Ultimately, you need to build your own CPU (and everything else) from discrete components (assuming the universe is not a malicious simulation, of course) and bootstrap on it by writing you first assembler in machine code (You ought to come up with everything from scratch, any exisiting designs might have subtle deliberate vulnerabilities). The actual question is at which point you’re willing to risk a compromised supply chain, i.e. how far does your, quite warranted, paranoia go.
While reproducible builds are a good thing, for a bunch of reasons the whole stack is built on top of someone else’s microcode running on someone’s CPU, running someone’s BIOS, etc.
During an Linux Conf in Australia I attended a talk discussing the chain of trust and the point was made that when you buy something from a manufacturer, it is assumed that it comes to you unaltered, but the question is, how would you know?
In other words, you need to trust something somewhere and build on that.
If you’d like to see a working example of a backdoored compiler, because to compile something, you need to also trust your compiler, here’s a good discussion and show and tell:
threaded - newest
Here by the way is Ken Thompsons original paper:
css.csail.mit.edu/6.5660/…/trusting-trust.pdf
This is not a theoretical concept. He proved that by building a compiler that subverted Unix’ login command.
Ultimately, you need to build your own CPU (and everything else) from discrete components (assuming the universe is not a malicious simulation, of course) and bootstrap on it by writing you first assembler in machine code (You ought to come up with everything from scratch, any exisiting designs might have subtle deliberate vulnerabilities). The actual question is at which point you’re willing to risk a compromised supply chain, i.e. how far does your, quite warranted, paranoia go.
While reproducible builds are a good thing, for a bunch of reasons the whole stack is built on top of someone else’s microcode running on someone’s CPU, running someone’s BIOS, etc.
During an Linux Conf in Australia I attended a talk discussing the chain of trust and the point was made that when you buy something from a manufacturer, it is assumed that it comes to you unaltered, but the question is, how would you know?
In other words, you need to trust something somewhere and build on that.
If you’d like to see a working example of a backdoored compiler, because to compile something, you need to also trust your compiler, here’s a good discussion and show and tell:
youtu.be/Fu3laL5VYdM