[dns-operations] Destroying HSMs

Geert Jan de Groot GeertJan.deGroot at xs4all.nl
Fri Feb 2 23:25:33 UTC 2018

As I work in the semiconductor industry, I have to do 
all kinds of safety training to actually be allowed to 
be in a semiconductor fab. 
While very, very tightly controlled, 
some of the stuff in there uses chemicals you really 
don not want to get in touch with. 

While many properties of, for instance,
the plastic housing compound of semiconductor chips, 
are tightly controlled, dremeling them and then expecting 
the dust to be harmless if breathed in isn't one of them.

May I suggest that these HSMs be used for tamper tests,
on audit camera feed, while doing tamper tests that would
"void the warranty"?
One would load them with fake keys, do the tamper action,
and verify that the fake key is indeed gone.

Keep in mind that if keys have rolled, the old keys,
even if accessible, should be worthless, or we'd have
a serious design issue.
I, frankly, don't see the need to uncontrollably 
create substances (dust or otherwise) just for the sake
of it.
And it would give opportunity to Do Stuff with this equipment
that one normally doesn't do with expensive stuff.

And before we get to "semiconductor industry and health" 
discussion, I can assure you that if you are in a facility 
with equipment worth tens or even hundered million dollar 
per tool, and having thirty or fifty of these in one place
(and those are the smaller facilities!) there are extensive,
extensive measures to avoid incidents, for the people working there
but certainly also for the equipment.
While I cannot go into details, I feel safer in-fab than on
the street.

Keep it safe,

Geert Jan

More information about the dns-operations mailing list