Announcement

Collapse
No announcement yet.

An AMDGPU Branch For Security PSP / HDCP Support

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • starshipeleven
    replied
    Originally posted by M@yeulC View Post
    I have multiple use cases in mind, but the main idea is to prevent eavesdropping (hardware of software keyloggers).
    Ah yeah, the old "I want to use stuff used for DRM to be safer myself too". I don't disagree on principle, but in practice yeah I do.
    I'm personally not going to trust DRM systems do be much more than an annoyance (given HDCP's track record and overall uselessness, it's more of a "planned obsolescence gimmick" than "DRM enforcement", which are both a few leagues away from "security" anyway), things supposed to provide security should be designed to do that from the start. DRM stuff tends to have too much secondary objectives (any bug in hardware means hardware obsolescence, and these days it's favorable for the manufacturer to do not do a very through work on that) and corner-cutting (as in 99% of the cases they don't want actual security) to be really trustworthy for anything that isn't deceiving content providers into believing some client system is safe and that someone won't steal the content and upload it on piratebay anyway.

    And if there's a security feature on my computer, I like being able to control it, and note leave it to an "untrusted" entity somewhere who has a master key (which is used on MY system to prevent ME from accessing MY content !!!!).
    DRM is not a security feature, the same as the content it protects isn't yours.

    Leave a comment:


  • M@yeulC
    replied
    Originally posted by starshipeleven View Post
    Why the hell would you need to change encryption key of HDCP anyway? They are all generated from a master key somewhere so they are all functionally identical.
    Sorry for not answering you earlier.
    I have multiple use cases in mind, but the main idea is to prevent eavesdropping (hardware of software keyloggers).
    Take for example the signal messaging application: you can't take screenshots of it unless you disable this protection in the settings. If you encrypt the video signal all the way from the compositor to the screen, that's actually a very reduced attack surface.
    I would also like to see something similar implemented in the keyboards, to be honest. I've seen enough physical keyloggers, som of which were integrated into the keyboard, other wireless (to spoof on BT keyboards) to become wary of those. A few good encryption schemes are possible there. And if there's a security feature on my computer, I like being able to control it, and note leave it to an "untrusted" entity somewhere who has a master key (which is used on MY system to prevent ME from accessing MY content !!!!).

    Leave a comment:


  • bridgman
    replied
    Originally posted by Serafean View Post
    I mean seriously, how would people be pissed if their cars refused to drive on non constructor approved roads?
    That's one of the things that concerns me about the move to self-driving vehicles. It won't be long before manufacturers notice how much money they can save by leaving out manual controls, and at that point off-roaders are going to have to become hackers just to get their vehicles past the trail head.

    "You can drive it off-road with this iPhone app but you can't have anyone in the vehicle"

    Forget about hoarding guns, I think I'm going to start hoarding vehicles with solid axles and no computers other than the fuel injection and AM/FM radio.

    Leave a comment:


  • Danny3
    replied
    Originally posted by tomtomme View Post

    they are not developing those, just implenting them. if they won´t do that the users would cry: "why is hdmi-audio not working. where is my netflix?"
    wouldn´t you?
    Whatever, implementing is worse than developing.
    I said I will never buy anything with DRM and now they're implementing at hardware level. Assholes.

    Leave a comment:


  • Mystro256
    replied
    Originally posted by duby229 View Post

    That's perfectly fine, but I vote that absolutely every distribution configure it out of the compiled binaries so that none of them use any implementations of this crap. The fact is I can't ait for the PSP to get cracked so that oss code can be written to operate that hardware beyond the control of any content industry. (And it will happen someday, you can bet your balls on it.)
    I doubt any kernel PSP stuff will be pulled into the mainline kernel... or at least I think so? I'm probably the worst person to ask on this as I'm not involved with distribution. I'm at the part of development where it's still pretty platform agnostic.

    AFAIK, I'm only aware of one Linux customer needing this and they use a patched version of an LTS kernel on their devices. Possibly this "amd-staging-security-opensource-4.4" branch is for them? Yet again, worst person to ask about this.
    Last edited by Mystro256; 21 December 2016, 01:35 PM.

    Leave a comment:


  • Mystro256
    replied
    Originally posted by Serafean View Post

    What kind of bullshit is this? The moment I change the wireless adapter in my laptop netflix will disallow streaming 4K (if the laptop boots up at all...)? If I build an HTPC system from separate components, no Netflix for me?
    Is this a return to the pre IBM-PC era, where all that was available were all in one systems, that allowed the user to do nothing but one thing with them? (two if you count throwing it out)

    I'd like to say I'm not judging you for implementing it, but I am. This is dangerous remote control territory we're going into. (Govt doesn't like tor? PSP disallows it -> see Turkey)

    I mean seriously, how would people be pissed if their cars refused to drive on non constructor approved roads?

    BTW : BFU stands for Basic Fucking User. ( Politically correct is "Average Joe" )
    Well realistically, I would never lock down my computer just to satisfy some DRM requirement... but customers are customers (OEM and "BFU"). They want their devices to stream 4K and movie studios make these DRM agreements with content providers (such as Netflix). Don't shoot the messenger, as they say; I don't make this crap, I just let the products work with this crap if the user so wishes

    Plus, I think I already said this... these customers help fund development, so I would be more inclined to make them happy than spit in their face.

    Leave a comment:


  • duby229
    replied
    Originally posted by Mystro256 View Post



    I'm not sure what BFU stands for, but the implementation isn't for most FOSS end users. It doesn't work if the OS and HW aren't locked down all the way from boot (i.e. HW based Secure boot) to the monitor connection (HDCP). If you break the chain anywhere, the PSP just shuts down and disallows protected content if the vender (Hulu, Netflix, etc.) requests it. For example, this is needed for 4K on Netflix to work; every company has it's desired security level we need to implement various levels of widevine (Linux) and Playready (Windows) to meet these needs.

    As I said, it's not forced on anyone, it's just implemented. If your system is one of those OEM locked down systems, it will work, but if your system is customized in anyway, it's just a dead code path that doesn't affect you what so ever, aside from venders denying you content because you don't have the DRM available.

    Realistically we have Windows and Linux customers that pay us money to implement it, so we implement it. Not having it available in Linux is just silliness, as these Linux customers in turn fund a lot of development of the AMDGPU (as in FOSS) driver.

    EDIT: Note that widevine does work without the PSP or other HW equivalent, but at in a "lower security mode". Some some vendors allow it, such as netflix, but will likely limit your connection; for example, I believe Netflix will limit your quality settings depending video you select (I'm assuming depending on the movie studio) and probably also throttle your connection.
    That's perfectly fine, but I vote that absolutely every distribution configure it out of the compiled binaries so that none of them use any implementations of this crap. The fact is I can't ait for the PSP to get cracked so that oss code can be written to operate that hardware beyond the control of any content industry. (And it will happen someday, you can bet your balls on it.)

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by Serafean View Post

    What kind of bullshit is this? The moment I change the wireless adapter in my laptop netflix will disallow streaming 4K (if the laptop boots up at all...)? If I build an HTPC system from separate components, no Netflix for me?
    Is this a return to the pre IBM-PC era, where all that was available were all in one systems, that allowed the user to do nothing but one thing with them? (two if you count throwing it out)
    The entertainment businness has always been nazi-like, nothing new in that. You remember the bullshit region codes in disks? So that you could not see a disk for a different region on a device coded to another region? (While a PC didn't give a fuck about these regions at all)

    I'd like to say I'm not judging you for implementing it, but I am. This is dangerous remote control territory we're going into. (Govt doesn't like tor? PSP disallows it -> see Turkey)
    No, it's still DRM.
    If the program you use to see netflix sees that you don't have X and Y or if their servers don't get the right user agent string, or stuff like that, then you can't see stuff.

    PSP is used on your PC while you are seeing things to ensure that you cannot pirate them through the PC as it keeps the keys or does decryption or something like that.

    But they have no way to have your PC disallow arbitrary applications or services they don't control.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by M@yeulC View Post
    Well, security is not a bad thing *per se*, even HDCP could have its uses. It is however useless for me if I cannot set the various keys to the ones I want and own. And it's not designed this way: You will probably never find a TV with a changeable encryption key. That would allow to make a trusted connection from the application to the display, with no spoofing "possible" in between.
    Why the hell would you need to change encryption key of HDCP anyway? They are all generated from a master key somewhere so they are all functionally identical.

    As for HDCP, someone will break it at some point. They already did it in the past, IIRC. It is virtually impossible to hand you the content and the keys to decrypt it, while guaranteeing that you won't be able to access either.
    pssible/impossible is irrelevant, what matters is practical/impractical. Doing what you said with HDCP is not practical.

    Does not mean it is an issue though. Easy way to spoof it is using some chinese "hdmi splitter" boxes that either have their own key on one side and don't check on the others, or don't report themselves at all in the system so as long as ONE receiving device attached to it is HDCP-compliant you can see stuff on others too.

    Leave a comment:


  • Serafean
    replied
    Originally posted by Mystro256 View Post
    I'm not sure what BFU stands for, but the implementation isn't for most FOSS end users. It doesn't work if the OS and HW aren't locked down all the way from boot (i.e. HW based Secure boot) to the monitor connection (HDCP). If you break the chain anywhere, the PSP just shuts down and disallows protected content if the vender (Hulu, Netflix, etc.) requests it. For example, this is needed for 4K on Netflix to work; every company has it's desired security level we need to implement various levels of widevine (Linux) and Playready (Windows) to meet these needs.

    As I said, it's not forced on anyone, it's just implemented. If your system is one of those OEM locked down systems, it will work, but if your system is customized in anyway, it's just a dead code path that doesn't affect you what so ever, aside from venders denying you content because you don't have the DRM available.
    What kind of bullshit is this? The moment I change the wireless adapter in my laptop netflix will disallow streaming 4K (if the laptop boots up at all...)? If I build an HTPC system from separate components, no Netflix for me?
    Is this a return to the pre IBM-PC era, where all that was available were all in one systems, that allowed the user to do nothing but one thing with them? (two if you count throwing it out)

    I'd like to say I'm not judging you for implementing it, but I am. This is dangerous remote control territory we're going into. (Govt doesn't like tor? PSP disallows it -> see Turkey)

    I mean seriously, how would people be pissed if their cars refused to drive on non constructor approved roads?

    BTW : BFU stands for Basic Fucking User. ( Politically correct is "Average Joe" )

    Leave a comment:

Working...
X