This is the likely target for NSA. Intercepting supply chains for stock parts inside of China is not their specialty. Further, to bother with custom hardware would require substantial resources and time to develop before even getting it deployed. Nobody is going to do that. Bunnie's compiler just changed checksum...
To fight such an attack, the output of deterministic builds running on geographically dispersed systems with disparate stacks (physical, cloud, newly purchased, multiple OSs, etc.) may be compared before release.
The protected body of software should also include the firmware upload utilities.
Another attack, given the open source nature of the device, could be distributing cheap, compromised units broadly after the fact to ensure they are widely adopted.
>Intercepting supply chains for stock parts inside of China is not [the NSA's] specialty
>Another attack, given the open source nature of the device, could be distributing cheap, compromised units broadly after the fact to ensure they are widely adopted.
I like thinking about high-level threat models as much as the next guy, but these two statements seem to be at odds. Unless by "compromised units" you don't mean what I think you mean.
First was referring to supply chain interdiction for third party fabricators attempting to produce non-compromised units. Second was referring to active fabrication and distribution of compromised units to unsuspecting consumers.
Oh, ok. So its the difference between opening the box to put in a wayward chip, versus starting a factory who makes units with the wayward chip to begin with. Fair enough.
