(Rant) Doing business, such as our military with China, is like drinking strong poison and hoping it won't kill us. But since we don't manufacture all too many of our own goods any more, we outsource...even to those we know canbe/are our enemies in too many instances.
There is always an extra price to be paid for relying on somebody else to make something for you that you could have made yourself: the risk that he will intentionally make such a thing to his own advantage and to your expense. Sometimes that results in your having set up a competitor who ultimately takes away your markets, sometimes it builds up the strength of that supplier to such an extent that he then "calls the shots", or sometimes it enables him to intentionally do self-interested things to your product that could lead to your ultimate destruction. This is why, for any business, it's so critical to carefully evaluate this 'extra price' before outsourcing anything. Unfortunately we've now reached the point, after thousands or millions of decisions to offshore our production (especially all things electronic), where we no longer call most of the shots... and some might even argue we can now only call very few of the shots. In things that impact national security, that's an extremely dangerous place to be. -- The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. A. de Tocqueville
From a person in the industry: Some reporters took some pretty questionable information and ran with it. First of all, 99% of chips are not made in China -- especially "important" chips like DSPs, modern CPUs, large-scale gate arrays, and the like. China makes glue logic: buffers, logic gates, line drivers, level translators, etc. And even if they were doing the fab for foreign-designed CPUs, nobody in their right mind would ever give them uncompiled gate-level source to work from. They'd have the compiled output, which could never be modified in a zillion years. If someone were to attempt a die-level modification to an IC design, it would probably fail to work. And if the hack had any purpose at all, it would have to be routed in some way to the chip's pins, in which case it would be detectable immediately via boundary-scan testing, which is standard verification procedure, and would be rejected at the first-article approval stage.
My guess is that somebody raised the alarm about complex ICs (made outside China) having JTAG programming and testing ports on chip. These ports are used for production programming and verifying the chip in-system and it certainly is a point of vulnerability, where a determined hacker could inject malicious code. And that's you always write code that boots from secure serial EEPROM or Flash, runs in trusted memory sectors, and watches the program counter like a hawk to make sure nothing from outside the trusted zone gets pre-fetched, fetched, decoded, or executed.
... My guess is that somebody raised the alarm about complex ICs (made outside China) having JTAG programming and testing ports on chip ...
Like the reports last Spring about the JTAG-related alleged "backdoor" in the Actel ProAsic3 FPGA and their Fusion, Smartfusion, and Igloo lines? -- The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. A. de Tocqueville
Hi, Why am I not surprised. China has destroyed the West's ability to manufacture most goods, and then they develop such malevolent systems to destroy our societies in order to subjugate us. We must stop the rot, and redevolop our industrial systems.