Please excuse the new account, I don't work for them, but https://www.nxmlabs.com . Maybe the hit will cause one of them to chime in.
Their pitch deck was about flashing keys into a root of trust at the fab, then using those as a way to do different types of decentralized or federated firmware integrity attestation. They had some quiet traction with some chip manufacturers and in defense and aerospace and at the time, they were the only ones I thought were really bringing something new to the space.
I'm trying to read this charitably but can't. As far as I can tell, they're describing the concept of "fuse some keys into chips" (and/or "use a PUF"?) and "do secure boot". Where's the novelty? All I see is PR and bad, bad vibes.
Is there a decent technical document available that actually describes their improvements over the SOTA? Without that, the impression I get is that somebody is trying to dazzle non-technical investors with bullshit.
Pretty much every major company in the space will have a team or even several dedicated to digital IC security. Qualcomm, Intel, Apple, Mediatek, Xilinx, and probably Google and Amazon now as well. I attended a really interesting pre-COVID lecture series given by some engineers in one of Qualcomm's teams that started with crypto/security basics and eventually got in to more advanced techniques like side channel attacks. I had a lot of questions related to our own products that they couldn't answer in the name of secrecy.
Offensive or defensive? For offensive (at least in the non-classified space), major players include e.g. Riscure.
A fun historical quirk about chip-level security is that most of the experienced people and firms have at least some ties to cable/satellite TV piracy (on either side of that).
How could they be doing good work unless they can actually analyse the code running the CPUs? We're dealing with black boxes and wondering why we're missing things so often...
reply