A computer with provable immunity against hacking ------------------------------------------------- Dauug|36 is an open-source minicomputer for critical infrastructure, where the end user has the final say in all design and manufacturing aspects of the hardware. Unlike contemporary computers that contain non-inspectable, proprietary semiconductor complex logic such as microprocessors, FPGAs, PLDs, and ASICs, the Dauug|36 architecture is built using surface-mount technology using only simple, generic components with dependable characteristics. Inside its security perimeter, a Dauug|36 contains only these logic elements: * buffer inverter AND OR NAND NOR XOR D flip-flop SRAM It is this last component, synchronous static RAM or SRAM, that makes Dauug|36 a competitive machine for many of today's applications. The architecture is entirely open-source, and physical inspection of an assembled system requires only millimeter-scale visual observation and continuity testing. Only maker-scale assembly tools are necessary, allowing the builder to use hot air hand soldering with tweezers, a reflow oven with a small pick-and-place machine, or any combination. Neither a semiconductor foundry nor purchased VLSI complex logic are involved in sourcing the minicomputer. Dauug|36 security benefits - - - - - - - - - - - - - Dauug|36 was designed from scratch to exclude exploitable hardware defects, whether they originate in longstanding custom (e.g. arithmetic wraparound), undue complexity (e.g. RowHammer, Spectre, Meltdown), or intentional backdoors (e.g. Clipper). There is no dependence on foreign countries---regardless of where you are---or semiconductor companies for trustworthiness, because the system owner's own soldering and firmware determines the logical connectivity and operation of the computer. There isn't a microprocessor or anything like one anywhere in the design. Compare the following Dauug|36 characteristics to any other computer architecture on the planet, and decide for yourself. * Sticky, consistent overrange flag for arithmetic Stratified opcodes for heterogeneous register signedness No privilege escalation via stack No access to stack except via `CALL` and `RETURN` variants Code and stack memory inaccessible via `LD` and `STO` opcodes No branch to addresses not hardcoded in `CALL` or `JUMP` Faultless paged virtual memory without overcommit No privilege escalation via CPU No DRAM or DRAM-associated vulnerabilities No VLSI complex logic except in attached peripherals Every peripheral isolated to its own bus and buffer memory No CPU persistent state except for one firmware IC No MEMS oscillator for age- and frequency-selected attacks No firmware modification without physical access No parts that can’t be hand-soldered and probed afterward No secret functionality No unexplainable S-box constants No vendor lock-in No encrypted or closed-source firmware No license fees to build, use, or modify No purpose-of-use limitations No planned obsolescence No right-to-repair infringements Dauug|36 specifications - - - - - - - - - - - - T 1 /table want-loose-left /mark t -------------------- - --------------------------- System classification solder-defined minicomputer Logic family SRAM with 74AUC Memory protection paged virtual memory Multitasking cooperative or preemptive Word size 36 bits CPU speed 10 MIPS Number of opcodes 190 and counting Maximum code RAM 4Mi × 36 bits Maximum data RAM 8Mi × 36 bits Registers per program 512 Programs ready to run 256 I/O buses planned: SPI and I****2****C Hardware license CC BY 4.0 Intl. Firmware license CC BY 4.0 Intl. Operating system Osmin or owner-supplied Design lifespan 30 years Manufacturer anyone Dauug|36 limitations - - - - - - - - - - Because Dauug|36 is built at human-visible scale, the speed of light and capability of the underlying components produce a different kind of computer than any other on the planet. Compared to recent single-board computers, a Dauug|36 minicomputer is larger (about 25 x 25 cm), more costly ($1,000--$2,000), slower (about 16 million instructions per second, or MIPS), offers less primary storage (4 Mi x 36 bits code + 8 Mi x 36 bits data), and requires more power (10 watts estimated). Moreover, Dauug|36 breaks compatibility with every prior computer on the planet so that its design can be correct. But for applications where these drawbacks are acceptable (and there are more than most people realize), provable immunity to hacking makes this architecture very attractive.