Announcement

Collapse
No announcement yet.

Linux 4.17 To Likely Include Intel DRM Driver's HDCP Support

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by chilinux View Post

    In general, HDCP is marketed as being everywhere. In reality, HDCP 2.2 is *NOT* backward compatible with earlier versions of HDCP since earlier version have been known to have security flaws. Also, based on my understanding, some of the licensing terms make it close to impossible to provide an update from HDCP 2.1 to HDCP 2.2 simply via a software or firmware upgrade. Since it also only needs to be on when playing content that a compliant video player demands it be on for, it usually is off. And since HDCP 2.2 was only just released in 2013, to avoid customer confusion, some streaming providers seem to be avoiding demanding it be enabled until there is more adoption. It is also more likely you will run into problems if you are attempting to play back at UHD/4k since that seems to be the quality level hollywood seems to be the most protective of.

    What I imagine will happen in the future if you don't have this patch is at some point you will attempt to play a streaming video and get an error code or a message indicating your hardware doesn't support the the protection level required to play the video. It should be similar to the issues you would have right now if you disabled Widevine CDM in your web browser. In fact, it is probably Google Widevine or Adobe Primetime which will be the primary userspace plugins which will be talking to this patch.
    Well, I have never enabled any DRM video playback and choose to avoid "compliant" video players. I have had plenty of sites not show video because ads are blocked, 3ed party cookies are blocked etc, but never because DRM is not enabled. Of course, I've never even been to the landing page of a paid movie or music site, so probably I would never see this. I would never host my public news videos on a site that made a serious effort to block downloads, much less local copies being made.

    Thus the only possible use I would have for this (thus only reason to include it in my kernel builds) would be if I were repurposing the code to do something with my own keys such as some form of encrypted video chat (video other than public) with no easy way for malware to screenshot and export private content. Screenshots would work when I want them to, not when an enemy trying to break into my system wants them to. This of course is of value only if exporting screenshots is significantly easier than remotely installing keyloggers and camera bugs.

    From Hollywood's viewpoint, it's easier to crack HDCP than it is to root movie studio computers or steal physical copies from vaults. For dissidents or porn affectionados having a private video chat, this may not work out quite the same. Posession is root, and a computer, phone, or tablet left in an empty hotel room is vulnerable to all sorts of well known attacks, notably hardware keylogger installation in a laptop. Most of the folks using the chat would have better things to do than surf tech sites to keep up with the latest threats and patch on a daily basis, while movie studios can afford to pay people to do exactly that. Hell, they still get cracked, so for the general public matters are even worse.

    The other problem of course is that it may not be possible to re-use HDCP's hardware support or any other hardware DRM setup (PSP I'm looking at you) with keys that can themselves be trusted for this sort of thing. I know we have things like Signal being able to turn off screenshots by default on Android, but I don't know if that's just telling normal screenshot programs not to run, marking some RAM as private(possibly reusing something written for DRM purposes?), or something more robust.

    Comment


    • #12
      I just want to leave this here:
      Linux being libre, nothing prevents you from patching out the HDCP code.
      The same argument produces this: nothing is preventing you to patch the kernel in such a way that the syscall succeeds, but HDCP stays disabled. Userspace software has no way of accessing the GPU directly to query the state of HDCP. Or am I missing something?

      Comment


      • #13
        HDCP can go die, it really just doesn't work so why bother! ?

        Comment


        • #14
          Originally posted by Serafean View Post
          I just want to leave this here:
          Linux being libre, nothing prevents you from patching out the HDCP code.
          The same argument produces this: nothing is preventing you to patch the kernel in such a way that the syscall succeeds, but HDCP stays disabled. Userspace software has no way of accessing the GPU directly to query the state of HDCP. Or am I missing something?
          They will probably get such a guarantee. Challenge-response to the GPU to verify HDCP being active. As Michael says, it's just one part of the puzzle, what's coming after will be the real threat.

          Comment


          • #15
            Originally posted by chuckula View Post

            Let's stand up to AMD for forcing HDCP down our throats ILLEGALLY: https://www.phoronix.com/scan.php?pa...ty-HDCP-Branch

            Oh wait I forgot. It's only bad when Intel does something. When AMD does it not one peep of complaint because "magic".
            Forcing? First things first, this is a separate branch, not prep-ed for mainline, and second, though I'm not familiar with the team working on this, AFAIK HDCP can be disabled. Adding functionality does not translate to "forcing" you to use it last time I checked. From what I understand, some customers are asking for this, so I don't see why not add the capability if it's already supported by the hardware.

            The truth is that at the end of the day, if content providers are pressured into requiring HDCP, they are going to do it regardless of whether or not your system supports it or has it enabled.

            Comment


            • #16
              Fine, if the content creators don't want my money then I will happily spend it elsewhere.

              Comment


              • #17
                Originally posted by Mystro256 View Post
                The truth is that at the end of the day, if content providers are pressured into requiring HDCP, they are going to do it regardless of whether or not your system supports it or has it enabled.
                Nobody says we have to buy paid media at all. What I would be more concerned about would be if video sharing and social media sites tried to prevent users from allowing other users to download or otherwise capture their files. In activist video this would make it much easier for a takedown demand against a single website combined with the arrest of the orginal poster to kill all availability of an important video (say, one showing Trump pinching someone's ass) as fewer backup copies would exist in third party hands.



                Comment


                • #18
                  Originally posted by Creak View Post
                  I thought HDCP was, like, everywhere now (displays, GPU, etc...).
                  How come Linux works without this code already in the kernel?
                  HDCP is only enforced by media with DRM/encryption.

                  Comment


                  • #19
                    Originally posted by Danny3 View Post
                    Why am I not allowed to see what's going on between my devices that I own?
                    Because you don't own the media. You own only the right to see the media from that specific support in the specific situations you are allowed to.

                    All infrastructure in the hardware you buy is because of that. You don't own the content, you only have limited rights to view that multimedia content.

                    Who is HDCP protecting, me or the greedy companies?
                    Neither, it only causes device retrocompatibility issues. Which benefits mostly hardware manufacturers and technicians/nerds that can fetch them some boxes that override that bullshit for a honest price.

                    I want my freedom!
                    Stop buying crap and deluding yourself you own it when in fact you don't.

                    Paying for something does not automatically mean you can do whatever you want, wherever you want, with said product. Like for example guns. Or realistic smooth silicone reproductions of male sexual organs. Or cars.

                    Comment


                    • #20
                      Originally posted by Serafean View Post
                      I just want to leave this here:
                      Linux being libre, nothing prevents you from patching out the HDCP code.
                      The same argument produces this: nothing is preventing you to patch the kernel in such a way that the syscall succeeds, but HDCP stays disabled. Userspace software has no way of accessing the GPU directly to query the state of HDCP. Or am I missing something?
                      HDCP relies on specialized hardware inside the iGPU/card answering and taking over the media stream. It's stuff that requires signed blobs to work (on Intel/AMD/Nvidia), which Intel/AMD usually provide, or are already embedded in the hardware itself. And/or relies on Intel ME (PlayReady DRM uses a ME module to ensure "security").

                      Where HDCP is total crap is in the protocol and spec itself, not the hardware protecting the media in the user PC. That part usually holds water well enough.

                      Comment

                      Working...
                      X