Announcement

Collapse
No announcement yet.

An AMDGPU Branch For Security PSP / HDCP Support

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Open sourcing as much as possible with regard to these DRM (Digital Rights Management) schemes is good in the long run. It will enable others to figure out chinks in the armor and make these anti-user schemes the expensive wastes that they are.

    Comment


    • #12
      Originally posted by Klassic Six View Post
      This sucks, features like HDMI audio and FreeSync still far from merging in the kernel. I'm okay with current driver and everything but why I can't use the basic features of my GPU just because I'm choose Linux? are we payed less than a Window$ user? and yes I know about David Airlie's respond
      I spoke to Bridgman and a few others the other day about this. I don't personally work on that team, but it seems resources are limited but progress is being made. I was speaking with one of the higher ups (I'm just an engineer not one of those fancy people) and he said they're aiming on producing something that is upstream-able, as maintaining it outside the kernel is a pain.

      In other words (TLDR), it's going to happen, just I have no idea how long it will take.
      Last edited by Mystro256; 20 December 2016, 08:05 PM.

      Comment


      • #13
        Hopefully this will never make it into the Linux kernel. I would be fine if it's just for AMDGPU-Pro, but I don't want any copy protection crap on my computer.

        Comment


        • #14
          Originally posted by Mystro256 View Post



          I'm not sure what BFU stands for, but the implementation isn't for most FOSS end users. It doesn't work if the OS and HW aren't locked down all the way from boot (i.e. HW based Secure boot) to the monitor connection (HDCP). If you break the chain anywhere, the PSP just shuts down and disallows protected content if the vender (Hulu, Netflix, etc.) requests it. For example, this is needed for 4K on Netflix to work; every company has it's desired security level we need to implement various levels of widevine (Linux) and Playready (Windows) to meet these needs.

          As I said, it's not forced on anyone, it's just implemented. If your system is one of those OEM locked down systems, it will work, but if your system is customized in anyway, it's just a dead code path that doesn't affect you what so ever, aside from venders denying you content because you don't have the DRM available.

          Realistically we have Windows and Linux customers that pay us money to implement it, so we implement it. Not having it available in Linux is just silliness, as these Linux customers in turn fund a lot of development of the AMDGPU (as in FOSS) driver.

          EDIT: Note that widevine does work without the PSP or other HW equivalent, but at in a "lower security mode". Some some vendors allow it, such as netflix, but will likely limit your connection; for example, I believe Netflix will limit your quality settings depending video you select (I'm assuming depending on the movie studio) and probably also throttle your connection.
          Thanks for explaining all that, always nice to get comments from driver developers

          As far as I know Netflix limits video playback to 720p on Widevine (low security mode?). You need a Microsoft browser or a locked device (like a PS3) to get 1080p and more.

          Will the CPU boot at all if the PSP is disabled somehow in the BIOS? That's the main complain with modern Intel machines, at it will reboot itself if the Intel Management Engine wasn't initialized by the firmware.

          Comment


          • #15
            I wish that when PSP was not intentionally used it was possible to verify that it was all the way off, staying off-and that it had not changed any part of your boot path by say, activating a keylogger to get your disk encryption passphrase. It may be that it does not, but I cannot verify that. In my case it is intentional that my machines cannot be trusted by netflix or any DRM content provider. A computer cannot be trusted by two or more mutually opposing parties even with open code, so long as any one of those parties can change the code or run their own code. I need to trust my computer and anyone who knows my systems knows that they cannot run Netflix or any similar content site and that I don't even want such sites connecting to my machines on the assumption that they might attempt to database hardware information. The only reason I don't 127.0.0.1 all of them out in /etc/hosts is that emails and other websites don't link to netflix and attempt to load netflix sharing buttons like they do with Facebook and Google. I do in fact block both Facebook and Google due to the sharing buttons and routine embedding and linking of those sites. Those I know who use my systems and also use things like Netflix exile the latter to dedicated systems doing nothing else, on a "free software for free uses, pay software for paid content" model. Lastly, I would remind the movie studios that Bittorrent works just fine on fully free systems-and that Internet regulation will only spur a future of impenetrable onion-routed encrypted darknets. Those will give utter filesharing impunity for all and could put things like netflix and maybe even the movie studios out of business entirely. Hollywood should focus on the actual movie theater only, in resolutions so large a download would take a month and a corrupt theater employee would be the only source of a rerender to a sharable resolution. This is rather like the way my limited Internet bandwidth means no online attacker could attempt to exfiltrate my raw clips without saturating the connection and giving himself away.

            Comment


            • #16
              Originally posted by triangle View Post
              Can't wait till someone cracks/hacks/leaks the golden keys to the PSP or IME.
              Unnecessary, easy way to get pirated content is using a random chinese HDCP spoofer you can buy for cheap, because HDCP is bullshit.

              Comment


              • #17
                Originally posted by jf33 View Post
                Hopefully this will never make it into the Linux kernel. I would be fine if it's just for AMDGPU-Pro, but I don't want any copy protection crap on my computer.
                Any half-modern hardware has it.

                Comment


                • #18
                  Originally posted by Luke View Post
                  I wish that when PSP was not intentionally used it was possible to verify that it was all the way off, staying off-and that it had not changed any part of your boot path by say, activating a keylogger to get your disk encryption passphrase.
                  this thing is in the GPU, how does it change the boot path?

                  Comment


                  • #19
                    Originally posted by tomtomme View Post

                    they are not developing those, just implenting them. if they won´t do that the users would cry: "why is hdmi-audio not working. where is my netflix?"
                    wouldn´t you?
                    lol, netflix.
                    They only give you crap quality, unless you are using the latest MS OS with the latest MS browser with the latest Intel CPU/IGP for no reason. If this is the case, you get "UHD", ok-ish quality.
                    People should wake up.

                    Comment


                    • #20
                      Originally posted by bibaheu View Post

                      Thanks for explaining all that, always nice to get comments from driver developers

                      As far as I know Netflix limits video playback to 720p on Widevine (low security mode?). You need a Microsoft browser or a locked device (like a PS3) to get 1080p and more.

                      Will the CPU boot at all if the PSP is disabled somehow in the BIOS? That's the main complain with modern Intel machines, at it will reboot itself if the Intel Management Engine wasn't initialized by the firmware.
                      Indeed, that seems about right. Depending on how "secured" the machine is, depends on how much content providers are willing to send you. I doubt using "a Microsoft browser" would make a lot of difference unless you locked down portions of your software stack

                      As for the CPU stuff, sorry, I couldn't really answer that for you as I focus mostly on GPU stuff.

                      Comment

                      Working...
                      X