| |||||||||||||
A cost analysis of Vista content protectionA cost analysis of Vista content protectionPosted Dec 24, 2006 6:49 UTC (Sun) by dang (guest, #310)In reply to: A cost analysis of Vista content protection by lutchann Parent article: A cost analysis of Vista content protection
Based just on the snippets below, it looks like M$'s requirements put the gun right to the device manufacturers' heads. If you want to vend your wares to the huge M$ installation base, then it will be really, really hard to do so in a way that allows you to support open source platforms.
---snippets below----
"In order for this to work, the spec requires that the operational details of
----
----------
"Once a weakness is found in a particular driver or device, that driver will
----
(Log in to post comments)
A cost analysis of Vista content protection Posted Dec 24, 2006 12:26 UTC (Sun) by rwmj (subscriber, #5474) [Link] Personally, I'm looking forward to the day when Microsoft "revokes" some popular piece ofhardware.
Rich.
driver revocation Posted Jan 4, 2007 6:11 UTC (Thu) by xoddam (subscriber, #2322) [Link] I wonder how easily forgeable a revocation is?
A cost analysis of Vista content protection Posted Dec 24, 2006 12:58 UTC (Sun) by csamuel (✭ supporter ✭, #2624) [Link] But this is just security through obscurity, and I don't believe it is necessary with good crypto. GnuPG is open source and secure, the strength is in the algorithms and key management. So if the driver has the public key for the card and the card signs a message with its private key then the driver can be sure the message came from the card and hasn't been tampered with. I suspect the problem is more likely to be with the identification of registers and other hardware controlling bits - there is a precedent for having a binary only module for this in the Intel open source graphics drivers, as Keith Packard put it: This module contains stuff which Intel can't publish in source form, like Macrovision register stuff and other trade secrets. It's optional, so if you don't want to use a binary module, you don't get to use code written by Intel agents for these features. To me this seems like an excellent compromise, the module is optional and you can still use your hardware quite happily.
A cost analysis of Vista content protection Posted Dec 25, 2006 1:20 UTC (Mon) by grouch (guest, #27289) [Link]
Please let everyone know how Microsoft receives your proposed compromise.
A cost analysis of Vista content protection Posted Dec 25, 2006 2:16 UTC (Mon) by csamuel (✭ supporter ✭, #2624) [Link] Hmm, I'd missed the comment that the *spec* requires the details to be kept confidential. So effectively Microsoft is using this as an excuse to compel hardware manufacturers to not publish specs, with the effect of hamstringing open source driver development. Of course they'll protest that it's not their fault but it certainly fits with past practices from Redmond. :-( Without a copy of the spec it's hard to say how much is direct quotation and how much is inference..
A cost analysis of Vista content protection Posted Dec 25, 2006 12:57 UTC (Mon) by i3839 (guest, #31386) [Link] Problem is that any key on the PC, wherever it's hidden (driver or kernel) can be quite easily found and modified. I don't see how they can avoid a man in the middle attack with those public/private keys stored in software, not even with TMP hardware.
But for open source it's even easier, as most protection is in place to verify DRM hardware. The hardware can't verify the driver as any private keys need to be in the driver and thus can be recovered. As we only want a functional driver and aren't trying to bypass the DRM, it's probably even legal.
A cost analysis of Vista content protection Posted Dec 26, 2006 4:39 UTC (Tue) by csamuel (✭ supporter ✭, #2624) [Link] Ah, but the private key(s) only needs to be in the hardware with itscorresponding public key(s) in the driver. Of course there can be hardware attacks against the hardware based private key as well, but that's going to push up the cost of an attack quite dramatically compared to a software only attack.
This of course assumes that the report about the spec is accurate in that
Attacking the driver to modify its public key will only result in
Regarding FLOSS drivers, it would mean that those drivers would have to
A cost analysis of Vista content protection Posted Dec 26, 2006 13:32 UTC (Tue) by i3839 (guest, #31386) [Link] True, but in that case it's the driver checking the hardware, and as we want to replace the driver it's quite easy, as there's nothing stopping us, except some obfuscated binary code.
But if we can so easily replace the MSWindows driver with a Linux one (concerning DRM "protection"), then what would stop people bypassing the DRM from the software side? Nice expensive hardware all for nothing because the software can't keep any key secret... (Even the key on the hardware isn't safe if they aren't very careful.)
Only way to fix the above problem is to pass encrypted data to the hardware with the software not knowing the keys, which is what happens I think. But I don't believe that all those hardware companies and content industry can keep their keys secret. If this is the case, then there's no need at all to be secret about interfaces and drivers information, as all decryption is done by hardware.
Considering the draconian regulations it means they went for a half assed solution which can be broken, and thus will be broken. If the hardware really did all the verification then things would be very simple for the driver, as the only thing that changes would be that the hardware is more expensive and has an extra feature.
Maybe it is a sneaky way to try killing FOSS after all...
A cost analysis of Vista content protection Posted Dec 27, 2006 23:52 UTC (Wed) by csamuel (✭ supporter ✭, #2624) [Link] My understanding was that the stated aim of the exercise is to stopsomeone writing software that poses as video hardware to an existing driver because the hardware & driver do a DH key exchange and the driver encrypts the "premium" content with the exchanged keys.
Thus if your software was able to masquerade as a plug in video card and
A cost analysis of Vista content protection Posted Dec 28, 2006 15:33 UTC (Thu) by i3839 (guest, #31386) [Link] Diffie-Hellman doesn't protect against man-in-the-middle attacks, so some form of authentication would be still needed. And for that there needs to be keys both in hardware and the driver.
The key in the driver could be replaced with any key the attacker wants, and then the authentication would seem to succeed and unencrypted content would be received by the fake videocard. I don't believe they're so stupid to bet on this...
But maybe they do, as it appears that the driver needs to do checks, and checks can be bypassed, so what the hell are they thinking? If the driver needs to do any checks then the system is broken by design.
A cost analysis of Vista content protection Posted Jan 23, 2007 10:43 UTC (Tue) by i3839 (guest, #31386) [Link] It seems they were indeed so stupid as this, both Blueray and HD-DVD are cracked because the encryption keys can be fished out of ram. Pathetic.
A cost analysis of Vista content protection Posted Dec 27, 2006 20:09 UTC (Wed) by allesfresser (subscriber, #216) [Link] One thing that seems to be missing in all this discussion of how to break this scheme is that in the largest market for PCs (the US), reverse-engineering or 'breaking' it will be completely illegal and very prosecutable, thanks to the DMCA. This will have a significant damper on legitimate free drivers, to say the least.
A cost analysis of Vista content protection Posted Dec 27, 2006 23:53 UTC (Wed) by csamuel (✭ supporter ✭, #2624) [Link] Amen.
Very handy for the agendas of both "content" providers and Microsoft.
A cost analysis of Vista content protection Posted Dec 30, 2006 16:14 UTC (Sat) by i3839 (guest, #31386) [Link] Well, breaking content protection may be illegal, but making a free driver that also honours the DRM surely isn't illegal?
|
|||||||||||||