[dns-operations] Destroying HSMs
Geert Jan de Groot
GeertJan.deGroot at xs4all.nl
Fri Feb 2 23:25:33 UTC 2018
As I work in the semiconductor industry, I have to do
all kinds of safety training to actually be allowed to
be in a semiconductor fab.
While very, very tightly controlled,
some of the stuff in there uses chemicals you really
don not want to get in touch with.
While many properties of, for instance,
the plastic housing compound of semiconductor chips,
are tightly controlled, dremeling them and then expecting
the dust to be harmless if breathed in isn't one of them.
May I suggest that these HSMs be used for tamper tests,
on audit camera feed, while doing tamper tests that would
"void the warranty"?
One would load them with fake keys, do the tamper action,
and verify that the fake key is indeed gone.
Keep in mind that if keys have rolled, the old keys,
even if accessible, should be worthless, or we'd have
a serious design issue.
I, frankly, don't see the need to uncontrollably
create substances (dust or otherwise) just for the sake
And it would give opportunity to Do Stuff with this equipment
that one normally doesn't do with expensive stuff.
And before we get to "semiconductor industry and health"
discussion, I can assure you that if you are in a facility
with equipment worth tens or even hundered million dollar
per tool, and having thirty or fifty of these in one place
(and those are the smaller facilities!) there are extensive,
extensive measures to avoid incidents, for the people working there
but certainly also for the equipment.
While I cannot go into details, I feel safer in-fab than on
Keep it safe,
More information about the dns-operations