News

3588 Articles

Your Own Open Source ASIC: SkyWater-PDK Plans First 130 Nm Wafer In 2020

June 30, 2020 by 51 Comments

You might have caught Maya Posch’s article about the first open-source ASIC tools from Google and SkyWater Technology. It envisions increased access to make custom chips — Application Specific Integrated Circuits — designed using open-source tools, and made real through existing chip fabrication facilities. My first thought? How much does it cost to tape out? That is, how do I take the design on my screen and get actual parts in my hands? I asked Google’s Tim Ansel to explain some more about the project’s goals and how I was going to get my parts.

The goals are pretty straightforward. Tim and his collaborators would like to see hardware open up in the same way software has. The model where teams of people build on each other’s work either in direct collaboration or indirectly has led to many very powerful pieces of software. Tim’s had some success getting people interested in FPGA development and helped produce open tools for doing so. Custom ASICs are the next logical step.

Continue reading “Your Own Open Source ASIC: SkyWater-PDK Plans First 130 Nm Wafer In 2020”

Updating The Language Of SPI Pin Labels To Remove Casual References To Slavery

June 29, 2020 by 287 Comments

This morning the Open Source Hardware Association (OSHWA) announced a resolution for changing the way SPI (Serial Peripheral Interface) pins are labelled on hardware and in datasheets. The protocol originally included MOSI/MISO references that stand for “Master Out, Slave In” and “Master In, Slave Out”. Some companies and individuals have stopped using these terms over the years, but an effort is being taken up to affect widespread change, lead by Nathan Seidle of Sparkfun.

The new language for SPI pin labeling recommends the use of SDO/SDI (Serial Data Out/In) for single-role hardware, and COPI/CIPO for “Controller Out, Peripheral In” and “Controller In, Peripheral Out” for devices that can be either the controller or the peripheral. The change also updates the “SS” (Slave Select) pin to use “CS” (Chip Select).

SPI is widely used in embedded system design and appears in a huge range of devices, with the pin labels published numerous times in everything from datasheets and application notes to written and video tutorials posted online. Changing the labels removes unnecessary references to slavery without affecting the technology itself. This move makes embedded engineering more inclusive, an ideal that’s easy to get behind.

[2022 Editor’s Note: The OSHWA changed its recommended naming to PICO/POCI for “Peripheral In, Controller Out” and “Peripheral Out, Controller In”. Fine by us! I’ve updated this throughout the rest of the article because it doesn’t change Mike’s original argument at all.]

Continue reading “Updating The Language Of SPI Pin Labels To Remove Casual References To Slavery”

Ask Hackaday: What Can Be Done With Your Bootlooping Blu-Ray?

June 26, 2020 by 159 Comments

Last Friday, thousands of owners of Samsung Blu Ray players found that their home entertainment devices would no longer boot up. While devices getting stuck in a power-cycling loop is not uncommon, this case stands out as it affected a huge range of devices all at the same time. Samsung’s support forum paints a bleak picture, with one thread on the issue stretching to 177 pages in just a week.

So what is going on, and what can be done to fix the problem? There’s a lot of conflicting information on that. Some people’s gear has started working again, others have not and there are reports of customers being told to seek in-person repair service. Let’s dive in with some wild speculation on the problem and circle back by commiserating about the woes of web-connected appliances.

Continue reading “Ask Hackaday: What Can Be Done With Your Bootlooping Blu-Ray?”

This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords

June 26, 2020 by 13 Comments

[Wladimir Palant] seems to be on a one man crusade against security problems in security software. The name may not be immediately recognizable, but among his other infamies is originating Adblock Plus, which we have a love-hate relationship with. (Look, surf the net with an adblocker, but disable it for sites you trust and want to support, like HaD).

This week, he announced a rather serious flaw in the Bitdefender. The disclosure starts off with high praise for the Bitdefender: “security-wise Bitdefender Antivirus is one of the best antivirus products I’ve seen so far….” Even with that said, the vulnerability he found is a serious one. A malicious website can trigger the execution of arbitrary applications. The problem was fixed in an update released on the 22nd.

Image by Wladimir Palant, CC BY-SA 4.0

The vulnerability is interesting. First, Bitdefender uses an API that was added to web browsers specifically to enable security software to work without performing man-in-the-middle decryption of HTTPS connections. When a problem is detected, Bitdefender replaces the potentially malicious page with it’s own error message.

Because of the way this is implemented, the browser sees this error message as being the legitimate contents of the requested site. Were this a static page, it wouldn’t be a problem. However, Bitdefender provides an option to load the requested page anyway, and does this by embedding tokens in that error page. When a user pushes the button to load the page, Bitdefender sees the matching tokens in the outgoing request, and allows the page. Continue reading “This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords”

iPhone pictured with a lock

Is Anything Really Private Anymore?

June 26, 2020 by 53 Comments

In the connected age, every day it appears privacy is becoming more and more of an idealistic fantasy as opposed to a basic human right. In our latest privacy debate per [TechCrunch], apparently the FBI is taking some shots at Apple.

You may recall the unfortunate events, leading the FBI to ask Apple to unlock an iPhone belonging to a person of interest. Apple did not capitulate to the FBI’s request on the basis of their fundamental commitment to privacy. The FBI wasn’t really thrilled with Apple’s stance given the circumstances leading to the request. Nevertheless, eventually, the FBI was able to unlock the phone without Apple’s help.

You may find it somewhat interesting that the author of the news piece appears to be more upset with the FBI for cracking the phone than at Apple (and by extension other tech companies) for making phones that are crackable to begin with.

Maybe we should take solace in knowing that Apple stood their ground for the sake of honoring their privacy commitment. But as we saw, it didn’t really matter in the end as the FBI was able to hire a third party to help them unlock the phones and were later able to repeat the process in-house. The article also noted that there are other private companies capable of doing exactly what the FBI did. We understand that no encryption is 100% safe. So it begs the question, “Is anything really private anymore?” Share your thoughts in the comments below.

Teardown Of The Singaporean COVID-19 TraceTogether Token

June 25, 2020 by 63 Comments

A large part of fighting against the SARS-CoV-2 pandemic is the practice of contact tracing, where the whereabouts of an infected person can be traced and anyone who has been in contact with that person over the past days tested for COVID-19. While smartphone apps have been a popular choice for this kind of tracing, they come with a range of limitations, which is what the TraceTogether hardware token seeks to circumvent. Now [Sean “Xobs” Cross] has taken a look at the hardware that will be inside the token once it launches.

The Simmel COVID-19 contact tracer.

Recently, [Sean] along with [Andrew “bunnie” Huang] and a few others were asked by GovTech Singapore to review their TraceTogether hardware token proposal. At its core it’s similar to the Simmel contact tracing solution – on which both are also working – with contacts stored locally in the device, Bluetooth communication, and a runtime of a few months or longer on the non-rechargeable batteries.

The tracing protocol used is BlueTrace, which is an open application protocol aimed at digital contact tracing. It was developed by the Singaporean government, initially for use with their TraceTogether mobile app.

This smartphone app showed a number of issues. First is that Apple does not allow for iOS apps to use Bluetooth in the background, requiring the app to be active in the foreground to be useful. Apple has its own tracing protocol, but it does not cover the requirements for building a full contact graph, as [Andrew] covers in more detail. Finally, the app in general is not useful to those who do not have a recent (compatible) smartphone, or who do not have a smartphone at all.

A lot of the challenges in developing these devices lie in making them low-power, while still having the Bluetooth transceiver active often enough to be useful, as well as having enough space to store interactions and the temporary tokens that are used in the tracing protocol. As Simmel and the TraceTogether tokens become available over the coming months, it will be interesting to see how well these predictions worked out.

Creating A Custom ASIC With The First Open Source PDK

June 25, 2020 by 23 Comments

A process design kit (PDK) is a by now fairly standard part of any transformation of a new chip design into silicon. A PDK describes how a design maps to a foundry’s tools, which itself are described by a DRM, or design rule manual. The FOSSi foundation now reports on a new, open PDK project launched by Google and SkyWater Technology. Although the OpenPDK project has been around for a while, it is a closed and highly proprietary system, aimed at manufacturers and foundries.

The SkyWater Open Source PDK on Github is listed as a collaboration between Google and SkyWater Technology Foundry  to provide a fully open source PDK and related sources. This so that one can create manufacturable designs at the SkyWater foundry, that target the 130 nm node. Open tools here should mean a far lower cost of entry than is usually the case.

Although a quite old process node at this point (~19 years), it should nevertheless still be quite useful for a range of applications, especially those that merge digital and analog circuitry. SkyWater lists their SKY130 node technology stack as:

  • Support for internal 1.8V with 5.0V I/Os (operable at 2.5V)
  • 1 level of local interconnect
  • 5 levels of metal
  • Inductor-capable
  • High sheet rho poly resistor
  • Optional MiM capacitors
  • Includes SONOS shrunken cell
  • Supports 10V regulated supply
  • HV extended-drain NMOS and PMOS

It should be noted that use of this open source PDK is deemed experimental at this point in time, and should not be used for any commercial or otherwise sensitive applications.

Header image: Peellden/ CC BY-SA 3.0