You can pay a company to fab a Leon3 or Leon4 for you. Leon3 is GPL with eASIC already supporting it in their Nextreme's. There's also Rocket RISC-V core that was fabbed on a 45nm SOI process. Do it on the same node with anything extra an external, swappable component on the PCB for supplier diversity. Additionally, Cambridge has FreeBSD running on a capability-secure version of 64-bit MIPS on FPGA's. It's called CHERI CPU and CHERIBSD. One might put that processor on an ASIC.
There's been many options but basically little individual, non-profit, or corporate work to make them happen. (shrugs)
Deep-packet inspection doesn't help if they leak along RF or covert channels in legit traffic. Catching RF leaks outside the most common spectrum is also something requiring expensive equipment and talent. The RF methods are in the TAO catalog as pre-built tools.
Yes - if we're going to include ultra-sonics, air-gap spanning networks, things of that nature... yeah, it gets very quickly into the range of nearly impossible to catch.
Especially if it's intermittent or simply passive. Then you could have an embedded issue for years and never know (I've long suspected that this could eventually be a problem for Defense companies)
I'm for different threat profiles with different schemes targeting them. We already have regular, security researchers and black hats hitting manipulation of flash, RAM cells, sound/speakers, and I/O firmware. It has to be in the threat model at least on the software side. Unfortunately, esp given the speeds of these things, mitigation probably demands new hardware either in general (eg custom RAM) or for detection (eg verifier of RAM's expected behavior). My old scheme of diverse, triple-redundant hardware with voting algorithms just can't match performance needed of modern workstations and servers in software alone. Maybe not FPGA's either.
The thing that really scares me, as a fortunately ex-security guy, is the fact that everywhere I've worked for the last 10 years people are super casual about keyboards and mobiles.
Mobile phones are an amazing platform to do... well, almost anything. There are some areas where their possession is restricted, though I suspect a motivated party could sneak a stripped down mobile device into nearly anywhere.
Keyboards, on the other hand. Wow. I've seen even airgapped systems have random keyboards right off the pallet slapped onto them. These sit in racks for months or years, then get tossed usually to a recycler, a donation program, stolen, or just thrown into a dumpster.
Considering how much tech is in a keyboard, and how much volume it has, you could place nearly anything in there and possibly go ages without catching on.
A scenario that I recently pointed out as a 'thought exercise' was a refitted USB keyboard with a microphone, pinhole camera, and simple keylogger+screenshot engine that contained an intermittent RF/wifi/bluetooth/ultrasonic network. Programmed to dump its payload whenever an individual passed nearby and triggered it remotely.
Such a trojan could sit in a datacenter or conference room for years completely unnoticed. The data it captured transmitted only to the cleaning crew or whatever.
Worse yet, such a device could also pass instructions to the system it was attached to as an actual USB device.
You could fit a lot of horsepower in an innocuous Dell or MS or whatever mass-produced keyboard. Toss it into a top level conference room for corporate espionage, toss it into a data center for more direct trouble, whatever.
Scary thought, and I think part of why I still use the same keyboard I've had since 1997 ;)
"Considering how much tech is in a keyboard, and how much volume it has, you could place nearly anything in there and possibly go ages without catching on."
You're thinking on the right lines. I've thought of weaponizing them, too. Main reason most don't is someone might look inside one. Even if it's not the target, finding something obvious could make the news with result that attack no longer works. That's why NSA weaponizes the USB connectors themselves. I do think there's room for doing what NSA is doing in a mobile-style SoC that replaces main MCU of the keyboard with same labeling. People would be none the wiser unless carefully measuring electrical properties.
" and I think part of why I still use the same keyboard I've had since 1997 ;)"
Haha. I keep updating but I stopped trusting the computers a while back. Far as subversion, most PC-level subversions seem to have started close to 2000 with NSA's programs kicking in around 2004. So, I recommend people use pre-2004 or pre-2000 tech. Plenty of usable stuff in that category.
The point is - it's about the only way to do a real actual code audit on what your processor is doing.