But hardware backed DRM can be so much more invasive beyond that. I have no doubts the long term goal of MS is to have a Windows version of Play Integrity.[0] So total control over everything that happens on your device. Just to give an example of what could happen if this becomes reality: https://en.m.wikipedia.org/wiki/Web_Environment_Integrity
This tech extended to browsers could easily mean that sites could refuse to serve you if your machine is running any bigcorp unapproved software. An easy example of that would be adblockers.
Unless we get lucky with secure world compromises like the Tegra X1 bootrom exploit[1] or get real good at passing legistlation that forces companies to give you all the private keys to your own machine, the future for personal computing is looking grim.
I expect mjg59 to know what they're talking about but like you say, I wonder the same thing about the strength of (what you call) Media DRM v Hardware-backed DRM.
GPU vendors have quietly deployed [hardware-based DRM] ... [which] works just fine on [boards] that [don't] have a TPM and will continue to do so.
Stallman warned everyone. Virtually nobody listened.
Also, companies can just price the additional cost in, blame the government for the price increase, and mislead consumers about the tradeoff being made. A ban is harder to do that about
> sites could refuse to serve you if your machine is running any bigcorp unapproved software
This needs to be classified as discrimination.
In fact I see no relationship between DRM and Play Integrity other than a tenuous connection that both are about controlling what a user cannot do on their device. If this is what you mean, then you have made the same mistake as FSF by conflating unrelated technologies.
Consequently pressure to support more effective DRM will always translate into pressure to restrict what users can do with their devices.
Furthermore, the only defense against this is large open device market share: once closed devices comprise most of the market, DRM proponents can announce they'll stop supporting open devices, creating a downward spiral that further decreases the availability of open devices.
And then we live in a future that's fucked.
They shouldn't have that right any more than a tools manufacturer has the right to prevent you from buying one of their hammers.
The right of first sale is extremely important to a functioning capitalistic society and it's completely absent from the digital world - by design.
In this case it feels like an app developer having the right to punch[0] you in the face just like you have the right to refuse being punched in the face :-P.
[0] (to use a family friendly verb)
The only worthy cause to apply my patience to.
> The only worthy cause to apply my patience to.
This already happened for smartphones.
Concerning your first claim: Did you attempt to get a job at such a company to leak the keys?
Concerning your second claim: Did you already invest lots of personal ressources for this cause?
The cryptographer never implemented it on daily compute devices.
Perhaps this cryptographer would be willing to risk a low communication round release of private keys corresponding to public keys in ROM or burnt in eFuses etc... but only if the public key dump is sufficiently large and encompassing.
From the perspective of the cryptographer we are all whining wankers, and we should just collect all the public keys as a wishlist.
The cryptographer care naught about "liberating" hour long advertisements for the militaries or intelligence agencies etc. The cryptographer does wish sovereign compute to fellow humans, a primordial requisite for effective democracy.
====
While I understand the average programmer would ascribe an incredibly low probability to the above, the absolute absence of such a comprehensive public key dump is not in proportion to the probability considered.
I don't know. They could lock up the hardware stack as much as they want, in the end it's pixels being pushed to arrays. It's extremely hard to prevent these pixels from being intercepted. You'll have pirate groups just going deep in the hardware (opening the monitors and soldering and hacking and whatnots) and eventually tap these.
As for personal usage: I've got hardware from the eigthies still working fine.
Instead of:
movie2025-WEBRip1080p-x265.mp4
movie2025-WEBRip1080p-DRMfree-x265.mp4
For example people can still buy brand new CRT (!) screens today. Not just CRT screens but also brand new CRT PCBs to drive either new or old CRTs. It's 2025 and people can still buy brand new CRTs. That's kinda rad.
And if worse comes to worse, if it's really impossible to go "tap" into the pixels being sent to a DRMed monitor (which I don't buy for a second), there's still the analog hole. Pirates are just going to use old (non DRMed) gear to rip, analog style, DRMed content and then they'll just process the result with some AI models to get it back to near perfection.
Heck, the day's probably not very far where I can use, say, two handcams from the 90s to film a movie at the movie theater and then use an AI model to give back a near pristine movie file (as in: one where it's impossible for the layman to discern from the original).
> This tech extended to browsers could easily mean that sites could refuse to serve you
That's already the case: some content is geo-blocked. People use a VPN or just fire up Frostwire or qbittorrent.
Even a Raspberry Pi 5 goes a long way: when are these going to play the DRM game and make the future look grim, instead of bright?
I don't doubt there are really deeply sick, evil, people out there thinking about how they can ruin of collective future but I also know that they'll encounter people who have systematically owned their sorry arses.
We're concerned about DRM because what it does accomplish. DRM creates a vertically-integrated market wherein every layer of the stack is authoritatively controlled by a colluding oligopoly of vertically integrated hardware+media corporations (Apple, Amazon, Facebook, Comcast, etc.)
The greatest problem with DRM is drivers. NVIDIA hardware only works well in Linux because it's important to NVIDIA's business. Even so, there are longstanding issues that would have been fixed decades ago if kernel devs were allowed to collaborate. Instead, DRM (and copyright in general) demands that the driver dev team be siloed away from the kernel devs. This way, NVIDIA can use the exclusivity of its CUDA implementation as an anticompetitive advantage in its hardware business.
Copyright is, fundamentally, a wall between would-be collaborators. DRM is an implementation of that wall, but instead of isolating people, it isolates software. The wall DRM provides is not used to monopolize the distribution of content: it is used to construct moats in our software ecosystem.
There's a reason I prefer the experience of torrenting a Netflix rip over streaming Netflix on my Roku: the entire hardware+software stack is superior. I can actually sort and navigate my library. I can decode&render with my faster GPU. I can adjust the audio delay. I can adjust subtitle placement & font. I can mix the audio so that dialogue is actually audible. I can do frame interpolation with SVP (again using a better GPU than whatever your "smart" TV has onboard). I can seek forward&backward quickly without changing bitrate. I can let the credits play without being interrupted by an ad. The list goes on...
I don't want a goddamn CRT. I want modern hardware. The more we let corporations abuse us with DRM, the less compatible that hardware will be with real software.
Yes, you can never "plug the analog hole" completely, but you can definitely lock stuff down to the point it's impractical for 95% of people.
For instance, imagine some sort of audio / video fingerprint system that resides in Intel and/or nVidia's GPU drivers. Content gets played through the on-GPU HEVC / h.264 decoders already. Doesn't seem like a huge stretch to add a fingerprint authentication system to that stage.
Have a list of content IDs that are protected, and require a valid license to play.
Yes, your source file is unprotected (video camera in front of monitor), but all of your devices are unable to play it. Yes, your ancient, circa 2024 desktop PC will still play it, but your new 2030 model TV implements this fingerprint system as well so you can't just cast this file to your 100" display in your living room.
This is to say nothing of other forms of content (applications / games / web pages) that actually could require attestation / DRM HW / always-on internet to run.
Now I don’t really follow the Windows world but I thought the goal of the newer TPM stuff was to be able to provide a trusted boot chain the way Apple does. I’m under the impression that some of the earlier versions allowed the TPM module to be a separate piece of hardware from the CPU and thus exposed an hardware attack path where someone could snoop or man in the middle.
If you have a full trusted chain you can certainly use that to ensure that the DRM isn’t being tampered with. But I kind of doubt that’s the main reason behind all of it. There are enough good reasons they may want better security on the hardware outside of that it seems justifiable that they might push it.
I’m not arguing it’s good or bad, I just don’t think it’s 100% about DRM and the rest is a smoke screen.
Your flaw is assuming that Apple's only doing that for your security and has no ulterior motives. But iOS apps are disabled and Netflix reduces to a lower resolution when you disable System Integrity Protection on a Mac (among other things?). The trusted boot chain is clearly a DRM enforcement tool in addition to being a security feature.
https://github.com/cormiertyshawn895/RecordingIndicatorUtili...
I would guess that the actual push for TPM is to have 'better' BitLocker, and Passkey support.
In practice the default BitLocker+TPM configuration isn't that great (no user entropy/pin, dTPM is basically worthless).
I have no actual understanding for how TPM is involved for Windows Hello/WebAuthn/Passkey or whatever, but at a glance it would seem Biometrics without a TEE seems like a very weak link.
If that helps with bitlocker or passkeys or whatever that’s great. But I assume at its base it’s a pure integrity play.
I would think that would also let you know the public key stuff used to communicate with hardware authentication like a fingerprint reader is secure too, but I don’t know how that stuff works well enough to know if that’s true.
Whether it’s in the GPU, CPU, TPM, or any other part of computing property you ostensibly own, is an utterly irrelevant distraction, the root is the unholy alliance of government and capital power.
And Labor too, don't forget!
https://www.backstage.com/magazine/article/sag-aftra-back-an...
I expect next generation workarounds will involve virtual GPUs.
The remote server is handshaking cryptographically with the GPU itself, which identifies itself using certificates and keys tied at the factory. You can't emulate such a GPU unless you find a way to steal the keys.
[*] Jellyfin & and the -arr daemons are far more usable and stable then wading through the various streaming services interfaces, so I'll download episodes even though I do actually pay for the streaming services.
DRM is really about control. It's a technical trick that thanks to DMCA anti-reverse engineering clauses becomes a legal trick to dictate exactly who and how can play the content, much tighter than what copyright and consumer laws allow by default.
For example, without DRM you couldn't effectively sell separate licenses for computer screens and TVs, because users could just connect their computer to a TV.
DRM allows negotiating everything about distribution, up to who pays who for having a button on the TV remote.
Those who control the DRM have a veto power over everything, and have it viciously enforced internationally thanks to it being tied to copyright.
None of the hurdles stop 100% of people. But every hurdle causes some people to stop bothering.
For example, it's impossible to watch 4k content on popular streaming services if you use Linux, and even with macOS/Windows you need a specific combination of hardware + OS + browser, if a service even offers it.
I suppose some monitors and TVs have "features" to cryptographically handshake with the GPU and ensure a secure link, but at some point the data must be decrypted and decoded to be displayed. This doesn't seem like much more than a speed bump for a motivated individual.
It's a cat and mouse game, but I wouldn't discount these efforts as a mere speed bump. Screen enforced DRM will make things much harder. A motivated individual with the right tools and hardware hacking know how may be able to jailbreak a screen to record stuff, but that's going to make things out of reach for most people.
Of course you can try to play them with hardware that doesn't follow the rules. But there's a finite number of vendors, so that isn't necessarily easy.
The only beneficiaries of DRM seem to be hardware vendors, and even for them it's unclear if it's a net benefit, since it makes everything more expensive.
One example -- it has made creating pirated videos almost inaccessible to most people. In the past, if all other methods fail, you can always just record your screen with a common recording application. That's not possible with GPU enabled DRM, which is enough to stop a casual consumer to share a movie to their friends (even at a less ideal quality).
> have never had an issue finding what I want at the quality I want within an hour of a episode/movie being released to streaming.
That's because you are consuming mainstream/popular media. You often won't find recordings of a lot of performance art (ballet, concerts etc)* and I-am-not-going-to-name-it-content because there is a lot less demand.
* an interesting exception is that a lot of content released via Blu-ray gets decrypted, ripped and torrented.
Control publishing rights, platforms, software and hardware that is used for the consumption of said media.
The publishers control the DRM, which then needs to be licensed by television makers, software writers, and such things. Then that gives them control over how is it presented, how it is sold, how it is consumed and it forces everybody to agree to their terms.
It is a power thing. They want to have power over other businesses. DRM laws help them do that.
> How are these DRM schemes actually being defeated?
Well I don't follow DRM piracy stuff, but at a high level the people that want to consume the media must be able to decrypt it to enjoy it. So if you buy one of these DRM devices and figure out how they work then you can decrypt anything that is compatible with them.
And you only need to decrypt it once since digital media can be copied a infinite amount of times.
This is the argument for repealing them, which is why you rarely see them making it out loud.
Instead they come up with some rubbish about making it marginally more difficult (spoiler: it's still easier to pirate stuff than use legal services and the only thing actually preventing everyone from doing it is that some people want to follow the law). So it's good to knock those fake arguments down when you see them and leave no excuse to keep the bad laws that ought to be repealed.
Accepting their actual motivation like it's a legitimate reason to keep those laws is like saying the reason we should keep doing the stuff Snowden revealed is so the intelligence agencies can spy on the elected officials regulating the intelligence agencies.
If I understand incorrectly?
(Jokes aside, though, I haven't been able to figure out what IIUI stands for.)
1. Disable video hardware acceleration in browser (preferably FF)
2. Open OBS studio
3. Record screen while streaming service of your choice is running.
Still works in modern OSs like Windows 10.
You're technically not circumventing the DRM decryption routines when you do this since the pixels displayed on screen have already been decrypted (just like recording cable to VCR post-decryption), so the legality of it is towards the lighter grey end compared to ripping DVDs. IANAL though.
Not to say the stronger tiers never get broken but it's a lot more involved than just recording them with OBS.
And up through Dec 2023, FF and Chrome on Windows were limited to 720p. That's right, it wasn't until 2024 that Netflix on Chrome on Windows supported 1080p... That's what, 15 years after 1080p monitors became common?
https://web.archive.org/web/20231229030336/https://help.netf...
Now that streaming is commonplace it seems less necessary, but it was an essential stepping stone and an ongoing defense against piracy
Pirated content represents a relatively small and motivated community. There'll always be something like it, so the question for rightsholders is how to manage the size and visibility of that community.
People will pay you to move dirt from one side of a lot to the other side.
My guess is that when content platforms negotiate with IP holders, there is some need to show that some DRM is in place.
Stripping the more advanced forms of DRM usually relies on compromised device keys which can and will be revoked if it becomes known that they've leaked, so the details are deliberately kept very quiet. If you've ever experienced a device suddenly losing the ability to play 4K Netflix, it may have been because its keys were revoked.
Copyright defines art as a good (instead of a service), and demands everyone play along. An artist can use their copyright to monopolize both the distribution and the derivation of their work. Effectively, this places a wall between any would-be collaborators, because collaboration is derivative. In a world without copyright, you could collaborate with the work of Disney by making derivative work. With copyright, however, Disney can demand you stop that work by monopolizing its copy. By abusing this demand, Disney can entrench itself as the only Mickey-Mouse compatible corporation.
In the software world, collaboration of work requires source code redistribution. Because of this, the social incompatibility that copyright is founded upon translates into literal software incompatibility; including proprietary software platforms and libraries. For example, Microsoft Office has entrenched itself as the "industry standard" for rich text and spreadsheets by leveraging the incompatibility of its data formats. While collaboration isn't impossible, Microsoft is granted a legally-enforced anticompetitive advantage from its copyright monopoly.
NVIDIA uses the copyright monopoly of its CUDA implementation to sell more hardware. It is able to do this because the hardware and software engineers are both part of the same vertically-integrated corporation. Because of copyright, AMD's software engineers are not allowed to collaborate with the CUDA developers, and AMD drivers cannot be made CUDA compatible.
This is where the story gets to DRM: Apple, Amazon, Facebook, Google, and others are all vertically integrated hardware-media-advertising corporations. Each of them wants to abuse their respective copyright monopolies (their media businesses) to sell hardware, just like NVIDIA does with CUDA. To accomplish this, they told us the exact reverse story: Digital Rights Management.
The story of Digital Rights Management says that hardware needs to be incompatible in order to enforce the copyright monopoly. See what they did there? Now any anticompetitive advantage that we get in our hardware and advertising businesses was all just from us doing whatever it takes to support those poor starving artists!
I can hear you asking yourself, "But where is the hardware incompatibility?". That's the extra sneaky bit on top. Unlike having a clear winner and a loser like NVIDIA and AMD, hardware-media-advertising corporations are all winners. Each one of them benefits from the other using DRM. All of their moats intersect into one giant ~~swamp~~, I mean lakefront development.
Here's an example to chew on: App Stores. Both Google and Apple have their own separate incompatible app stores. Sure, it's a loss to Google when a popular app only works on iOS, but that's a two way street. The important part is that they have a moat at all: when the little guys try to make a competitive alternative, they drown. There is plenty of room for two players at this game, and the intersection of moats guarantees there will never be a third. Even when Apple's moat starts to flood Android Island, what's left standing will be worth more than a drained swamp.
I don't think the version of HDCP attached to HDMI 2.1 has been broken yet but that's kind of a moot point because no current video formats require more than HDMI 2.0.
What a complete and total waste of effort.
are GPU's currently shipping preprogrammed with keys used in DRM?
GPU's have had unique hardware private keys and secure memory for a decade.
It seems like you'd need some central SSL like certificate authority to verify and revoke credentials that were universally implemented in the same way by all GPU manufacturers.... surely there is no such thing?
TPMs are really just embedded Yubikeys. Unless your UEFI/BIOS "conspire" to supply them with boot measurements, and your OS in turn conspires with that to carry these measurements forward and provide them at the application layer, TPMs can't harm your freedom.
TPMs are a much more "freedom neutral" technology than people generally assume in these discussions.
This sounds 100% on-brand for the FSF. The FSF's primary public-facing persona has peculiar computing habits so far removed from the mainstream that it's likely he has absolutely no clue how the real world works.
In fact by his own statement he has to rely on volunteers to update his website.
It's disappointing to me because the FSF could be so much more influential today, but the cult of personality around RMS has really destroyed their public credibility among "normies", the most important demographic to convince.
When the FSF finally realizes that a political organization such as theirs needs a public face with charisma and social skills, it will be too late.
If the FSF sticks to their current mission of preaching to the choir, they'll remain about as relevant as they are today, which isn't a lot.
The statement criticized by the OP certainly seems warranted, but it's less endemic of the FSF removing itself from the mainstream and more like the mainstream has abandoned free software.
> The FSF's primary public-facing persona has peculiar computing habits
You know, the FSF would probably argue that our computing habits are the peculiar one. And unless you can tell me about the code your iPhone runs in detail, they're probably (albeit begrudgingly) correct.
>more like the mainstream has abandoned free software.
Indeed, because free software development is largely driven by ideological purity rather than feature parity. Mainstream users see Free Software people as irrelevant kooks, and thus easy to dismiss, which is why Free Software has so utterly failed as a movement.
>You know, the FSF would probably argue that our computing habits are the peculiar one.
I'm sure flat-earthers feel that my belief that earth is an oblate spheroid is peculiar, too. Of what relevance is that to anyone?
>And unless you can tell me about the code your iPhone runs in detail, they're probably (albeit begrudgingly) correct.
We'll have to agree to disagree. The emacs developers don't even understand how large chunks of emacs work (per emacs-devel), for example. There's too much software out there for one person to keep in their head. This is not a reasonable heuristic.
Modern TPM support in Linux and systemD now permits automatic disk unlock for LUKS encrypted volumes using a key stored in the TPM - some ~15 years after Windows could do it.
I wonder what the TPM support is like in the HURD - ha!
The only complaint I have about the TPM is there is no standardisation in connectors, pinout, or bus type when it's not soldered onto the board. I have three motherboards with plug-in TPMs and each required a different, unique part that was difficult to source.
Yeah, Debian/Ubuntu, Fedora, etc didn't have this, but as the saying goes: you get what you pay for. Although enough of the Gentoo users (the real Gentoo users) have such a thing had it around that time too, if they wanted it (and they tend to put together what they want).
Some essential context: if you think the "Linux community" is elitist, wait until you see the niche commercial (and higher) players. I'm probably an example of such, to be fair.
This should be prohibited by commercial law.
Hell the only reason why I turn on my computer these days is for videogames. I wonder if the decline of the desktop has someone worried at Microsoft.
Then again, they have been so busy with Azure and XBox profits, that Windows development has turned into a mess, of GUI teams fighting for resources, while the apps division couldn't care less, now filled with people that grown up using UNIX instead of Windows, and see Web UIs everywhere.
Hence why Windows might be my main desktop, yet I eventually returned into Web/distributed computing world, disappointed with how UWP/WinRT development turned out.
I mean, open source advocacy already includes both business-friendly convenience-focused pragmatists and social-friendly, principled advocates of digital freedom who were essentially turned off by RMS's personality and/or approach.
Taken together, their work seems like it sets a reasonable ceiling on what FSF-- or any freedom-based organization-- could achieve.
If I'm wrong I'd like to know what exactly the FSF could have achieved in your opinion that's above that ceiling, as well as the tactics they'd have use to get there.
I feel like untangling the attestation capability (which I do believe has non-user-hostile/non-zero-sum uses!) from the secure key storage one might ultimately help their adoption.
1. Companies offer service that people don't want to pay for, and blame piracy.
2. Someone realizes that they can eliminate piracy and make lots of money by offering good service.
3. Piracy slowly dies, because people prefer €5 monthly subscription over torrent.
4. Other companies catch up. The market gets fragmented. By the nature of the market, it becomes impossible for one company to offer clearly good service.
5. Piracy gets fashionable again because it's more accessible than having twenty €50 subscriptions, half of them with ads.
6. Companies offer service that people don't want to pay for, and blame piracy.
IMHO the author does overrestrictively interpret the FSS statement to discredit them.
TEE is effectively an execution environment below ring 0, together with some hardware isolation as you mention. But by itself, solutions based on it can't hold any trusted key material, so can't be used in attestation contexts.
TPMs and other types of secure enclaves or secure elements include secure storage and can come pre-loaded with external root of trust keys, which allows attestation (and by extension trusted computing use cases), but also completely local useful things like enforcing a PIN retry limit on usage of a hardware-stored SSH key.
But since TPMs are by design self-contained and don't have any input or output capabilities, mediating user access via a TEE and some minimal OS providing a user confirmation UI can be very powerful (for example so that malware can't lock you out of your own SSH keys by just entering the PIN incorrectly repeatedly).
The purpose of a TPM, in this case, is not to provide encryption, but instead to provide so-called ‘authenticity’. A TPM with its attestation capabilities can allow a remote validator to attest the operating system and system software you are running via the PCRs which are configured based on it, with Secure Boot preventing tampering. [1] Google tried to implement APIs to plug this into the Chrome browser, which was later abandoned after backlash. [2]
In this case, the TPM can allow services like Netflix or Hulu to validate the hardware and software you are currently running, which provides the base for a hardware DRM implementation as stated in the article. Don’t be surprised if your non-standard OS isn’t allowed to play back content due to its remote validation failing if this is implemented.
TPMs also have a unique, cryptographically verifiable identifier that is burnt into the chip and can be read from software. This allows for essentially a unique ID for each computer that is not able to be forged, as it is signed by the TPM manufacturer (in most cases Intel/AMD as TPMs on consumer hardware are usually emulated on the CPUs TEE). If you were around for the Pentium III serial controversy, this is a very similar issue. It's already used as the primary method of banning users on certain online video games, but I wouldn’t be surprised to see it expand to services requiring it to prove you aren’t a “bot” or similar if it gets wider adoption.
There is a great article going more into detail about the implications of TPM to privacy from several years ago, which was the basis for this reply. [3]
[1]: https://github.com/MicrosoftDocs/azure-docs/blob/main/articl...
[2]: https://github.com/explainers-by-googlers/Web-Environment-In...
Citation or technical details needed.
Obviously it "makes sense" that for 4K HD content you "probably" want to offload the decoding into the GPU, but this is the first time I see this mentioned and there are no links to technical details.
In contrast, TEE / TrustZone and even the recent AVF with pVM - these are well documented technologies.
Not really; AMD have PSP (which, okay, isn’t x86, but it’s on the die) and Intel, as you mention in your post, had SGX and have ME. Google use PSP TrustZone to run Widevine on Chromebooks, for example. PowerDVD used SGX to decrypt BluRay, which led to BluRay 4K content keys being extracted via the sgx.fail exploit.
You’re right though that PlayReady is usually GPU based on x86; on AMD GPUs PlayReady runs in GPU PSP TrustZone. On Intel iGPUs I think it runs in ME.
The lower-trust (1080p only) software version of PlayReady uses WarBird (Microsoft’s obfuscating compiler) but this is of course fundamentally weak and definitely bypassed.
Anyway, none of this takes away from your post, which I agree with. The FSF (and many HN commenters) have been whining about TPM in unfounded ways since the 2000s.
There was a lot of talk about protected media path in Vista, how it linked with HDCP, how it killed hardware accelerated audio (including causing considerable death blow to promises made by OpenAL), etc.
This is also the way of the future for graphics, do way with any kind of hardware pipelines, and go back to software rendering, but having it accelerated on the GPU, as general purpose accelerator device.
With a unified memory architecture, is the shared GPU memory inaccessible to the CPU?
Basically, rightsholders should be be able to choose enforceable legal protection or unbreakable technological protection, but not both. Copyright was supposed to be a two-way street, but DRM permanently barricades one lane.
No. The latter would effectively mean rightsholders make their own laws, rather than follow the law.
DRM should simply be abolished, as it interferes with the premise of copyright: To grow the public domain.
It should also drive home the idea that DRM will be broken anyway and they'll be just left with nothing, so let them stick to copyright itself without all that DRM garbage.
As to the first point... the TPM can't communicate with the GPU, but maybe the GPU could communicate with the TPM. The way that would happen is that the GPU would talk to the TPM directly, using `TPM2_StartAuthSession()` to start an encrypted session with the TPM then it would use `TPM2_ActivateCredential()` or `TPM2_Import()`/`TPM2_Load()`/`TPM2_RSA_Decrypt()` to decrypt a symmetric session key that the GPU would then use to decrypt the stream. I.e., the GPU would do the bulk crypto, but the TPM would do the key transport / key exchange.
That also addresses the second point: the TPM being slow is not a big deal because you'd only need it to do something slow once when starting the video playback.
Of course, the GPU could just include TPM-like features to get the same effect, which really proves the point which is that:
> The FSF's focus on TPMs here is not only technically wrong, it's indicative of a failure to understand what's actually happening in the industry. While the FSF has been focusing on TPMs, GPU vendors have quietly deployed all of this technology without the FSF complaining at all. Microsoft has enthusiastically participated in making hardware DRM on Windows possible, and user freedoms have suffered as a result, but Playready hardware-based DRM works just fine on hardware that doesn't have a TPM and will continue to do so.
Pretty much. All the DRM functionality can be in the GPU, and there might not even be a standard API like TPM 2.0 that anyone could use, so the result is even worse than if the GPUs used TPMs to implement DRM.
Though, if one were implementing DRM in the GPU or in the display monitor (why not) then the TPM 2.0 MakeCredential/ActivateCredential protocol is a very good fit, so one might as well use that, and even embed a TPM in the GPU and/or the monitor. If you do the bulk decryption in the monitor then the user doesn't even get to screenscrape (eavesdrop on) the connection between the GPU and the monitor. One could even implement just a small portion of TPM 2.0 -- everything needed to establish an encrypted session (`TPM2_CreatePrimary()` and `TPM2_StartAuthSession()`, but also `TPM2_FlushContext()`) and `TPM2_ActivateCredential()`, and maybe a bit more if attestation is required (`TPM2_Quote()` and `TPM2_CreateLoaded()`). What would one attest? I think one would use a platform certificate and its key as the signing key for a TPM2_Quote()-based attestation. The point would be to prove that the device is a legitimate GPU or monitor made by an approved vendor.
If you dislike DRM then TPMs are not the enemy. Particularly the TPM on any server or laptop is not the enemy. TPMs in GPUs or monitors might be, but Windows 11 requiring a TPM on the box has nothing to do with that, and again, the GPU/monitor could implement the ActivateCredential protocol internally w/o a TPM anyways.
Even Intel abandoned it when designing SGX. SGX doesn't involve a TPM at any point.
So for a GPU vendor there's no reason to introduce the additional complexity of handshaking with a TPM. Blowing a private key into some eFuses at the factory is relatively easy, add a RAM encryption engine on top and you're already providing better security than what a TPM provides.
Option 1: as I said, the GPU could have its own, and yes in that case the EK cert would be known to the GPU (or it could have a platform-like cert issued by the GPU OEM).
Option 2: the platform vendor can teach the GPU the EK cert (or the public key for some primary key anyways).
Option 3: the GPU could learn it on first use.
> charitably let's say that's a signed blob that the driver pushes in at startup
That's what TPM vendors do as to the EK cert. Surely if they can do that then so can GPU and platform vendors. Indeed, some platform vendors ship with platform certs.
> but that's still going to be a terrible user experience because you won't get media playback if your machine has a TPM that's too new or .
What do you mean "too new"? Like, you replaced your TPM? That's a thing on servers, but not laptops.
As to "from too niche a vendor", as long as the platform vendor teaches the GPU what the EK cert is, or makes a platform-like cert that the GPU can use to authenticate the TPM, then it's good enough.
Anyways I suspect that MSFT and others don't mind an incrementalist approach. You have a system that can do it their way? Great, it will. You have a system that cannot do it their way? Fine, they'll do weak software DRM for now. There's probably no other way to to get to their dream DRM everywhere state.
It is quite obvious: to force people to buy a new PC. TPM provides no added security value for the vast majority of users[1] but it is a convenient hardware that has only started to become standard (fTPM) in PCs built in the last ~8 years so it provides an excuse for Microsoft to declare computers older than that (which can run Windows 10) obsolete using "security" as an easy scapegoat.
[1]: https://gist.github.com/osy/45e612345376a65c56d0678834535166
Yes it does. The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.
The vast majority of users aren't going to have the case opened and a special-purpose PCIe device installed to steal keys over DMA.
The vast majority of users aren't going to have a dTPM vulnerable to SPI sniffing as modern and not-so-modern processors have fTPM.
This is to provide some baseline level of protection of the user's data against theft and loss.
Are there attacks against TPM? Yep. In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.
If you're a CEO, well sure, you're going to want to do something better (TPM + PIN). I acknowledge that Windows 11 Home users don't have this specific option.
Everyone needs to level set on the type of attacks that are practical vs. involved and who the targets of those attacks are.
FDE (w/ TPM) is part of defense-in-depth. Even if imperfect, it's another layer of protection.
That's kind of the point. The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.
Meanwhile there have been plenty of TPM vulnerabilities that don't require anything so esoteric and can often be attacked purely from software, so if a normal user was facing even so much as someone willing to watch some security conference talks, they're going to lose regardless. If the TPM doesn't make them more vulnerable to that, because it contains the secrets and is susceptible to attack, vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM, which can then rate limit attempts without being susceptible to physical access attacks and be revoked if the device is stolen.
Moreover, the more common threat to normal users is data loss, in which case you only want your laptop to be secure against your unsophisticated nephew and not the tech you want to recover your data after you forget your password.
> In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.
The current recommendation seems to be against SMS 2FA because the security of SMS really is that bad, so if you need 2FA, use an authenticator app or similar.
> FDE (w/ TPM) is part of defense-in-depth.
Any snake oil can be painted as defense-in-depth.
If you happen to have a Pro variant of Ryzen (there may be some Intel variants as well) then you can enable RAM encryption. The RAM will be encrypted with an ephemeral AES key on boot.
It just means that when something goes wrong, such as a forgotten password or a botched update, their data that would have otherwise been recoverable is now lost forever.
I'm not sure I know anyone who's had a computer stolen, but I know lots of people who have lost data.
Edit: I do know one person who had a computer stolen. It was a work laptop while they were in SF, and I'll concede that FDE probably does make more sense on a work-related computer. I was only arguing that it's more of a hindrance on personal devices that mostly stay in the owners home.
Because TPM sniffers are now at a material cost of about $15 and can be acquired for a price at under $200, more than a TPM is needed for data encryption, especially for users like a CEO. This is why a firm I used to work for encrypted the key that could unlock user data with both TPM plus Yubikey.
The passkey protocol (i.e. webauthn) has an "attestation object" field which organizations like Microsoft can use to pass extra details about the authenticated users to the authenticating service. Which details will likely depend on that service's relationship with Microsoft. Unlike most channels between these parties, it's expected to be secured via TPM thereby excluding others (e.g. the user, or any pesky researchers) from the conversation.
It's pretty obvious from the recent design choices re: Windows that Microsoft is keen on monetizing user data--and who, in that business, wouldn't like a way to do it exclusively? i.e. to control a channel which neither the user nor your competitors can tamper with.
So they'd be incentivized to make you buy new hardware because new hardware allows them to bind your advertiser id to actual identity much more closely than is possible without that hardware (e.g. via cookies and IP addresses). The sale of details about your actual identity to organizations who only know you by your advertiser id is big business. The TPM helps them protect that business against competitors who don't have such low-level control over your device (Google, Meta, etc).
It's in their best interests to have everyone using the "latest and greatest" for those features that weren't present (at least to the same extent) in prior versions.
Anyways Microsoft was clearly very irritated when everyone wanted to stick with Windows 7, perceiving that Windows 8 was worse in every way, and that Windows 10 wasn't a significant enough upgrade to justify the effort especially considering all the added telemetry they added to the product.
It's very reasonable, given this, that they would seek to force the upgrade cycle to occur where it clearly otherwise might not.
They're also buying new hardware which benefits the PC maker. It's a mutually beneficial relationship that forces the user to both buy the software again, and buy new hardware. (You do pay for Windows when you buy a PC, it's a cost the manufacturer absorbs. You can often receive a discount when you order a new PC by not including Windows with it.)
- Hardware guys make cool new hardware that incentivizes PC sales.
- Windows guys add driver and OS support in a timely manner so apps can utilize it easily.
And sometimes the other way around:
- Windows guys add some cool new feature that incentivizes PC sales.
- Hardware guys drive down component costs to compensate for the OS getting bigger and slower.
The problem for the PC industry is that in the last ~15 years or so this virtuous circle has broken down. Outside of Apple the hardware guys stopped coming up with cool new features that would shift units outside of gaming GPU upgrades, and gaming has anyway been dominated by consoles for a long time exactly because they have hardware DRM that works so game developers prefer it (also gamers when they want multiplayer without wallhackers). Intel struggled and AMD didn't really pick up the slack in any major way. Even Apple has struggled here - other than their proprietary CPU designs and rolling back some Ive-isms by adding more ports again, a modern MacBook isn't substantially different than the models they were selling years ago.
So that leaves the software guys to drive sales. Unfortunately for the PC OEMs Microsoft has well and truly run out of steam here. Their best people all left the Windows team years ago, and Windows isn't even a top level division anymore, being weirdly split between the Office and Azure teams.
A big part of the stagnation is driven by the web. Nobody writes Windows apps anymore except games, so there's no progress to be had by adding new Windows APIs outside of DirectX. Meanwhile the web guys are shooting the PC industry in the face with a policy of never adding features unless it's supported on every piece of hardware from every vendor, more or less, which makes competitive differentiation impossible, so nobody even tries anymore. There is no web equivalent of a driver since the Netscape plugin API was killed. They also move incredibly slowly due to the desire to sandbox everything. In the 90s the success of Windows was driven by some wizard-level hackers but as PC hardware matured clever tricks stopped being an important differentiator, and monopoly profits made them fat and lazy. It's clear that Nadella has zero confidence in the Windows org(s) ability to execute, hence why in the post-Ballmer years the rest of Microsoft has systematically divorced itself from them.
So - no hardware innovation thanks to the web, no major CPU upgrades thanks to Intel/AMD, no software innovation thanks to Microsoft. The PC industry is stagnant and desperate. What have they got left? Well, they have TPMs (really, TPM v2 because TPM v1 was kinda botched). And Windows doesn't really need it, but if Microsoft ties Windows upgrades to TPMv2 they can use the treadmill of security/support expiring on Win10 to drive one last round of hardware replacements that can give the industry an injection of revenue that can then maybe be spent on finding new hardware features to drive upgrades, seeing as Microsoft can no longer do it.
There's nothing illegal in any of this - nobody is price setting and it's not much different to prior eras when new Windows versions required more RAM.
https://learn.microsoft.com/en-us/windows/security/hardware-...
That's my understanding at least.
https://learn.microsoft.com/en-us/windows/security/hardware-...
What makes it a TPM is the protocol it answers to. The TPM has a hardware RNG, and you can just ask it for some random numbers. That’s very simple. You can have it create encryption keys for you, since those are primarily just random numbers. You can ask it to _store_ a key for you, to be released to anyone who asks for it provided the TPM is in a certain state. What is this state? This is the really interesting part of the TPM.
The TPM has a number of registers that start off empty when the computer boots. At any point any program running on the computer can send a message to the TPM that asks it to incorporate an input into one of these registers. The input is a number, and the new value of the register is basically just the hash of the current value of the register and the new input.
If the BIOS/UEFI computes a hash of its own code plus the bootloader’s code and measures that into a register on the TPM then the bootloader could check the TPM to make sure that it hasn’t been tampered with before it boots. It’s easier though if the bootloader hashes the kernel (and the kernel command line) that it’s going to run and measures that into the same register. The kernel can then hash the initial ram disk and measure that in. At each step of the process we can measure the next important part of the OS and incorporate its value into the same register and at the very end we will have a number. If that number is the same every time we boot up the computer then we know that the computer and the software have not been tampered with. We can even send that number off over the network as part of a Remote Attestation protocol. You might have all the laptops you supply to your employees do this so that you can know that they haven’t been tampered with. Or all of your cloud instances could do this for the same reason. (Of course the exact number that the TPM ends up storing changes after every OS upgrade, and you need to have some way of knowing what numbers to expect, so this is a fair amount of work.) Remote Attestation is not really of any use to the average consumer, but reliably detecting a hacked OS would be.
Going back to encryption keys, you could store the encryption key for your home directory in the TPM, locked to a specific value of a specific register. You would then not be able to unlock your home directory if the computer has been tampered with. An attacker who boots off of a USB drive can’t possibly arrange for the same value to end up in the TPM, even assuming that they know what value is required. It will do them no good to take the encrypted disk out of the computer and put it in another one, because the key doesn’t go with it. Rubber hose cryptography isn’t useful either, even if there is also a password for your account. This should be quite valuable to many, if perhaps not all, users.
Because Microsoft have the Secure Boot code signing keys. And none of their users expect a "free software philosophy" that lets them use their own modified kernel, or DKMS to build new copies of kernel modules on demand - so you don't have to make users jump through any "machine owner key" hoops.
And a lot of your customers are big corporations who barely trust their own employees - and inexperienced users for whom forgotten passwords and suchlike are a big problem.
With the TPM, that corporation's shared PC at the reception desk can have an encrypted disk without all the receptionists needing to know the password, only their own passwords.
With the TPM you can remotely force a reboot to install updates, and the computer will fully boot afterwards - not get stuck at a disk encryption prompt. Ideal if your corporate work-from-home policy is for employees to remote desktop on a PC under their desk.
With the TPM, the PC can boot, unlock the disk and join wifi before any passwords have been entered - so a corporation's employees only need to remember their windows password, and if they forget it, helpdesk can reset it remotely. It's great for the user too, who doesn't lose their non-backed-up data.
With the TPM you can have a short, weak passcode to unlock your PC, without worrying about brute force attacks. That's great if you want a cell-phone-style experience - or if you find long passwords an inconvenience, rather than a badge of honour.
With the TPM a corporation can give a laptop to a service engineer, who'd really like to install some games to play when he's stuck in a hotel over night for a service call, and who has unsupervised physical access - secure in the knowledge it's very difficult for them to install unapproved software.
For a corporation that wants hardware-bound keys, the TPM is superior to things like Yubikeys, precisely because of its inflexibility. Why give people a second factor that keeps working when they move PCs and that's compatible with different platforms, if you never want them to move PCs or change platforms without going through you?
It just so happens that the majority of these only benefit large corporations and forgetful users, while most Linux users are quite happy remembering long unique disk encryption passwords thanks very much.
Which brings something up: how do you get back in if you suffer a traumatic brain injury or something like that? I feel like a lot of software assumes the operator can do things like remember unique passwords for a long time.
Sure, I can do that NOW, but will I still be able to in my seventies?
TPM also offers PIN or Password options. It is flexible.
That said, the root of all DRM is not the TPM or the GPU or whatever... it is hollywood.
Devices with dTPM were released in 2006. BitLocker leveraging dTPM released with Windows Vista. Corporations have been using BitLocker w/ TPM for nearly two decades at this point.
Apple has shown that the game console model can work for non-gaming software, and Microsoft wants in on that third-party app cheddar.
Suddenly, enforcing company security policies centrally without the client (laptop) being able to change then and still attest to connect to the corporate VPN, becomes a feature.
After all, it's not your computer, it's the company's.
I think inTune already uses the TPM for that kind of stuff, so "install this before we let you into outlook web, and also we'll check you're not a year behind with windows updates" is a thing.
Additionally, there are cheats using video capture cards, which cannot practically be prevented.
https://support-leagueoflegends.riotgames.com/hc/en-us/artic...
(e.g. display lists)
already some hacks doing this
To the average user, "Windows installs without error and hardware appears to work" = "Microsoft supports running Windows on this hardware", even if the hardware is EOL and requires drivers that haven't been updated since Windows Vista.
You can only guess, and badly at that.
Because we don't have it, that's why we get crap like kernel-level anti-cheat, various 'security' solutions made by companies of dubious reputation and technical ability, just because you refused to trust Microsoft.
And even if these companies are somehow not malicious, and can be trusted, they still often compromise the stability and security of the OS.
The amount of crap Riot's anti-cheat and Crowdstrike has caused is well documented.
It's the computer security equivalent of not trusting Big Pharma, and taking a random assortment of herbal medicine coming from god knows where, and containing god knows what.
See, I can make insulting comparisons too...
Movie studios wanted a way of securing the content between the time the AACS was decrypted and the HDCP encryption took over. Once the AACS was decrypted the encoded movie was sitting in main memory and could be intercepted by any other application.. The solution was to re-encrypt the data once it was pulled off the disc (I'm not kidding).. encryption would be done by the application.. The graphics driver would be able to pass along the encrypted data to the GPU, which would then decrypt and decode it in hardware and then the entire framebuffer would be HDCP encrypted by the GPU before sending it out over DVI/HDMI.> Lest one get the impression that hardware DRM fairs any better than software: Even 4K/HDR versions of streaming media start making the rounds on pirate sites within a day or two of release.
> As usual DRM fails to prevent piracy while hurting the experience of paying customers.
Most viewers are not computer-savvy, even if they spend every day in an office facing a computer screen. If 90% of audience would know or bother to go no farther than the legal distribution channels, and won't be able to plainly download the high-res media in one click, the DRM has worked.
It suffices to make pirating inconvenient enough for the uninitiated, and let the advanced and determined minority pirate away, of course always threatened and stigmatized, to keep the operations low-key. A small amount of pirates, imho, only improves the profits, because they brag about having just seen the new hot thing in all its glory, and thus induce FOMO in their audience.
Of course the legally-buying, technology-naive audience is inconvenienced. But they know no better, and the whole point of control is, well, making people submit to what they rather won't, isn't it?
If there was no DRM, ordinary viewers would still choose Netflix over torrents, and perhaps some more tech-savvy users would choose it as well (since many do want to support film makers, but are opposed to DRM). It would still be as hard to create a “pirate Netflix” as it is now, because of legal threats and because it’s tricky to monetize it.
DRM literally serves no purpose outside of some corporate politics bullshit.
One of which is to prevent mainstream media player manufacturers from making a hardware or software player which can skip region coding/studio tags/anti-piracy tags/trailers/random adverts. Or even from having a generic "skip 30s" feature.
You want to legitimately be able to play our stuff so you can sell millions of units of your player to unsophisticated consumers? Agree to these terms, and this fee schedule, or you don't get a key to play them. Fuck us over, and we'll revoke your key. Lol.