Vertigo #$FF@csepp @wim_v12e @bugaevc @theruran @janneke In the case of the Lattice iCE40 parts, the programming flash is the same device as what a soft-core processor would boot from. So, it actually does have access to its own bitstream.
If the bitstream is programmed to treat the flash as ROM, then I don't think it would be backdoored without physical access. (This is why my Kestrel Computer Project mandated that the flash be treated as ROM, not as reprogrammable flash). But, if programming capability is provided, and the hardware doesn't bounds check, then it's conceivable that a new bitstream can be injected with bad-actor hardware.
Depending on the new hardware injected, it might evade detection by most end-users. The gate count required to exfiltrate data is relatively small (e.g. a wait-state generator that modulates its wait state count depending on data in a simple shift register).
All GNU social JP content and data are available under the