[PLUG-TALK] Open Source Integrated Circuits

Keith Lofstrom keithl at kl-ic.com
Tue Aug 14 15:20:59 PDT 2018

While I would love to help make true open source hardware,
down to the chip transistor level, that is too expensive. 
It is far easier to take apart a chip, perhaps even modify
it, than it is to build one from scratch.

We should begin by opening the hardware we have; TAKE IT
APART and see how it works.  Take out the boards, trace
the wires, and make netlists.  Share the results; it is
the Hacker Way.

Write simple software tools to explore and understand
netlists (text descriptions of wiring); 2D box-and-line
schematics are almost impossible to use for big circuits.
A distracting anacronism.  Transform hardware into code.

Add wires, measure signals, inject signals.  I'm sure there
are DMCA rules against this, but they can only prosecute
you if they can find you.  VOID WARRANTIES.

CPU chips are thinned and mounted in packages face-down,
heatsink up.  Silicon is infrared transparent; transistors
are too small to see with IR, but you can map their
neighborhoods precisely, from the back of a polished chip.

With automated home-lab tools, you could slowly plane down
the chips through the backside until the bottoms of the
transistors are exposed.  If the chips are built on
"epitaxial" wafers, you can etch away all the bulk silicon
chemically, leaving a few micrometers of active circuitry
unetched.  Keep peeling until the transistors are exposed,
then the wires connecting them. 

You will probably need something like an atomic force
microscope to image the fine details; some hackers build
AFMs.  Modern chips are trillions of "pixels" in multiple
planes.  This will take time.

Then the REAL fun begins.  Learn about focused ion beam
(FIB) milling systems; build or buy some.  $$$$, though
ten-year-old ones might be available as scrap.  Perhaps
some hardware hackers can build FIBs, too.

Probe, modify, and rewire the chips.  This is far more
audacious than rewiring boards.  You will be drilling down
through an entire chip, and cutting insulated wiring
channels on the heatsink surface of the chip.  You might
need to slow the system clock (your added wires will be
slow), and run the chips cold so that leakage doesn't
discharge "dynamic nodes" too quickly.

All this is a lot of work, but DAMN, wouldn't it be COOL
to have a complete netlist for every chip in your house,
produced in collaboration with dozens of hackers like
yourself?  You would be the Emperor of Hackers if ALL
your systems had wire-mod chips, with bugs and copyright
protection "features" disabled.

I wonder what it would take to disable the timing
instruction used by the Meltdown exploit?  Probably
just drilling down and zapping a single transistor. 
That would not reduce speed. 

This isn't real manufacturing of open source integrated
circuits, merely a few effective first steps towards
control and true ownership of our hardware.


P.S.  Silicon manufacturing uses some NASTY chemicals, like
silane gas and hydrofluoric acid.  Teardowns might also. 
Experiments with "earth friendly" chemical alternatives
may be a necessary "zeroth" step.

Keith Lofstrom          keithl at keithl.com

More information about the PLUG-talk mailing list