Open Hardware for Secure Networks And Privacy (OHSNAP)
This is the project page for OHSNAP, an open-source platform for building secure networks with a known root of trust.
Virtually all commercially-available networking equipment is proprietary and closed-source and cannot be independently verified to be free of malware. There have been documented cases of attackers – sometimes entire nation-states – physically modifying networking equipment and networkable devices in order to exfiltrate data and/or command & control otherwise-trusted systems. This leaves the average individual with little choice but to hope that their home network consists of and is secured by devices which do not phone home or contain other backdoors. Such a situation breaks the guarantee that the user's data and devices remain their sovereign property and instead places control into the hands of manufacturers and governments.
The goal of this project is to produce a completely open design and implementation for a network router with a verifiable root of trust. By making the hardware design, manufacturing process, and firmware and software stacks fully verifiable, it allows users to inspect the entire end-to-end flow of their data and to directly control some or all of the fabrication of the device in order to establish positive provenance.
The OHSNAP router will be a single-board computer running an open source firmware and OS. It will expose at least two Ethernet ports.
- No closed-source firmware or software allowed anywhere in the stack
- Implementation must be independently reproducible by third parties
- Factory-made PCBs must be physically produced in the USA
- Components should be as supplier-diversified as possible
March 20, 2021
In order to make forward progress on the hardware, we will choose OpenBSD as the initial operating system and an ARM-based architecture for the CPU. Users will be able to use their own ARM-compatible OS if they choose, including Linux and Plan9 (if software support is added).
We will first create a Software-Intent Proof of Concept (SIPoC), which will be an OpenBSD-based router running on a commercially available SBC. We may then want, as a Proof of Concept (PoC), to port the software stack to the Common Networks nodes at Noisebridge and begin deploying them across sites.
The first version of our custom hardware should be amendable to DIY manufacturing. This means no BGA parts. This severely restricts the list of CPUs/SoCs to older and lower-performance chips, limiting our capability to 100MBps initially. We'll expand this list as we discover more:
List of non-BGA ARM SoCs
- Current leading candidate: Nuvoton NUC980DR61Y - 64-eLQFP 0.5mm
- Pros: Low pin count, has 10/100 PHY, 64 MB on-die RAM
- Cons: No native OpenBSD/NetBSD support, no video out, RAM may be tight, 0.5mm pitch is tough with Voltera
- Open source sample code
- Reference schematics & design docs
- TI AM1705 - 176-PQFP 0.5mm
- NXP i.MX233 - 128-LQFP 0.4mm
- Allwinner V3s - 128-eLQFP 0.4mm
March 13, 2021
- Looking for secure communications platform for project collaboration. Element / Matrix look promising.
- Possibly partner with CircuitLaunch for local hardware builds?
March 6, 2021
Initial meeting. Discussed range of HW/SW design choices.
Tentative Project Stages
- SIPoC: OpenBSD router on commercial SBC
- PoC: SW stack on Common Networks
- Proto 1 build: Low-speed (10/100 Mbps) DIY version
- Full build: 1 Gbps
Possible Design Choices for Future Versions
- ARM/ARM64 SoC
- RISC-V SoC
- Specifically no Intel/compatible architectures due to poor security record
- OS / Application Code
- Alpine Linux
- Custom FPGA code
- Trusted manufacturers
- How to offer root-of-trust guarantees to non-DIY customers
We are currently (as of March 2021) meeting every Saturday at 14:00 PT (GMT-8) on the Noisebridge Jitsi video platform.