[huskerlug] Re: A Cost Analysis of Windows Vista Content Protection
- From: "Paul Andrews" <pandrews@xxxxxxxxx>
- To: huskerlug@xxxxxxxxxxxxx
- Date: Fri, 2 Feb 2007 18:27:16 -0600
OK.. I'm still working on reading the whole article... (slow reader)... but
I would recommend you at least read the section entitled "Unnecessary CPU
Resource Consumption"
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html#cpu
So far it's a very eye openning article, and I'm comming up with some great
reasons to encorage my non-Linux friends to avoid their upgrade into Vista.
Some winning quotes from that section:
[talking about internal encription for DRM purposes] "This is very similar
to the protocol used in SSL or SSH (in practice some steps like cipher suite
negotiation are omitted, since there's a hardcoded set of ciphers used).
Finding SSL being run inside a PC from one software module to another is
just *weird*.
Needless to say, this extremely CPU-intensive mechanism is a very painful
way to provide protection for content, and this fact has been known for many
years. Twenty years ago, in their work on the ABYSS security module, IBM
researchers concluded that the use of encrypted buses as a protection
mechanism was impractical <http://portal.acm.org/citation.cfm?id=79221>."
"On-board graphics create an additional problem in that blocks of precious
content will end up stored in system memory, from where they could be paged
to disk. In order to avoid this, Vista tags such pages with a special
protection bit indicating that they need to be encrypted before being paged
out and decrypted again after being paged in. Vista doesn't provide any
other pagefile encryption, and will quite happily page banking PINs, credit
card details, private, personal data, and other sensitive information, in
plaintext. "
Follow Note J:
"The OpenBSD approach of generating a random swap-file encryption key at
boot time and encrypting any memory data that gets paged to
disk<http://www.usenix.org/events/sec2000/full_papers/provos/provos_html/index.html>is
the correct way to handle memory protection."
"The inability to perform decoding in software also means that any premium-
content compression scheme not supported by the graphics hardware can't be
implemented. If things like the Ogg video codec ever eventuate and get used
for premium content, they had better be done using something like Windows
Media VC-1 or they'll be a non-starter under Vista or Vista-approved
hardware."
Paul
On 1/27/07, GreyGeek <jkreps@xxxxxxxxxx> wrote:
>
> http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html#oss
>
> Elimination of Open-source Hardware Support
> In order to prevent the creation of hardware emulators of protected
> output=
> =20
> devices, Vista requires a Hardware Functionality Scan (HFS) that can be
> use=
> d=20
> to uniquely fingerprint a hardware device to ensure that it's
> (probably)=20
> genuine. In order to do this, the driver on the host PC performs an
> operati=
> on=20
> in the hardware (for example rendering 3D content in a graphics card)
> that=
> =20
> produces a result that's unique to that device type.
> In order for this to work, the spec requires that the operational details
> o=
> f=20
> the device be kept confidential. Obviously anyone who knows enough about
> th=
> e=20
> workings of a device to operate it and to write a third-party driver for
> it=
> =20
> (for example one for an open-source OS, or in general just any
> non-Windows=
> =20
> OS) will also know enough to fake the HFS process. The only way to
> protect=
> =20
> the HFS process therefore is to not release any technical details on
> the=20
> device beyond a minimum required for web site reviews and comparison
> with=20
> other products.
> This potential =E2=80=9Cclosing=E2=80=9D of the PC's historically open
> plat=
> form is an=20
> extremely worrying trend. A quarter of a century ago, IBM made the
> momentou=
> s=20
> decision to make their PC an open platform by publishing complete
> hardware=
> =20
> details and allowing anyone to compete on the open market. Many small=20
> companies, the traditional garage startup, got their start through this.
> Th=
> is=20
> openness is what created the PC industry, and the reason why most homes=20
> (rather than just a few offices, as had been the case until then) have one
> =
> or=20
> more PCs sitting in a corner somewhere. This seems to be a return to the
> ba=
> d=20
> old days of 25 years ago when only privileged insiders were able to=20
> participate.
>
> ----
> Husker Linux Users Group mailing list
> To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
> with a subject of UNSUBSCRIBE
>
>
>
----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE
Other related posts:
