Let me get this right.... are we mainlining a DRM platform (as in digital right management) directly into the Kernel to provide big Cs an easier way to manage encrypted videos? As if html MSE isn't enough for them to profit at the expense of user freedom?

It's a bit more access rights, rather than DRM. But they are adding control capabilities.


As far as I've understood:

Nope.

Not at all. Your linux kernel is opensource and if you have administrative rights to it, you can controle SMAF.
The end user isn't the adversary in this security/threat model.
On the other hand, SMAF make it sure that some random userland program can't eaves drop from a secure encrypted media transmission.

In other words:
- it can't help against you saving a moving from youtube or netflix to the disk. you own your computer, you could simply tell SMAF to allow you to do this. (or disable it entirely)
- it DOES help against a rogue user-land software to try to save your hot sexcam session to the NSA servers. SMAF makes sure that the decrypted video of your girlfriend's boobs can only be displayed and not go to somewhere else.


This is entirely different from EME, which is a closed-source blackbox. encrypted video goes in, decrypted video goes out, but you don't have any access to what's happenning inside the black box (hey, the black box could even contain code to redirect the video stream to some 3rd party servers. At least EME is sandboxed, unlike Flash, so there are a lot of things that EME can't do but that Flash used to do).

Could this be used to sandbox other forms of encryption, for instance making it more difficult for an online attacker with a root privilige escalation attack to export the disk keys from a cryptsetup volume?