Intel's Open-Source OpenGL Driver Adds Support For "Protected Content"
EGL_EXT_protected_content allows creating protected contexts and in turn surfaces and EGLImages that are "protected" and can only be utilized within protected contexts. This can be used for scenarios like Digital Rights Management and other security-minded scenarios. So far EGL_EXT_protected_content has been mostly leveraged by Android apps and that EGL extension as well having been initiated by mobile SoC vendors.
The set of ten patches merged today provide the protected content support for the Intel Iris Gallium3D driver as well as necessary Gallium3D state tracker and EGL infrastructure changes.
From the kernel driver, this Iris protected content support depends upon I915_GEM_CREATE_EXT_PROTECTED_CONTENT. In turn this depends upon the Protected Xe Path (PXP) found with Intel Gen12 graphics and newer.
The Intel Protected Xe Path allows for protected/encrypted objects. For those concerned about digital rights management and "protected" configurations, with some PXP operations also involving the Intel Management Engine (ME), the support can be disabled at kernel build time using the CONFIG_DRM_I915_PXP Kconfig option. The Intel PXP support was merged back in Linux 5.16.
With Vulkan 1.1 is also protected content support but today's Mesa user-space changes are just about the Iris Gallium3D (OpenGL) support at this time.
Those interested in the protected content support can learn more via this merge request of the nearly thousand lines of new code pushed into Mesa 22.3.