It's incredible how much effort and money has gone down this drain, chasing the fundamentally flawed idea of DRM. All to satisfy some inflated management egos and sell snake oil to the content industry - the enginners implementing these schemes must surely realize it's in vain, that the attack surface includes all devices in the world and all it takes is a single successful hack against a single device to decrypt the content after which it's game over.
And the consumer is paying for all of this security theater.
The really horrible truth is, DRM was probably never intended to prevent piracy. I used to think this - then you realise what DRM is actually intended to do. So long as we argue like this, we're not confronting the real motives.
There seem to be two arguments for DRM which could be considered logical from an executive's perspective (even if in my view unethical):
- Firstly, it delays the initial piracy of new releases. This is very variable and since new DRM systems aren't created as often as new films, this only seems to be successfully pulled off every now and then... but there have demonstrably been cases of it delaying piracy by a few weeks (hell, there's at least one video game which wasn't cracked for over a year). This probably feels valuable to executives who expect the bulk of returns on a film or video game to come immediately after release (especially if they have unrealistic expectations about correlations between piracy and lost sales).
- Secondly, and more significantly, it ensures that media companies can control how content is consumed, and control the devices available to consume content. If you want to make a Blu-ray player, you have to sign contracts, and those contracts can tell you what functionality to add and what not to add. "Unauthorized" players, circumvention technology will always exist for the fringes, but that's too minor to care about. What it does mean - in tandem with the anticircumvention technology ban legislation, 17 USC 1202 - is that you can't walk into a retail chain store and buy a Blu-ray player that'll happily make copies, or so on. Most likely this is what these companies really care about - ensuring they have a say on what Homer Simpson has to choose from in Best Buy.
To be clear, I unequivocally oppose DRM; but I suspect the above points are a closer approximation of the motives of the media industry in pushing it.
Moreover, DRM enables content industry to control where content can be played, known as geoblocking. For example, I live in North Europe, and the titles that are available in 'official', DRM-controlled sources, such as Netflix, are noticeably different than in North America. Maybe Netflix only has distribution rights for some title in the US market, so when I try to look it up the search comes back empty.
What DRM allows Netflix is to still sell one and the same subscription globally. The content you can view is not tied to your account's registered post address or such, but which physical region of the Internet you are actually accessing the service from currently. When we were visiting the US, my spouse was able to play titles with her Netflix subscription that are not available at home, because she was connecting to the US DRM servers from the WiFi of our Airbnb in California.
For our flight home, she put her phone in flight mode and was able to watch cached titles during the flight. But as soon as she turned on her data in Europe, the titles magically disappeared in thin air, as the EU DRM server realized the geoblocking violation and revoked her license to those titles.
Geoblocking is entirely different from DRM. The former is a simple transaction of "Show me your IP" -> "You can't have this". DRM is a far more complicated thing that needs cooperation from all levels of the stack to enable, "Your computer can see this, but you, the user, can't".
Yes, but combining DRM and geoblocking allows the content distributor to retroactively revoke access to content when you change the geoblocking region, such as traveling to another continent. Even content that you have downloaded to an offline cache can be rendered unavailable. From the distributor's point of view combining the two offers an enhanced form of geoblocking that transcends time.
Regardless of how effective DRM is, don't forget it was an absolute requirement that Apple had to agree to implement in order to get the iTunes Store open, that Netflix et al had to follow in order to get up and running with agreement from the studios.
DRM enabled a huge number of online businesses by providing content makers with the minimal assurances that they needed that those channels wouldn't be a simple, easy way for their content to be pirated.
The irony, of course, is that both of them (and Amazon as well) are simple, easy ways for content to be pirated. Pirates have broken the DRM of all three sufficiently that the original bitstream from each source can be muxed into a mkv and shared - it doesn't even need to be reencoded.
No one ever accused the MBA toting managers of being tech savvy .. or smart, for that matter. /s
Sarcasm aside, in my experience, most managers do not understand technology even at a high level. Even the ones who come from a tech background often don’t bother to keep up. The typical mentality being, “I don’t know and I don’t want to know. Get someone from <insert tech department name here> to handle it.” When the <insert tech department name here> does come up with a solution, it is usually shot down if there is even the slightest hint of risk involved. And there usually is — any disruptive change — as all invocations tend to be — inherently carry a certain amount of risk. Even Steve Jobs was unable to convince the record labels to allow them to sell DRM free music via iTines until Apple had grown too big for them to go against — at least as far as music business was concerned.
Basically, the only things the so called managers are good at are passing around the blame and covering their asses. Way too many companies have been destroyed or are a shell of their former glory - having missed major opportunities because the management was not willing to deal with the risks associated with innovation — because they were content to milk their cash cow till it was dead — while laughing at deficiencies of the more innovative competitors’ version 1.0 products.
The real managers — the people who know what they are doing — go on to found successful tech companies.
To me, Netflix is evidence that there's no point to DRM. I still can torrent any content I want, but I almost never do. But if it's on Netflix or anything else I subscribe to, I won't bother.
I suspect Netflix's DRM is purely about pacifying video industry executives, and that it makes approximately no difference to the bottom line of anybody except the people hyping their proprietary DRM solutions.
> there's no point to DRM. I still can torrent any content I want
DRM appears to be useless because you are incorrectly assuming DRM's purpose is to stop or reduce piracy. DRM is and always has been about controlling the playback platform.
Media companies like DRM so the can force anyone making a player to not implement features they don't like. Their ability to control how media is used was severely limited when the Betamax case[1] (1984) established that using a home video tape recorder to time shift was is fair use. Unable to legally control how media is used, media companies hade regularly attempted to establish and require a DRM scheme they could use to technologically control use.
The proper response is to tell the media companies their right to control a copyright protected work ends at the first sale[2].
>"DRM appears to be useless because you are incorrectly assuming DRM's purpose is to stop or reduce piracy. DRM is and always has been about controlling the playback platform."
I'm no fan of DRM or the idiots in Hollywood but isn't "controlling the playback" a means to control piracy? Why must they be mutually exclusive?
>"Media companies like DRM so the can force anyone making a player to not implement features they don't like."
I'm curious is there any evidence of this? How would the Hollywood studios even be aware of all of the new hardware devices?
> isn't "controlling the playback" a means to control piracy?
No, it's about controlling the channels of publication so they can maintain their position as a gatekeeper.
> I'm curious is there any evidence of this?
See the SCOTUS case at my previous [1]. Universal Studios sued Sony over their new "Betamax" video tape recorders, arguing they were liable under the Lanham Act because their device could record video, which could be copyright infringement.
For more recent examples, see the requirements in DVD/BD licensing that force playback of ads and allow disks to disable various features (like fast-forward or track-skip during an ad).
Sorry, but I'm not seeing the relevance of this to a streaming world. In what fashion do you believe they are controlling playback on Netflix, Amazon Prime, HBO, Starz, or any of the other streaming apps?
Controlling playback allows the industry to insure that new works are industry-sanctioned and appropriately taxed by the incumbents. DRM allows the middle-men to continue being in the middle in the face of the democratization of production and distribution that technology has created.
>"Controlling playback allows the industry to insure that new works are industry-sanctioned and appropriately taxed by the incumbents"
What industry are you referring to here - the tech sector, the entertainment industry? This is rather vague. Also which tax are you referring to? Who are the "incumbents"?
> To me, Netflix is evidence that there's no point to DRM. I still can torrent any content I want, but I almost never do.
To me, it is rather the other way round: As Netflix offers no DRM-free version, I will never subscribe. So in other words: by insisting on DRM, the movie industry openly states that they don't want any money from people who don't want DRM.
But if you "reverse" this sentence "in a hacker way", this means that they are not losing any money, if DRM-haters pirate (because they just stated that they don't want the DRM-haters' money).
Thus, in my opinion is quite a pro-pirating slogan coming from the mouth of Hollywood.
I might just not have to imagination, but a DRM free Netflix wouldn't seem to work -- you pay a low monthly fee for temporary access to a huge library. What would you prefer?
> I might just not have to imagination, but a DRM free Netflix wouldn't seem to work -- you pay a low monthly fee for temporary access to a huge library. What would you prefer?
I do not get your point. Perhaps I misunderstand it, because English is not my mother tongue.
I do not see a problem. First: If I really download a lot, I will soon get out of disk space (even if I own a NAS). Second: Netflix adds new movies/series all the time to its library. So there is an incentive to stay a subscriber.
Storage is cheap. You can store 500 hours of video in a TB. And four TB is less than one year of Netflix, but gives you enough storage to download enough video to last a few years.
I'd pay for one month of Netflix every two years instead of monthly, without question.
At that point why even bother with netflix? Downloading the streams and watching them without a subscription is still copyright infringement. Illegal streaming sites have existed for decades already.
The primary benefit of DRM free netflix is to watch higher resolution videos on any browser that isn't Edge. [1]
> I'd pay for one month of Netflix every two years instead of monthly, without question.
I can imagine that in this case Netflix would just have to change the price model somewhat: Make the first month much more expensive than the following ones to give a disincentive for canceling the subscription. At least this pricing model is applied by many software companies who love to sell subscriptions for their software.
But, that would I imagine be terrible for Netflix -- their cheap monthly price encourages people to sign up on a whim. I suspect very few people would sign up if the first month had been much more expensive.
They could keep the cheap monthly price for first-time subscribers, and just make it so that if you cancel and want to sign back up later you're charged for all the months in between.
I'm sure Netflix would have seen explosive growth if it required 1 year, $100+ contracts, and that's assuming content producers would have been okay with it (they wouldn't have).
Sure they could have used a different business model, but had they, we wouldn't be talking about Netflix.
The point is content maynot be worth watching, but you don't know unless you paid for it. You can make space by just keeping the content that are worth watching more than once, which in my experience is a very small fraction of the amount of movies produced.
Yes, I completely agree. I not only can torrent stuff, I can do it very comfortably as I used to do it a lot and have created a pipeline that will download it complete with subs in English and Czech, correctly name and categorize and make it available to my network so I can play it directly on my TV - all just by clicking on a magnet link. And yet since Netflix is available, I don't, Netflix is even more comfortable, and I want to support their original work.
How so? Can you not find Netflix shows on piracy sites?
If you mean "Netflix has been successful in getting people to pirate less" that has nothing to do with the DRM, but with the fact that Netflix is a cheap and convenient enough service to stop many people from wanting to watch pirated content.
It's also incredible how much effort and money has gone into producing and debating and selecting open source licenses that have just the right restrictions on how everyone else can use code. I think there are some parallels with that and DRM.
This is fine rhetoric, but you clearly have no idea the sales volumes and number of players involved in some markets. It is far more money than say, writing the ssh protocol handler or whatever you might think is cool. Sorry, it is that harsh.
> the enginners implementing these schemes must surely realize it's in vain
I wonder, if it is so "in vain", why have so many folks been so spooked by it (e.g. Stallman, Doctorow)? Are they worried about the needless increased cost to consumers, or maybe they think it might actually work well enough? If you are really against DRM, I don't get how saying DRM "will never work" will help avoid it.
I worked at TI on OMAP MShield, TrustZone stuff (iirc we were the first (w/ Galaxy Nexus) to have good-enough DRM to be the first to have Netflix HD) and later at Trustonic which is the OS (and more) vendor of AMD PSP and many ARM-based devices.
Everyone* knew that some use-cases of DRM meant a single successful hack meant the content being leaked. It is mostly the low-level designers (CPU arch, physical die, OS/firmware etc) to be responsible for making it more difficult/expensive. Some use-cases will be necessarily be concerned with simpler attacks e.g. recording a few key pages of a secure/DRMed PDF with a hidden camera (and thus more complex protections like a Central Licensing, watermarking server becoming involved). There are some use-cases of DRM where leaks are not a big issue (e.g. a more dynamic content which involves occasionally communicating with peers/servers).
[*] This is probably not true. That basic case is easy enough to see, but I've personally seen other schemes where customers leave out key steps or end up trusting something that shouldn't be trusted.
@hlandau makes good points, I think.
I've always been on the fence regarding DRM. I think property rights seem like a decent idea so why not extend that to the digital realm? Do we not want digital scarce goods, collectibles? Is a technical enforcement of property rights superior to meat-space? I see many cool uses for DRM, trusted computing (and in the end I think it would transfer power from publishers, platforms, manufacturers to creators and owners). It's interesting (and makes sense) to see how blockchain people are generally in favor of trusted computing (though for many it seems to be too much of a "silver bullet"); iirc bitcoin wallets were some of our first customers after video DRM.
I've talked with many folks over the years (including EFF people) and I've still not gotten a sense of why the theory of DRM is bad (I would agree that most implementations have been horrible), other than it starting a snowball towards a cyberpunk dystopia future, maybe. I 100% agree that "you own the device, you should be able to control it". That means I support the right to tinker, am against DMCA, and think owners of devices should be able to run whatever software they prefer and be able to wipe, disable, replace whatever they want (e.g. root of trust). While I worked at Trustonic, I pestered the CEO many times (and rallied co-workers to do the same) to open source the OS. In the end there was (allegedly) not a good enough business reason to do so (and of course open source competitors began to pop up: trusty, tlk, OP-TEE, etc).
>I think property rights seem like a decent idea so why not extend that to the digital realm? Do we not want digital scarce goods, collectibles?
What does digital scarcity even mean ? You are just transferring the scarcity from the origin, i.e., the creator's resources, to the final output, which is not scarce at all in reality. We have accepted a model where the cost of the investment is recuperated after the fact. Hence, we need the artificial scarcity once the output is produced. If you change it to a patron model where something is only produced if it is funded, you don't need to make it artificially scarce. That is not very profitable of course.
In a world of trusted computing, it might mean some amazing HD+++ digital image being one-of-a-kind (and having some attestation/proof of origin, authorship, etc), even if there are lower res/quality versions out there for cheaper/free. It also might mean other granularities to accessing the data like functional permissions (e.g. for this version of the encrypted, wrapped data, the computer is only allowed to apply function X (265a1b..), or function Y (f00fe7..) is blacklisted, or the computer is allowed to view once or infinitely, etc). That might sound like shit to many, but certainly not to all.
That is still artificially scarce. It is not scarce in the sense a painting is scarce because the artist only made one. And even the artist cannot make an exact copy even if he/she wishes to. Anything digital is indistinguishable from its copies, at least as far as enjoying it is concerned. There may be some limited value of bragging rights in getting the first edition, or a signed edition, of something digital, which you can verify using elaborate signature schemes, but that's where the novelty ends.
I guess it's just semantics then, tomato tomato. One could theoretically make a digital painting with a DRM-enabled stack and could be left with only one (more likely to see DRM-enabled stacks coming to video/picture cameras, though). It's up for debate whether meat-space scarcity is more ... "authentic"? (higher effort to duplicate?) thanks to physics than something digital (e.g. DRM systems that might be more easily broken).
> Are they worried about the needless increased cost to consumers, or maybe they think it might actually work well enough?
Obviously the former. They are both focused on ethical issues related to computing, which DRM has many implications for despite it's complete inability to achieve its stated goals.
> If you are really against DRM, I don't get how saying DRM "will never work" will help avoid it.
The idea is that if the companies pushing DRM realize that they are spending a ton of money pushing something that is useless, they will stop. Personally I don't think this is a viable strategy simply because it requires a level of rational thought from large companies that they clearly are incapable of acting on.
1. You agree with "you own the device, you should be able to control it"
2. You agree with "I think property rights seem like a decent idea so why not extend that to the digital realm"
thus, if you own the device and the physical property rights with it, and you want to extend the property rights into the digital realm, you should also own the software on the device. Isn't that the logical conclusion?
Should I (or do I?) own the firmware, OS, applications, etc? Maybe, maybe not. Certainly if I own a device, I should have the capability to use the device to its fullest with my own owned software (i.e. no gimping of hardware/firmware allowed depending on what is booting) i.e. I do not really own my iPhone. The DRM/trusted computing ecosystem might then be (realistically) opt-out via taking an alternative fork (running alternative software) of the web/tree/chain of trust. There need not be only one DRM/trusted computing fork, all-or-nothing choice, though.
There are plenty of morally legitimate use cases for trustable computing, and not that much for trusted computing, aside of the fact that technology behind those two are often the same or similar. There's nothing wrong with Secure Boot in how it works, it just becomes bad when you keep the user from putting their key there.
That's not the issue. You can already disable pretty much all of the ME's functions post-boot with HAP and me_cleaner. But for people who take an interest in fully-open source firmware (coreboot, libreboot), it would be nice to be able to replace the ME firmware with something open source. But this is impossible because the hardware will only run Intel-signed blobs. By "owner control", I mean the freedom to run whatever you like on the ME. It's likely that Intel is not only unwilling, but contractually precluded from letting people do so, for the reasons I gave. Hence the claim that Intel will never let people control what runs on the ME.
Unless they have forgotten the last 2 decades, Intel only has to not let you have access to specific keys that are only available to a securely booted Intel ME.
Trying to prevent you from running something else is pointless posturing for that purpose as it is only useful to decoding DRM if you already have some means to compromise Intel MEs and extract key information.
Not allowing anyone to build an alternate system with ME's capabilities is not pointless posturing when it comes to getting the NSA to bless your export of higher performance chips than the US wants many states to have.
To put it a different way, they want Hollywood to have strong low layer encryption on your computer but they don't want you to have it, especially if you might be outside the US.
The reasoning presented by this article is very "conspiracy-style". The arguments revolve around GPUs which are a more natural fit for DRM mechanisms: they display the image, and are more apt at decoding/encoding that protected stream than the CPU.
But using ME for DRM in the near future is highly unlikely since it would just be a boon for ARM based systems. With CPUs that can be designed and sold at far lower cost (and performance) by manufacturers that are willing to forego such lunacies as DRM embedded in x86 CPUs and get a foothold in the market. And x86 already feels past its prime given that many usage scenarios already migrated to ARM devices.
At some point the CPU, GPU, and a hypothetical VPU might share the same die in a heterogeneous chip, and this might include such DRM protection for the reasons GPUs have them now. But the x86 CPU part having built-in DRM? I'm not buying it without someone making a better case than this article.
The ME is just Intel's pi*s-poor attempt at securing the system. But it's mostly security through obscurity so basically almost none at all. The more "conspiracy" version is that it serves specifically as a back door for certain agency type actors. Which is not unlikely.
But the more obvious reason is that at this point opening it up is no longer an option. It would mean opening the door widely to an avalanche of exploits capable of hitting systems 12 years back. Something that would make Meltdown/Spectre look tame since there is no OS fix for ME. Also, in Intel's vision letting you control the ME is like giving you the keys to the kingdom. They can't admit to themselves that the ME is not a locked gate, it's a moat. And if you're willing to get dirty you will get through it.
The important fact being that it only applied to the Intel iGPU. You also had the option to disable that and the HW decoding with the iGPU was also disabled.
The successor is called Intel Insider and it's still aimed at the GPU. Basically it's there to make sure the stream goes to the GPU (which has DRM) to be decrypted not to the CPU. That's because nobody was "courageous" enough until now to put the DRM label on a CPU.
My takeaway was that the industry attitude towards DRM in CPUs and GPUs has been the same “lock it down and obscure it”, and the reference to GPU contractual obligations was considered relevant based on the assumption that industry agreements for both CPU lockdown and GPU lockdown would be similar. It’s clear Intel is motivated to provide user lockouts on its critical regions, so it stands to reason they may have a contract similar to the known GPU contracts.
I didn’t find it very conspiracy style. It seemed to me a well thought out and rational article. It reminded me of how Facebook can never truly “protect user data” because they build a business reliant on collecting and distributing user data.
There should be a market for business desktops which don't have the ME, and don't have the keys for decrypting paid video content. You don't need your employees watching movies on their work machine, and the security is better.
Only in the sense that the Atlantic Ocean has "somewhat less water" than the Pacific. :-) Over $4K for a "desktop development system". That's not personal computing. That's small scale enterprise computing, which is too small a market to make a dent in Intel and AMD. Their prices need to come down by an order of magnitude to make this technology a significant player.
Huh? It's under $2k for a daily drivable config. $1600 if you are willing to do a 2.1 rev chip without HW speculative execution mitigations and some other errata.
With a "starter CPU" that doesn't support virtualization, so realistically you're paying another $375 for a CPU upgrade. Still quite a bit closer to a useful price point, though. Thanks for the link!
You state this as if I didn't so I'm confused by that :S. Regardless it is possible to do a full build for under $2k, especially if you have any resuable parts like case/psu/nvme.
You mentioned the base CPU not having HW speculative execution mitigations (which I also would consider worth a CPU upgrade to get), but not having virtualization is a much bigger limitation, in my view, and you didn't mention that, so I did.
I think there is a huge architectural philosophy divide here. Some think ME has it's place if done right,but surely many would agree with me when saying all of ME's functionality should be implemented by the OS. ring -1 should not exist. Period.
> many would agree with me when saying all of ME's functionality should be implemented by the OS.
ME's use case is to be able to manage the machine when there is no OS installed, is unbootable or unresponsive. So somebody doesn't have to physically visit a datacenter and find the machine in a rack.
There's no technical reason I can think of that Intel couldn't separate the "initialize" and "management" functions of ME.
If an OS is installed, it has rights to write into the "management" storage area, remove everything there, or install alternative functionality.
If no OS is installed, and remote features like power-off-network-login need to work, have the NIC jump straight into the storage area and start executing. If there's nothing there / corrupt data because the OS / user screwed it up... well, that's their fault.
There's no non-DRM case for precluding users from being able to overwrite the ME of their own hardware.
To build on this, we distrusted the actual servers in the rack for the following:
1. Out of band devices to administer boot fail incidents, serially controlled
2. PDU (Power distribution Unit). Supplied with 2 different power sources. Provides dual power per server on rack. Controlled by ethernet.
3. Firewall rules that prevent the managed crap (iLO and the like) from working.
The only recent issue my previous job had, was in a junior sysad installed apache tomcat with default creds. Can't really fix user error - but the above rules at least stop malicious intent from manufacturers. Mostly.
So, the definition of a feature only required for a single application (playback), and unwanted by consumers at that. This clearly did not belong in any general-purpose processor (if it should have been built at all).
You know, if movie and recording studios want this so badly, let them put up the billions it should require for them to produce their own coprocessor.
The question I always have about this is, why has nobody tried to make the case that this is illegal? ESR has suggested that the selling of routers with closed-source firmware ought to be regarded as the tort of conversion; this is a similar but stronger case.
Maybe because not enough engineers have lawyer friends that understand technology well enough to listen to us complain about all this dumb shit we have to deal with. We all need to make more lawyer friends.
That's not anything different from the described HAP bit and removal of unneeded modules. You still have 10% of the ME left and required to boot, on top of the BSP, which is also 'secret'.
Well, according to the linked post to Phoronix, the POWER9 architecture is not produced for OEM PC market requirements so it doesn't have do oblige Hollywood non-negotiable DRM requirements.
Did I understood right? Until now I thought the only option was using pre 2008 Intel (and same era AMD?) CPUs or some Atom models...
Intel also benefits from ME in many many ways, I'm sure. Like obviously it is a massive value add to their Enterprise customers.
However, I think the argument in the article still holds water, not because Blu-ray matters, but because nobody had any idea it wouldn't. CPU and GPU manufacturers probably have extremely long contracts to implement and obscure DRM features, fueled in part by Hollywood's sore feelings from the DVD Jon days.
Of course Netflix and Hulu and so forth happened and whoops, laptops got thin and stopped having optical drives and oops, Samsung added streaming services to their TVs... And now Bluray and it's assinine security schemes hardly matter. Hollywood didn't adapt well to this new streaming world so I'll bet they didn't see it coming either.
Of course the threats not over. Next generation we'll probably see even more insane copyright protection coming out of Hollywood for the sake of protecting services like Netflix as a contractual obligation if they want to carry the hot new garbage. I'm particularly excited to see what happens with stuff like Intel SGX.
This will probably continue for the next couple decades until a set of realizations finally become too apparent to ignore. After all, the pirates torrenting the latest Game of Thrones don't need Intel SGX or HDCP. They just click play.
But the more delusional and out of touch the industry is, the longer it takes. Video game DRM may not be a solved problem but even the absolute worst protection available today is so much less hostile than what we were dealing with a decade ago that it hardly matters. Hell, nowadays with PC games, anticheat is the more invasive technology. Modern invasive DRM mostly just phones home to get some crypto keys and to try to limit a single license from being spread to the entire internet. It may seem anticonsumer, but it's the worst there is, and it's very telling that gamers seem more concerned about tracking technology than middleware like Denuvo.
Don't assume that hardware-level DRM will go away with the death of optical media. As I understand it, the media industry seems to have adopted a standard position that UHD/4K content should require hardware-level DRM. UHD Blu-rays require this sort of thing, but also UHD streams on Netflix; for this reason at least at one point UHD Netflix was restricted to Chromebooks only. Not sure if this is still the case; I'd expect Google's Widevine to get Intel DRM support if it hasn't got it already.
You might want to look at Widevine's website; there's a small amount of information on the security levels. Essentially, there seem to be two levels of Widevine; what I'd describe as the placebo level (just obfuscated data processing within the browser, etc.) that might be used for e.g. HD Netflix, and the toxic-waste level which expects hardware-level DRM, which industry appears to be demanding as a minimum standard for UHD content. Consumer demand for UHD Netflix will continue to drive adoption of hardware-level DRM for the time being, it seems.
"The" reason the ME was added was enterprise remote management, as far as I'm aware. Of course, once you have a non-owner-controlled microprocessor on the system, you can use it to implement a lot of other value-add functionality that depends on not being owner-controlled.
The article discusses the DRM aspect of it because this is one thing which would make it particularly legally difficult to allow owner control of the ME, since there are likely to be contractual obligations regarding keeping that secure.
AFAIK, Intel isn't offering the anti-theft service anymore.
And who's watching that on a PC often enough that a market alternative doesn't even exist? Not to mention, a significant number of laptops are still sold with 1080 screens.
It's not about PCs. The same principle applies to embedded devices and smart TVs, where there are equivalents from other manufacturers. And 4K is not pertinent to this in any way. It just happens to be so right now.
One technology breakthrough for ARM over x86(which has little room left for improvement at this point), could be a watershed moment for the chip manufacturers
This stuff doesn't exist because of a particular vendor or ISA; it's a mainstream feature for modern application platforms. Many ARM systems achieve similar ends through a kind of hypervisor / shadow OS that can't readily be disabled by the device owner [1].
Unfortunately, enabling this stuff seems to be the deal with the devil you have to do in order to become a mainstream platform. I highly doubt that ARM will supplant x86 without also offering something that is functionally equivalent to ME.
So the article is portraying 4k blu-ray as the raison d'être for Intel ME on consumer devices, but isn't for example Netflix HD which uses HDCP 2.2 somehow also tied to a trusted execution environment within Intel CPUs, or is this method of protection only via the display and the graphics chip (sometimes also by Intel; on the motherboard)?
The ME-based DRM provided by Intel isn't inherently limited to securing UHD Blu-rays, and you can expect Google's Widevine, as used by Netflix, to consume this functionality as well.
My understanding is that the industry has decided that UHD/4K content should require hardware-level DRM, no matter whether on disc or streamed, and that Netflix UHD requires a system with this functionality.
The thing we need now is a version of the GDPR for hardware and software. A law that says that non-essential features mustn't be inseparably bundled with essential system features so the user can disable them without killing the system. Just like the GDPR did for essential data and marketing data. Is this so far-fetched?
It'd be damn tricky to implement, probably impossibly so. I can think of a few reasons:
- Modern lithography just isn't that precise to my understanding. The whole point of binning chips is that you aim for an entire wafer of Core i9s, but you accept that some flaws will occur and will require disabling features of the chip. Are the disabled features "non-essential"? Certainly seems like they are if they can be disabled.
- From a marketing perspective, you'd need to help customers decipher dozens of different models of the same chip. For n features, you'd need (2^n)-1 chips, right? So Model A would support everything; Model B would support everything except virtualization; Model C eould support everything except HDCP; and so on.
- And as a customer, does that mean I need to spend $500 and replace my CPU everytime I realize I need a new feature? How would that work for laptops, where chips are frequently soldered to the motherboard?
I'm sympathetic to the idea of requiring transparency in general, but unfortunately hardware is a helluva lot trickier than software.
You can disable most of that stuff from the bios/efi, so you already can effectively opt out of those features. This would be enough for a harware-gdpr thingy I think...
That's true -- I guess I hadn't been thinking of it from that perspective. There'd still be the problem of asking consumers to "opt out/in" of these features, of course. It's hard enough asking consumers to make informed decisions when it comes to "can we use your photos/track you online" -- now you'd be asking "do you want to run virtual machines/access encrypted content/etc.".
But I guess I'd appreciate the ability to turn more stuff on/off in the BIOS -- makes me think of the whole "dark silicon" notion (if I don't use my laptop for Netflix, can I disable the streaming encryption stuff to save battery life?).
It would be nice if this kind of thing could be used to stop cheating in games providing a secure channel of communication between server --> cpu --> gpu, but that likely won't work considering it's not working very well to stop media from being pirated in it's current application.
There are a few DRMs that offer using it but none of them are in use mostly because of market share issues.
SGX isn’t available on the majority of consumer CPUs because it’s a fairly new extension and it’s Intel exclusive.
I know of a few enterprise products that use it for their “soft-dongle” licensing if you don’t want to plug in a license dongle in your server, yes it’s 2018 and we still have license dongles like it’s 1988, ESRI I’m looking at you.
Not sure I buy the part about DRM and market suicide. Who uses optical discs any longer? I don’t know anyone, though several have old collections from a decade ago gathering dust.
Also first I’ve heard that a new blu ray even exists.
Yeah, it doesn't make sense, especially for enterprise CPUs. Which server manufacturer/large datacenter operator cares about DRM? And conversely, wouldn't they rather not have another attack vector? So there must be legitimate enterprise use-cases for ME/PSP, or something else is going on.
I would point out that physical discs remain the only way to own media you buy. Even though Blu-rays are DRM'd, the fact that they can't change the encryption on the fly means they're all inevitably broken. I can buy Blu-rays, and know that their DRM's circumventability can't be taken away, unlike the video you stream from the cloud.
Still have and occasionally purchase CDs for ripping, but never cared to own video that I might watch once every five years. Also the churn in formats makes it a losing prop anyway. Regret my video disc purchases of the last decade or two.
The use of hardware-level DRM like this appears to be something being pushed with the move to UHD (4K) and higher resolutions, for both discs and streamed content. This seems to be an industry-wide policy that's been adopted; AFAIK, Netflix's UHD streaming is gated on hardware-level DRM being available.
Lame, but whatever, I'll go love in the world of content creators that aren't prescribing to this shit. Probably will save myself from being mindcontroled.
It's incredible how much effort and money has gone down this drain, chasing the fundamentally flawed idea of DRM. All to satisfy some inflated management egos and sell snake oil to the content industry - the enginners implementing these schemes must surely realize it's in vain, that the attack surface includes all devices in the world and all it takes is a single successful hack against a single device to decrypt the content after which it's game over.
And the consumer is paying for all of this security theater.
The really horrible truth is, DRM was probably never intended to prevent piracy. I used to think this - then you realise what DRM is actually intended to do. So long as we argue like this, we're not confronting the real motives.
There seem to be two arguments for DRM which could be considered logical from an executive's perspective (even if in my view unethical):
- Firstly, it delays the initial piracy of new releases. This is very variable and since new DRM systems aren't created as often as new films, this only seems to be successfully pulled off every now and then... but there have demonstrably been cases of it delaying piracy by a few weeks (hell, there's at least one video game which wasn't cracked for over a year). This probably feels valuable to executives who expect the bulk of returns on a film or video game to come immediately after release (especially if they have unrealistic expectations about correlations between piracy and lost sales).
- Secondly, and more significantly, it ensures that media companies can control how content is consumed, and control the devices available to consume content. If you want to make a Blu-ray player, you have to sign contracts, and those contracts can tell you what functionality to add and what not to add. "Unauthorized" players, circumvention technology will always exist for the fringes, but that's too minor to care about. What it does mean - in tandem with the anticircumvention technology ban legislation, 17 USC 1202 - is that you can't walk into a retail chain store and buy a Blu-ray player that'll happily make copies, or so on. Most likely this is what these companies really care about - ensuring they have a say on what Homer Simpson has to choose from in Best Buy.
To be clear, I unequivocally oppose DRM; but I suspect the above points are a closer approximation of the motives of the media industry in pushing it.
Moreover, DRM enables content industry to control where content can be played, known as geoblocking. For example, I live in North Europe, and the titles that are available in 'official', DRM-controlled sources, such as Netflix, are noticeably different than in North America. Maybe Netflix only has distribution rights for some title in the US market, so when I try to look it up the search comes back empty.
What DRM allows Netflix is to still sell one and the same subscription globally. The content you can view is not tied to your account's registered post address or such, but which physical region of the Internet you are actually accessing the service from currently. When we were visiting the US, my spouse was able to play titles with her Netflix subscription that are not available at home, because she was connecting to the US DRM servers from the WiFi of our Airbnb in California.
For our flight home, she put her phone in flight mode and was able to watch cached titles during the flight. But as soon as she turned on her data in Europe, the titles magically disappeared in thin air, as the EU DRM server realized the geoblocking violation and revoked her license to those titles.
Geoblocking is entirely different from DRM. The former is a simple transaction of "Show me your IP" -> "You can't have this". DRM is a far more complicated thing that needs cooperation from all levels of the stack to enable, "Your computer can see this, but you, the user, can't".
Yes, but combining DRM and geoblocking allows the content distributor to retroactively revoke access to content when you change the geoblocking region, such as traveling to another continent. Even content that you have downloaded to an offline cache can be rendered unavailable. From the distributor's point of view combining the two offers an enhanced form of geoblocking that transcends time.
Well, in some cases DRM allows you to geoblock stuff that couldn't be easily geoblocked otherwise.
Regardless of how effective DRM is, don't forget it was an absolute requirement that Apple had to agree to implement in order to get the iTunes Store open, that Netflix et al had to follow in order to get up and running with agreement from the studios.
DRM enabled a huge number of online businesses by providing content makers with the minimal assurances that they needed that those channels wouldn't be a simple, easy way for their content to be pirated.
The irony, of course, is that both of them (and Amazon as well) are simple, easy ways for content to be pirated. Pirates have broken the DRM of all three sufficiently that the original bitstream from each source can be muxed into a mkv and shared - it doesn't even need to be reencoded.
As Always, a Relevant XKCD about DHCP: https://xkcd.com/129/
(Free Culture, as Randall notes in the mouseover text, warned us about this over 10 years ago)
No one ever accused the MBA toting managers of being tech savvy .. or smart, for that matter. /s
Sarcasm aside, in my experience, most managers do not understand technology even at a high level. Even the ones who come from a tech background often don’t bother to keep up. The typical mentality being, “I don’t know and I don’t want to know. Get someone from <insert tech department name here> to handle it.” When the <insert tech department name here> does come up with a solution, it is usually shot down if there is even the slightest hint of risk involved. And there usually is — any disruptive change — as all invocations tend to be — inherently carry a certain amount of risk. Even Steve Jobs was unable to convince the record labels to allow them to sell DRM free music via iTines until Apple had grown too big for them to go against — at least as far as music business was concerned.
Basically, the only things the so called managers are good at are passing around the blame and covering their asses. Way too many companies have been destroyed or are a shell of their former glory - having missed major opportunities because the management was not willing to deal with the risks associated with innovation — because they were content to milk their cash cow till it was dead — while laughing at deficiencies of the more innovative competitors’ version 1.0 products.
The real managers — the people who know what they are doing — go on to found successful tech companies.
Inflated Management Egos -> IME
Was that intentional? :)
Well spotted!
It seems as though it has been working for them though, no? Isn’t Netflix and its DRM evidence of that?
To me, Netflix is evidence that there's no point to DRM. I still can torrent any content I want, but I almost never do. But if it's on Netflix or anything else I subscribe to, I won't bother.
I suspect Netflix's DRM is purely about pacifying video industry executives, and that it makes approximately no difference to the bottom line of anybody except the people hyping their proprietary DRM solutions.
> there's no point to DRM. I still can torrent any content I want
DRM appears to be useless because you are incorrectly assuming DRM's purpose is to stop or reduce piracy. DRM is and always has been about controlling the playback platform.
Media companies like DRM so the can force anyone making a player to not implement features they don't like. Their ability to control how media is used was severely limited when the Betamax case[1] (1984) established that using a home video tape recorder to time shift was is fair use. Unable to legally control how media is used, media companies hade regularly attempted to establish and require a DRM scheme they could use to technologically control use.
The proper response is to tell the media companies their right to control a copyright protected work ends at the first sale[2].
[1] https://en.wikipedia.org/wiki/Sony_Corp._of_America_v._Unive....
[2] https://en.wikipedia.org/wiki/First-sale_doctrine
>"DRM appears to be useless because you are incorrectly assuming DRM's purpose is to stop or reduce piracy. DRM is and always has been about controlling the playback platform."
I'm no fan of DRM or the idiots in Hollywood but isn't "controlling the playback" a means to control piracy? Why must they be mutually exclusive?
>"Media companies like DRM so the can force anyone making a player to not implement features they don't like."
I'm curious is there any evidence of this? How would the Hollywood studios even be aware of all of the new hardware devices?
> isn't "controlling the playback" a means to control piracy?
No, it's about controlling the channels of publication so they can maintain their position as a gatekeeper.
> I'm curious is there any evidence of this?
See the SCOTUS case at my previous [1]. Universal Studios sued Sony over their new "Betamax" video tape recorders, arguing they were liable under the Lanham Act because their device could record video, which could be copyright infringement.
For more recent examples, see the requirements in DVD/BD licensing that force playback of ads and allow disks to disable various features (like fast-forward or track-skip during an ad).
Sorry, but I'm not seeing the relevance of this to a streaming world. In what fashion do you believe they are controlling playback on Netflix, Amazon Prime, HBO, Starz, or any of the other streaming apps?
Controlling playback allows the industry to insure that new works are industry-sanctioned and appropriately taxed by the incumbents. DRM allows the middle-men to continue being in the middle in the face of the democratization of production and distribution that technology has created.
>"Controlling playback allows the industry to insure that new works are industry-sanctioned and appropriately taxed by the incumbents"
What industry are you referring to here - the tech sector, the entertainment industry? This is rather vague. Also which tax are you referring to? Who are the "incumbents"?
> To me, Netflix is evidence that there's no point to DRM. I still can torrent any content I want, but I almost never do.
To me, it is rather the other way round: As Netflix offers no DRM-free version, I will never subscribe. So in other words: by insisting on DRM, the movie industry openly states that they don't want any money from people who don't want DRM.
But if you "reverse" this sentence "in a hacker way", this means that they are not losing any money, if DRM-haters pirate (because they just stated that they don't want the DRM-haters' money).
Thus, in my opinion is quite a pro-pirating slogan coming from the mouth of Hollywood.
I might just not have to imagination, but a DRM free Netflix wouldn't seem to work -- you pay a low monthly fee for temporary access to a huge library. What would you prefer?
> I might just not have to imagination, but a DRM free Netflix wouldn't seem to work -- you pay a low monthly fee for temporary access to a huge library. What would you prefer?
I do not get your point. Perhaps I misunderstand it, because English is not my mother tongue.
I do not see a problem. First: If I really download a lot, I will soon get out of disk space (even if I own a NAS). Second: Netflix adds new movies/series all the time to its library. So there is an incentive to stay a subscriber.
Storage is cheap. You can store 500 hours of video in a TB. And four TB is less than one year of Netflix, but gives you enough storage to download enough video to last a few years.
I'd pay for one month of Netflix every two years instead of monthly, without question.
At that point why even bother with netflix? Downloading the streams and watching them without a subscription is still copyright infringement. Illegal streaming sites have existed for decades already.
The primary benefit of DRM free netflix is to watch higher resolution videos on any browser that isn't Edge. [1]
[1] https://help.netflix.com/en/node/23742
> I'd pay for one month of Netflix every two years instead of monthly, without question.
I can imagine that in this case Netflix would just have to change the price model somewhat: Make the first month much more expensive than the following ones to give a disincentive for canceling the subscription. At least this pricing model is applied by many software companies who love to sell subscriptions for their software.
But, that would I imagine be terrible for Netflix -- their cheap monthly price encourages people to sign up on a whim. I suspect very few people would sign up if the first month had been much more expensive.
They could keep the cheap monthly price for first-time subscribers, and just make it so that if you cancel and want to sign back up later you're charged for all the months in between.
I'm sure Netflix would have seen explosive growth if it required 1 year, $100+ contracts, and that's assuming content producers would have been okay with it (they wouldn't have).
Sure they could have used a different business model, but had they, we wouldn't be talking about Netflix.
The point is content maynot be worth watching, but you don't know unless you paid for it. You can make space by just keeping the content that are worth watching more than once, which in my experience is a very small fraction of the amount of movies produced.
A DRM-free Netflix would work just fine. How much work am I going to go to just to cheat Netflix out of $8/month?
I can already torrent anything I want. But I don't because it's easier for me just to pay.
Yes, I completely agree. I not only can torrent stuff, I can do it very comfortably as I used to do it a lot and have created a pipeline that will download it complete with subs in English and Czech, correctly name and categorize and make it available to my network so I can play it directly on my TV - all just by clicking on a magnet link. And yet since Netflix is available, I don't, Netflix is even more comfortable, and I want to support their original work.
> Isn’t Netflix and its DRM evidence of that?
How so? Can you not find Netflix shows on piracy sites?
If you mean "Netflix has been successful in getting people to pirate less" that has nothing to do with the DRM, but with the fact that Netflix is a cheap and convenient enough service to stop many people from wanting to watch pirated content.
Netflix videos are pretty easy to decrypt, there are a bunch of public exploits you can use to dump videwine device keys.
It's also incredible how much effort and money has gone into producing and debating and selecting open source licenses that have just the right restrictions on how everyone else can use code. I think there are some parallels with that and DRM.
This is fine rhetoric, but you clearly have no idea the sales volumes and number of players involved in some markets. It is far more money than say, writing the ssh protocol handler or whatever you might think is cool. Sorry, it is that harsh.
> the enginners implementing these schemes must surely realize it's in vain
I wonder, if it is so "in vain", why have so many folks been so spooked by it (e.g. Stallman, Doctorow)? Are they worried about the needless increased cost to consumers, or maybe they think it might actually work well enough? If you are really against DRM, I don't get how saying DRM "will never work" will help avoid it.
I worked at TI on OMAP MShield, TrustZone stuff (iirc we were the first (w/ Galaxy Nexus) to have good-enough DRM to be the first to have Netflix HD) and later at Trustonic which is the OS (and more) vendor of AMD PSP and many ARM-based devices.
Everyone* knew that some use-cases of DRM meant a single successful hack meant the content being leaked. It is mostly the low-level designers (CPU arch, physical die, OS/firmware etc) to be responsible for making it more difficult/expensive. Some use-cases will be necessarily be concerned with simpler attacks e.g. recording a few key pages of a secure/DRMed PDF with a hidden camera (and thus more complex protections like a Central Licensing, watermarking server becoming involved). There are some use-cases of DRM where leaks are not a big issue (e.g. a more dynamic content which involves occasionally communicating with peers/servers).
[*] This is probably not true. That basic case is easy enough to see, but I've personally seen other schemes where customers leave out key steps or end up trusting something that shouldn't be trusted.
@hlandau makes good points, I think.
I've always been on the fence regarding DRM. I think property rights seem like a decent idea so why not extend that to the digital realm? Do we not want digital scarce goods, collectibles? Is a technical enforcement of property rights superior to meat-space? I see many cool uses for DRM, trusted computing (and in the end I think it would transfer power from publishers, platforms, manufacturers to creators and owners). It's interesting (and makes sense) to see how blockchain people are generally in favor of trusted computing (though for many it seems to be too much of a "silver bullet"); iirc bitcoin wallets were some of our first customers after video DRM.
I've talked with many folks over the years (including EFF people) and I've still not gotten a sense of why the theory of DRM is bad (I would agree that most implementations have been horrible), other than it starting a snowball towards a cyberpunk dystopia future, maybe. I 100% agree that "you own the device, you should be able to control it". That means I support the right to tinker, am against DMCA, and think owners of devices should be able to run whatever software they prefer and be able to wipe, disable, replace whatever they want (e.g. root of trust). While I worked at Trustonic, I pestered the CEO many times (and rallied co-workers to do the same) to open source the OS. In the end there was (allegedly) not a good enough business reason to do so (and of course open source competitors began to pop up: trusty, tlk, OP-TEE, etc).
>I think property rights seem like a decent idea so why not extend that to the digital realm? Do we not want digital scarce goods, collectibles?
What does digital scarcity even mean ? You are just transferring the scarcity from the origin, i.e., the creator's resources, to the final output, which is not scarce at all in reality. We have accepted a model where the cost of the investment is recuperated after the fact. Hence, we need the artificial scarcity once the output is produced. If you change it to a patron model where something is only produced if it is funded, you don't need to make it artificially scarce. That is not very profitable of course.
> What does digital scarcity even mean ?
In a world of trusted computing, it might mean some amazing HD+++ digital image being one-of-a-kind (and having some attestation/proof of origin, authorship, etc), even if there are lower res/quality versions out there for cheaper/free. It also might mean other granularities to accessing the data like functional permissions (e.g. for this version of the encrypted, wrapped data, the computer is only allowed to apply function X (265a1b..), or function Y (f00fe7..) is blacklisted, or the computer is allowed to view once or infinitely, etc). That might sound like shit to many, but certainly not to all.
That is still artificially scarce. It is not scarce in the sense a painting is scarce because the artist only made one. And even the artist cannot make an exact copy even if he/she wishes to. Anything digital is indistinguishable from its copies, at least as far as enjoying it is concerned. There may be some limited value of bragging rights in getting the first edition, or a signed edition, of something digital, which you can verify using elaborate signature schemes, but that's where the novelty ends.
I guess it's just semantics then, tomato tomato. One could theoretically make a digital painting with a DRM-enabled stack and could be left with only one (more likely to see DRM-enabled stacks coming to video/picture cameras, though). It's up for debate whether meat-space scarcity is more ... "authentic"? (higher effort to duplicate?) thanks to physics than something digital (e.g. DRM systems that might be more easily broken).
> Are they worried about the needless increased cost to consumers, or maybe they think it might actually work well enough?
Obviously the former. They are both focused on ethical issues related to computing, which DRM has many implications for despite it's complete inability to achieve its stated goals.
> If you are really against DRM, I don't get how saying DRM "will never work" will help avoid it.
The idea is that if the companies pushing DRM realize that they are spending a ton of money pushing something that is useless, they will stop. Personally I don't think this is a viable strategy simply because it requires a level of rational thought from large companies that they clearly are incapable of acting on.
1. You agree with "you own the device, you should be able to control it"
2. You agree with "I think property rights seem like a decent idea so why not extend that to the digital realm"
thus, if you own the device and the physical property rights with it, and you want to extend the property rights into the digital realm, you should also own the software on the device. Isn't that the logical conclusion?
Should I (or do I?) own the firmware, OS, applications, etc? Maybe, maybe not. Certainly if I own a device, I should have the capability to use the device to its fullest with my own owned software (i.e. no gimping of hardware/firmware allowed depending on what is booting) i.e. I do not really own my iPhone. The DRM/trusted computing ecosystem might then be (realistically) opt-out via taking an alternative fork (running alternative software) of the web/tree/chain of trust. There need not be only one DRM/trusted computing fork, all-or-nothing choice, though.
There are plenty of morally legitimate use cases for trustable computing, and not that much for trusted computing, aside of the fact that technology behind those two are often the same or similar. There's nothing wrong with Secure Boot in how it works, it just becomes bad when you keep the user from putting their key there.
If disabling ME would only prevent me from watching Ultra-HD Blu-rays, which I don't watch, I'll disable ME immediately if I only could.
That won't breach any obvious contractual obligations of Intel/AMD with Hollywood.
That's not the issue. You can already disable pretty much all of the ME's functions post-boot with HAP and me_cleaner. But for people who take an interest in fully-open source firmware (coreboot, libreboot), it would be nice to be able to replace the ME firmware with something open source. But this is impossible because the hardware will only run Intel-signed blobs. By "owner control", I mean the freedom to run whatever you like on the ME. It's likely that Intel is not only unwilling, but contractually precluded from letting people do so, for the reasons I gave. Hence the claim that Intel will never let people control what runs on the ME.
Unless they have forgotten the last 2 decades, Intel only has to not let you have access to specific keys that are only available to a securely booted Intel ME.
Trying to prevent you from running something else is pointless posturing for that purpose as it is only useful to decoding DRM if you already have some means to compromise Intel MEs and extract key information.
Not allowing anyone to build an alternate system with ME's capabilities is not pointless posturing when it comes to getting the NSA to bless your export of higher performance chips than the US wants many states to have.
To put it a different way, they want Hollywood to have strong low layer encryption on your computer but they don't want you to have it, especially if you might be outside the US.
Sounds like the real truth, I hope it isn't more neferious then this though.
The reasoning presented by this article is very "conspiracy-style". The arguments revolve around GPUs which are a more natural fit for DRM mechanisms: they display the image, and are more apt at decoding/encoding that protected stream than the CPU.
But using ME for DRM in the near future is highly unlikely since it would just be a boon for ARM based systems. With CPUs that can be designed and sold at far lower cost (and performance) by manufacturers that are willing to forego such lunacies as DRM embedded in x86 CPUs and get a foothold in the market. And x86 already feels past its prime given that many usage scenarios already migrated to ARM devices.
At some point the CPU, GPU, and a hypothetical VPU might share the same die in a heterogeneous chip, and this might include such DRM protection for the reasons GPUs have them now. But the x86 CPU part having built-in DRM? I'm not buying it without someone making a better case than this article.
The ME is just Intel's pi*s-poor attempt at securing the system. But it's mostly security through obscurity so basically almost none at all. The more "conspiracy" version is that it serves specifically as a back door for certain agency type actors. Which is not unlikely.
But the more obvious reason is that at this point opening it up is no longer an option. It would mean opening the door widely to an avalanche of exploits capable of hitting systems 12 years back. Something that would make Meltdown/Spectre look tame since there is no OS fix for ME. Also, in Intel's vision letting you control the ME is like giving you the keys to the kingdom. They can't admit to themselves that the ME is not a locked gate, it's a moat. And if you're willing to get dirty you will get through it.
The ME has in fact been used for video DRM for a long time; Google for Intel PAVP (Protected Audio-Video Path).
The important fact being that it only applied to the Intel iGPU. You also had the option to disable that and the HW decoding with the iGPU was also disabled.
The successor is called Intel Insider and it's still aimed at the GPU. Basically it's there to make sure the stream goes to the GPU (which has DRM) to be decrypted not to the CPU. That's because nobody was "courageous" enough until now to put the DRM label on a CPU.
https://blogs.intel.com/technology/2011/01/intel_insider_-_w...
My takeaway was that the industry attitude towards DRM in CPUs and GPUs has been the same “lock it down and obscure it”, and the reference to GPU contractual obligations was considered relevant based on the assumption that industry agreements for both CPU lockdown and GPU lockdown would be similar. It’s clear Intel is motivated to provide user lockouts on its critical regions, so it stands to reason they may have a contract similar to the known GPU contracts.
I didn’t find it very conspiracy style. It seemed to me a well thought out and rational article. It reminded me of how Facebook can never truly “protect user data” because they build a business reliant on collecting and distributing user data.
There should be a market for business desktops which don't have the ME, and don't have the keys for decrypting paid video content. You don't need your employees watching movies on their work machine, and the security is better.
The one you want https://www.raptorcs.com/content/TL1BC1/intro.html
Open source and toolchain and access and validation turtles all the way down https://git.raptorcs.com/git/
For others that didn't notice this new and somewhat less expensive version come out, here's the HN thread from 2 months ago: https://news.ycombinator.com/item?id=17124593
> somewhat less expensive
Only in the sense that the Atlantic Ocean has "somewhat less water" than the Pacific. :-) Over $4K for a "desktop development system". That's not personal computing. That's small scale enterprise computing, which is too small a market to make a dent in Intel and AMD. Their prices need to come down by an order of magnitude to make this technology a significant player.
Huh? It's under $2k for a daily drivable config. $1600 if you are willing to do a 2.1 rev chip without HW speculative execution mitigations and some other errata.
> It's under $2k for a daily drivable config.
Which config are you talking about?
Check the link in my original post and the child comment. You can buy DDR4-R and NVMe cheaply from places like Superbiiz.
Here is the special DD2.1 box https://secure.raptorcs.com/content/TLSDS1/intro.html for $1600.
With a "starter CPU" that doesn't support virtualization, so realistically you're paying another $375 for a CPU upgrade. Still quite a bit closer to a useful price point, though. Thanks for the link!
You state this as if I didn't so I'm confused by that :S. Regardless it is possible to do a full build for under $2k, especially if you have any resuable parts like case/psu/nvme.
> You state this as if I didn't
You mentioned the base CPU not having HW speculative execution mitigations (which I also would consider worth a CPU upgrade to get), but not having virtualization is a much bigger limitation, in my view, and you didn't mention that, so I did.
I think there is a huge architectural philosophy divide here. Some think ME has it's place if done right,but surely many would agree with me when saying all of ME's functionality should be implemented by the OS. ring -1 should not exist. Period.
> many would agree with me when saying all of ME's functionality should be implemented by the OS.
ME's use case is to be able to manage the machine when there is no OS installed, is unbootable or unresponsive. So somebody doesn't have to physically visit a datacenter and find the machine in a rack.
https://en.wikipedia.org/wiki/Intel_Active_Management_Techno...
Right,what is needed is a management OS(think efi-like). Also,kvm+ipmi[1] is used for that mostly,not ME.
[1] https://en.m.wikipedia.org/wiki/Intelligent_Platform_Managem...
So ME isn't a cheap on-chip version of ipmi then?
How are the two mutually exclusive?
There's no technical reason I can think of that Intel couldn't separate the "initialize" and "management" functions of ME.
If an OS is installed, it has rights to write into the "management" storage area, remove everything there, or install alternative functionality.
If no OS is installed, and remote features like power-off-network-login need to work, have the NIC jump straight into the storage area and start executing. If there's nothing there / corrupt data because the OS / user screwed it up... well, that's their fault.
There's no non-DRM case for precluding users from being able to overwrite the ME of their own hardware.
This could also be implemented using a few BIOS modifications and, this is important, a separate computer connected to an internal serial port.
Basically the same setup, except the management engine is a detachable, five-dollar device.
How does ME contrast with things like ilo/ipmi?
As an aside, we recently experienced a server hack through a vulnerability in iLO (a system we didn't even use other than for rebooting the machine)
Thanks, HP! /s
To build on this, we distrusted the actual servers in the rack for the following:
1. Out of band devices to administer boot fail incidents, serially controlled
2. PDU (Power distribution Unit). Supplied with 2 different power sources. Provides dual power per server on rack. Controlled by ethernet.
3. Firewall rules that prevent the managed crap (iLO and the like) from working.
The only recent issue my previous job had, was in a junior sysad installed apache tomcat with default creds. Can't really fix user error - but the above rules at least stop malicious intent from manufacturers. Mostly.
ME is like that except it ships with the CPU.
So, the definition of a feature only required for a single application (playback), and unwanted by consumers at that. This clearly did not belong in any general-purpose processor (if it should have been built at all).
You know, if movie and recording studios want this so badly, let them put up the billions it should require for them to produce their own coprocessor.
The question I always have about this is, why has nobody tried to make the case that this is illegal? ESR has suggested that the selling of routers with closed-source firmware ought to be regarded as the tort of conversion; this is a similar but stronger case.
Maybe because not enough engineers have lawyer friends that understand technology well enough to listen to us complain about all this dumb shit we have to deal with. We all need to make more lawyer friends.
Here's a supporting link from Intel's blog in 2011 that they are DRMing for Hollywood:
https://blogs.intel.com/technology/2011/01/intel_insider_-_w...
At least one company is developing "a solid approach on how to run a freed Intel ME": https://puri.sm/learn/intel-me/
That's not anything different from the described HAP bit and removal of unneeded modules. You still have 10% of the ME left and required to boot, on top of the BSP, which is also 'secret'.
Yep, we need new silicon designs, new fabs, and a new corporate structure that isn't as susceptible to this type of corruption.
Well, according to the linked post to Phoronix, the POWER9 architecture is not produced for OEM PC market requirements so it doesn't have do oblige Hollywood non-negotiable DRM requirements.
Did I understood right? Until now I thought the only option was using pre 2008 Intel (and same era AMD?) CPUs or some Atom models...
And then there is some ARM and RISC-V, those could become viable.
So the author is claiming that the main reason why ME exists is DRM.
I can see it being one of the reasons but it is also a pretty good anti-theft system if you look at it naively.
And I haven't seen a laptop with a CD tray for at least 7 years. Who is playing these bluray discs in their laptop?
Intel also benefits from ME in many many ways, I'm sure. Like obviously it is a massive value add to their Enterprise customers.
However, I think the argument in the article still holds water, not because Blu-ray matters, but because nobody had any idea it wouldn't. CPU and GPU manufacturers probably have extremely long contracts to implement and obscure DRM features, fueled in part by Hollywood's sore feelings from the DVD Jon days.
Of course Netflix and Hulu and so forth happened and whoops, laptops got thin and stopped having optical drives and oops, Samsung added streaming services to their TVs... And now Bluray and it's assinine security schemes hardly matter. Hollywood didn't adapt well to this new streaming world so I'll bet they didn't see it coming either.
Of course the threats not over. Next generation we'll probably see even more insane copyright protection coming out of Hollywood for the sake of protecting services like Netflix as a contractual obligation if they want to carry the hot new garbage. I'm particularly excited to see what happens with stuff like Intel SGX.
This will probably continue for the next couple decades until a set of realizations finally become too apparent to ignore. After all, the pirates torrenting the latest Game of Thrones don't need Intel SGX or HDCP. They just click play.
But the more delusional and out of touch the industry is, the longer it takes. Video game DRM may not be a solved problem but even the absolute worst protection available today is so much less hostile than what we were dealing with a decade ago that it hardly matters. Hell, nowadays with PC games, anticheat is the more invasive technology. Modern invasive DRM mostly just phones home to get some crypto keys and to try to limit a single license from being spread to the entire internet. It may seem anticonsumer, but it's the worst there is, and it's very telling that gamers seem more concerned about tracking technology than middleware like Denuvo.
Don't assume that hardware-level DRM will go away with the death of optical media. As I understand it, the media industry seems to have adopted a standard position that UHD/4K content should require hardware-level DRM. UHD Blu-rays require this sort of thing, but also UHD streams on Netflix; for this reason at least at one point UHD Netflix was restricted to Chromebooks only. Not sure if this is still the case; I'd expect Google's Widevine to get Intel DRM support if it hasn't got it already.
You might want to look at Widevine's website; there's a small amount of information on the security levels. Essentially, there seem to be two levels of Widevine; what I'd describe as the placebo level (just obfuscated data processing within the browser, etc.) that might be used for e.g. HD Netflix, and the toxic-waste level which expects hardware-level DRM, which industry appears to be demanding as a minimum standard for UHD content. Consumer demand for UHD Netflix will continue to drive adoption of hardware-level DRM for the time being, it seems.
"The" reason the ME was added was enterprise remote management, as far as I'm aware. Of course, once you have a non-owner-controlled microprocessor on the system, you can use it to implement a lot of other value-add functionality that depends on not being owner-controlled.
The article discusses the DRM aspect of it because this is one thing which would make it particularly legally difficult to allow owner control of the ME, since there are likely to be contractual obligations regarding keeping that secure.
AFAIK, Intel isn't offering the anti-theft service anymore.
Doesn't have to be CDs or blurays. AFAIK, the latest generation of DRM for 4K streaming uses SGX, which I don't think can work without ME.
And who's watching that on a PC often enough that a market alternative doesn't even exist? Not to mention, a significant number of laptops are still sold with 1080 screens.
It's not about PCs. The same principle applies to embedded devices and smart TVs, where there are equivalents from other manufacturers. And 4K is not pertinent to this in any way. It just happens to be so right now.
If not about PCs, why is Intel doing this?
To be honest, I don't mind a tablet having provision for DRM to watch movies, but on my work PC, not being able to trust it is clearly unacceptable.
This is a large part of why I find myself continually eyeing those TALOS OpenPower9 systems.
One technology breakthrough for ARM over x86(which has little room left for improvement at this point), could be a watershed moment for the chip manufacturers
This stuff doesn't exist because of a particular vendor or ISA; it's a mainstream feature for modern application platforms. Many ARM systems achieve similar ends through a kind of hypervisor / shadow OS that can't readily be disabled by the device owner [1].
[1] https://www.arm.com/products/security-on-arm/trustzone
DRM schemes are explicitly listed and talked about as one of the 3 applications of TrustZone in the official docs.
x86(which has little room left for improvement at this point)
That's exactly what IBM, Motorola and Apple said when they got together to promote a new architecture once. In 1992.
Unfortunately, enabling this stuff seems to be the deal with the devil you have to do in order to become a mainstream platform. I highly doubt that ARM will supplant x86 without also offering something that is functionally equivalent to ME.
Why? Few care about 4k optical discs on a PC.
So the article is portraying 4k blu-ray as the raison d'être for Intel ME on consumer devices, but isn't for example Netflix HD which uses HDCP 2.2 somehow also tied to a trusted execution environment within Intel CPUs, or is this method of protection only via the display and the graphics chip (sometimes also by Intel; on the motherboard)?
The ME-based DRM provided by Intel isn't inherently limited to securing UHD Blu-rays, and you can expect Google's Widevine, as used by Netflix, to consume this functionality as well.
My understanding is that the industry has decided that UHD/4K content should require hardware-level DRM, no matter whether on disc or streamed, and that Netflix UHD requires a system with this functionality.
The thing we need now is a version of the GDPR for hardware and software. A law that says that non-essential features mustn't be inseparably bundled with essential system features so the user can disable them without killing the system. Just like the GDPR did for essential data and marketing data. Is this so far-fetched?
It'd be damn tricky to implement, probably impossibly so. I can think of a few reasons:
- Modern lithography just isn't that precise to my understanding. The whole point of binning chips is that you aim for an entire wafer of Core i9s, but you accept that some flaws will occur and will require disabling features of the chip. Are the disabled features "non-essential"? Certainly seems like they are if they can be disabled.
- From a marketing perspective, you'd need to help customers decipher dozens of different models of the same chip. For n features, you'd need (2^n)-1 chips, right? So Model A would support everything; Model B would support everything except virtualization; Model C eould support everything except HDCP; and so on.
- And as a customer, does that mean I need to spend $500 and replace my CPU everytime I realize I need a new feature? How would that work for laptops, where chips are frequently soldered to the motherboard?
I'm sympathetic to the idea of requiring transparency in general, but unfortunately hardware is a helluva lot trickier than software.
You can disable most of that stuff from the bios/efi, so you already can effectively opt out of those features. This would be enough for a harware-gdpr thingy I think...
That's true -- I guess I hadn't been thinking of it from that perspective. There'd still be the problem of asking consumers to "opt out/in" of these features, of course. It's hard enough asking consumers to make informed decisions when it comes to "can we use your photos/track you online" -- now you'd be asking "do you want to run virtual machines/access encrypted content/etc.".
But I guess I'd appreciate the ability to turn more stuff on/off in the BIOS -- makes me think of the whole "dark silicon" notion (if I don't use my laptop for Netflix, can I disable the streaming encryption stuff to save battery life?).
It would be nice if this kind of thing could be used to stop cheating in games providing a secure channel of communication between server --> cpu --> gpu, but that likely won't work considering it's not working very well to stop media from being pirated in it's current application.
Yes, this is one application.
Google "Software Guard Extensions" and "Intel Enclave"
[1]: https://en.wikipedia.org/wiki/Software_Guard_Extensions
Any idea if commercial games are using this yet?
There are a few DRMs that offer using it but none of them are in use mostly because of market share issues.
SGX isn’t available on the majority of consumer CPUs because it’s a fairly new extension and it’s Intel exclusive.
I know of a few enterprise products that use it for their “soft-dongle” licensing if you don’t want to plug in a license dongle in your server, yes it’s 2018 and we still have license dongles like it’s 1988, ESRI I’m looking at you.
How does Apple deal with this?
Probably wanting to use their own solution (read: CPUs/SoCs, secure enclave) for their computers.
there has to be a perception among the consumers that they are purchasing valuable content. the DRM makes this perception real. No DRM means no profit
Not sure I buy the part about DRM and market suicide. Who uses optical discs any longer? I don’t know anyone, though several have old collections from a decade ago gathering dust.
Also first I’ve heard that a new blu ray even exists.
Yeah, it doesn't make sense, especially for enterprise CPUs. Which server manufacturer/large datacenter operator cares about DRM? And conversely, wouldn't they rather not have another attack vector? So there must be legitimate enterprise use-cases for ME/PSP, or something else is going on.
They talk about remote management, but there's no requirement for that to be a secret that I know of.
I would point out that physical discs remain the only way to own media you buy. Even though Blu-rays are DRM'd, the fact that they can't change the encryption on the fly means they're all inevitably broken. I can buy Blu-rays, and know that their DRM's circumventability can't be taken away, unlike the video you stream from the cloud.
Still have and occasionally purchase CDs for ripping, but never cared to own video that I might watch once every five years. Also the churn in formats makes it a losing prop anyway. Regret my video disc purchases of the last decade or two.
The use of hardware-level DRM like this appears to be something being pushed with the move to UHD (4K) and higher resolutions, for both discs and streamed content. This seems to be an industry-wide policy that's been adopted; AFAIK, Netflix's UHD streaming is gated on hardware-level DRM being available.
Lame, but whatever, I'll go love in the world of content creators that aren't prescribing to this shit. Probably will save myself from being mindcontroled.
"They won't let you disable ME because of Hollywood".
I don't know, Rick... I'll call this argument bullshit.
I'm pretty sure there is a very good (evil) reason Intel won't let us disable ME, but it's not "Hollywood".
ME was designed not for us to control our computers but for the INTELLIGENCE AGENCIES to control our computers.