available via the simulation.
- A boot loader, several sample programs, and dozens of regression tests work.
- An operating system kernel is written, working, and documented.
- The design still needs an I/O subsystem and a firmware loader. These tasks are up next.
- A clock skew concern also remains to be addressed.
- I will build a physical prototype once I am satisfied with the hardware design.
Once the prototype is working, anyone who downloads the hardware design and firmware will be able to replicate the machine.