Thomas Koenig <[email protected]> posted:
It seems that the Federal Communications Commission (the US
authority) is requiring "all US-developed and made" for newly
introduced routers, effective immediately, see
https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-regarding-routers-produced-foreign-countries
For existing routers, at least security patches are sill allowed
for a year, at least.
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in
the face of current attack vectors; and much of the RISC-V funding
comes from China; I doubt it have much of a case here.
That is going to be interesting, especially even allied countries
like Taiwan (TSMC) are also excluded.
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
Could be a boon for RISC-V startups, but of course the CPU is
only a part - the Wifi modules are also required.
MIPS is dead, as is SPARC.
Not so sure MIPS is dead. I think chips are still shipping for
embedded uses. Also I think it's the basis for the Chinese LoongArch architecture.
In article <10q9sg9$1321e$[email protected]>, [email protected]d (Lawrence D_Oliveiro) wrote:
Not so sure MIPS is dead. I think chips are still shipping for
embedded uses. Also I think it's the basis for the Chinese
LoongArch architecture.
LoongArch switched to an architecture of their own in 2021.
<https://en.wikipedia.org/wiki/Loongson#Loongson_3_LoongArch_processors>
It seems that the Federal Communications Commission (the US
authority) is requiring "all US-developed and made" for newly
introduced routers, effective immediately, see
https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-regarding-routers-produced-foreign-countries
MitchAlsup <[email protected]d> schrieb:
Thomas Koenig <[email protected]> posted:
It seems that the Federal Communications Commission (the US
authority) is requiring "all US-developed and made" for newly
introduced routers, effective immediately, see
https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-regarding-routers-produced-foreign-countries
For existing routers, at least security patches are sill allowed
for a year, at least.
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in
the face of current attack vectors; and much of the RISC-V funding
comes from China; I doubt it have much of a case here.
Secure or not secure is not the issue, it seems the FCC does
not care about that.
They care production, which "generally includes any major stage of the process through which the device is made including manufacturing,
assembly, design, and development."
So, using ARM as the CPU for a router seems to be out; they are
UK-based. x86 CPUs are too power-hungry, so Intel and AMD are out.
MIPS is dead, as is SPARC. NXP might be able to revive PowerPC
for embedded applications in routers, but I somehow doubt it.
That pretty much leaves... RISC-V.
That is going to be interesting, especially even allied countries
like Taiwan (TSMC) are also excluded.
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
That would be good, but I somehow doubt that the timelines will
work out.
Could be a boon for RISC-V startups, but of course the CPU is
only a part - the Wifi modules are also required.
Not so sure MIPS is dead. I think chips are still shipping for
embedded uses.
Also I think it’s the basis for the Chinese LoongArch
architecture.
So, using ARM as the CPU for a router seems to be out; they are
UK-based.
x86 CPUs are too power-hungry
NXP might be able to revive PowerPC
for embedded applications in routers, but I somehow doubt it.
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in...
the face of current attack vectors
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
MitchAlsup <[email protected]d> writes:
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in...
the face of current attack vectors
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
What kind of security do you think an ISA can provide or subvert and
what attack vectors do you have in mind?
At first nothing came to my mind; later I came up with constant-time instructions.
Intel actually does define a subset of instructions whose execution
time does not depend on the input or output data, which is very
commendable, and allows to write constant-time code for defending
against plain old (non-speculative) side-channel attacks.[1] I have
not seen such a thing from other processor, ISA, or core
manufacturers, but I have not looked for it.
Constant instruction-execution time is (or was, last I heard) a
feature of the Mill architecture, and critical in the sense that
the compiler's instruction scheduling depends on knowledge of
those times, and wrong scheduling makes the computation fail.
In article <[email protected]>,
[email protected]d (Niklas Holsti) wrote:
Constant instruction-execution time is (or was, last I heard) a
feature of the Mill architecture, and critical in the sense that
the compiler's instruction scheduling depends on knowledge of
those times, and wrong scheduling makes the computation fail.
Mill appears to have been abandoned.
In article <[email protected]>,
[email protected]d (Niklas Holsti) wrote:
Constant instruction-execution time is (or was, last I heard) a
feature of the Mill architecture, and critical in the sense that
the compiler's instruction scheduling depends on knowledge of
those times, and wrong scheduling makes the computation fail.
Mill appears to have been abandoned.
They care production, which "generally includes any major stage of the process through which the device is made including manufacturing,
assembly, design, and development."
So, using ARM as the CPU for a router seems to be out; they are
UK-based. x86 CPUs are too power-hungry, so Intel and AMD are out.
MIPS is dead, as is SPARC. NXP might be able to revive PowerPC
for embedded applications in routers, but I somehow doubt it.
That pretty much leaves... RISC-V.
Thomas Koenig [2026-03-28 23:12:52] wrote:
They care production, which "generally includes any major stage of the
process through which the device is made including manufacturing,
assembly, design, and development."
So, using ARM as the CPU for a router seems to be out; they are
UK-based. x86 CPUs are too power-hungry, so Intel and AMD are out.
MIPS is dead, as is SPARC. NXP might be able to revive PowerPC
for embedded applications in routers, but I somehow doubt it.
That pretty much leaves... RISC-V.
They also say:
Is a router produced in the United States containing
foreign-produced components now “covered equipment” and prohibited
from FCC equipment authorization?
• Non-“covered” devices do not become “covered” simply because they
contain a “covered” component part, unless the “covered” component
part is a modular transmitter under the FCC’s rules. 47 CFR §§
2.903(b), 15.212.
• Therefore, a router produced in the United States is not
considered “covered” equipment solely because it contains one or
more foreign-made components.
which suggests to me that they may not care if the CPU is
produced elsewhere.
In any case, I highly doubt this is a decision based on security
concerns (esp since they exclude real routers used in infrastructure: "Routers" is defined by National Institute of Standards and Technology’s Internal Report 8425A to mean consumer-grade networking devices that are primarily intended for residential use and can be installed by the
customer).
MitchAlsup <[email protected]d> writes:
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in....
the face of current attack vectors
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
What kind of security do you think an ISA can provide or subvert and
what attack vectors do you have in mind?
At first nothing came to my mind; later I came up with constant-time instructions.
Intel actually does define a subset of instructions whose execution
time does not depend on the input or output data, which is very
commendable, and allows to write constant-time code for defending
against plain old (non-speculative) side-channel attacks.[1] I have
not seen such a thing from other processor, ISA, or core
manufacturers, but I have not looked for it.
One frequent use in constant-time code is to use a conditional move
instead of a branch, in the hope (or, I think, for Intel, with the
guarantee) that it will be constant-time. RV64I does not have a
conditional move, but maybe one of the extensions has conditional
moves.
They say "router" but then refer to "modular transmitter" and
further up it refers to "RF device":
On 2026-03-29 14:48, Anton Ertl wrote:
MitchAlsup <[email protected]d> writes:
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in...
the face of current attack vectors
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
What kind of security do you think an ISA can provide or subvert and
what attack vectors do you have in mind?
Mitch has described his protected return-address stack as a security >feature.
At first nothing came to my mind; later I came up with constant-time
instructions.
Intel actually does define a subset of instructions whose execution
time does not depend on the input or output data, which is very
commendable, and allows to write constant-time code for defending
against plain old (non-speculative) side-channel attacks.[1] I have
not seen such a thing from other processor, ISA, or core
manufacturers, but I have not looked for it.
Constant instruction-execution time is (or was, last I heard) a feature
of the Mill architecture, and critical in the sense that the compiler's >instruction scheduling depends on knowledge of those times, and wrong >scheduling makes the computation fail. The Mill is also claimed to be
immune to Spectre.
MitchAlsup <[email protected]d> writes:
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in...
the face of current attack vectors
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
What kind of security do you think an ISA can provide or subvert and
what attack vectors do you have in mind?
At first nothing came to my mind; later I came up with constant-time instructions.--- Synchronet 3.21f-Linux NewsLink 1.2
Intel actually does define a subset of instructions whose execution
time does not depend on the input or output data, which is very
commendable, and allows to write constant-time code for defending
against plain old (non-speculative) side-channel attacks.[1] I have
not seen such a thing from other processor, ISA, or core
manufacturers, but I have not looked for it.
One frequent use in constant-time code is to use a conditional move
instead of a branch, in the hope (or, I think, for Intel, with the
guarantee) that it will be constant-time. RV64I does not have a
conditional move, but maybe one of the extensions has conditional
moves.
Concerning routers, I expect that the software running on it comes
from the router manufacturer, so the kind of security offered by constant-time instructions probably is not very relevant.
[1] Of course, with Spectre all code that runs in the process where
the secret lies can be used to extract the secret, and using
constant-time code for the whole process is not practically feasible
unless the process does very little. Intel had not introduced a Spectre-immune CPU yet, which is reproachable after more then 8 years.
- anton
Thomas Koenig [2026-03-28 23:12:52] wrote:
They care production, which "generally includes any major stage of the process through which the device is made including manufacturing,
assembly, design, and development."
So, using ARM as the CPU for a router seems to be out; they are
UK-based. x86 CPUs are too power-hungry, so Intel and AMD are out.
MIPS is dead, as is SPARC. NXP might be able to revive PowerPC
for embedded applications in routers, but I somehow doubt it.
That pretty much leaves... RISC-V.
They also say:
Is a router produced in the United States containing
foreign-produced components now “covered equipment” and prohibited
from FCC equipment authorization?
• Non-“covered” devices do not become “covered” simply because they
contain a “covered” component part, unless the “covered” component
part is a modular transmitter under the FCC’s rules. 47 CFR §§
2.903(b), 15.212.
• Therefore, a router produced in the United States is not
considered “covered” equipment solely because it contains one or
more foreign-made components.
which suggests to me that they may not care if the CPU is
produced elsewhere.
In any case, I highly doubt this is a decision based on security
concerns (esp since they exclude real routers used in infrastructure: "Routers" is defined by National Institute of Standards and Technology’s Internal Report 8425A to mean consumer-grade networking devices that are primarily intended for residential use and can be installed by the
customer).
It's protectionism (and as Anton points out: combined with a nice
opportunity for bribes).
=== Stefan--- Synchronet 3.21f-Linux NewsLink 1.2
[email protected] (Anton Ertl) posted:1,2,3 and 6 irrelevant for devices that do not run arbitrary untrusted binaries.
MitchAlsup <[email protected]d> writes:
Given that RISC-V is "at least as insecure" as x86, x86-64, ARM in...
the face of current attack vectors
But perhaps an actually secure ISA (and rest of system) is being
given an advantage where funding might be secured.
What kind of security do you think an ISA can provide or subvert and
what attack vectors do you have in mind?
Spectr� family
Meltdown family
RowHammer family
Return Oriented Programming
Stack Smashing
High precision timer variances
Constant time evaluation
What kind of security do you think an ISA can provide or subvert and
what attack vectors do you have in mind?
Thomas Koenig <[email protected]> writes:
So, using ARM as the CPU for a router seems to be out; they are
UK-based.
According to the government of the USA (when they decided to forbid
certain ARM lincensing or somesuch to certain Chinese companies, ARM
is USA technology, and the fact that many core designs are coming out
of the design center in Austin (IIRC) gives some credibility to the
POV. OTOH, the ARM tax for any licensed cores or architectures goes
to ARM (UK) and through them to Softbank (Japan) and its investores,
wherever in the world they are, and that might be seen as a reason for counting even SoCs designed and manufactured in the USA, where the ARM
core was deigned in Austin as being a non-USA SoC.
x86 CPUs are too power-hungry
My Tremont-based office desktop uses less power than my router, so I
doubt that.
NXP might be able to revive PowerPC
for embedded applications in routers, but I somehow doubt it.
If it's good business for them, they probably can be convinced. But
NXP are have their headquarters in the Netherlands, so I doubt that
PowerPCs from them will count as US-based without a significant bribe.
- anton
| Sysop: | DaiTengu |
|---|---|
| Location: | Appleton, WI |
| Users: | 1,114 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 492511:54:20 |
| Calls: | 14,267 |
| Calls today: | 3 |
| Files: | 186,320 |
| D/L today: |
26,173 files (8,479M bytes) |
| Messages: | 2,518,387 |