Does the device use any chips made in China?
Its open hardware, so take a look on the specifications. You also did not say which device
I did not say because I want to know which of the hardware is free of that security risk. However, I did place this in the Turris Omnia category. However, I realize that the forum is poorly laid out and confusing.
Still, even looking at the specs, how would anyone know where they were manufactured?
You can ask the guys from Turris technical support. Would be nice of you posted the answer you got here.
On the other hand side: I assume most of the hardware is produced in China, but what are the implications of that? There are simply no alternatives, right?
What makes you believe that Taiwanese or Korean or American chips are bug/backdoor-free? And what about your compiler?
That is not to say, that the Chinese government might not have the effective control and motivation to backdoor chips, just to remind us, that avoiding Chinese components by itself will not lead to complete risk removal.
I thought everyone knew. The fact is that it is highly likely that the government of China is requiring every chip maker to insert back doors into the chips made there. That may be also in Hong Kong and the Philippines too.
Such is not the case with those made elsewhere. We should support the better products.
While I am fully willing to believe that there are no chinese backdoors inserted in foundries outside of mainland China, I do not entertain the idea that nobody else inserts backdoors of their own. BTW, it typically is heaps and bounds simpler to insert backdoors in software or even in cryptographic standards than in silicon, and from an enduser perspective it does not matter that much, whether your network was taken over remotely due to adversarial pieces of silicon or adversarial pieces of software in say a firmware blob…
From a security perspective, I believe a safer approach might be to assume back-dooring of almost all components and aim for mitigation strategies that do not relay on only running trusted silicon, no?
It is irrelevant in which country the chip is made, but what company designed and constructed it.
Quite so. I should have said that it is not the case because there have been no reported instances in the news. Not to say it can’t happen.
However, please allow me to add an important point. Whatever hardware we use cannot be changed by us. But the software we use is changeable simply by using a more reputable source.
Not true. Never trust an authoritarian regime.