Vista DRM

[pmonett]

In a previous thread there was a lot of discussion around DRM and content protection, and one participant specifically asked for "proof" concerning what it does.
Well Microsoft not being very helpful on the subject, at the time there was none, so the discussion ended up in the pro-MS vs anti-MS, and we all know how useful that is.
Now, however, a voice has made itself heard : that of Mr. Peter Gutmann, apparently a professor in New Zealand. Go here to read his analysis (please do, it is quite enlightning !).

Having read this article, I will summarize it thusly :
- Vista overtly disables all non-compliant interfaces when playing "protected" content, meaning S/PDIF and component video, as well as TOSlink and coax output for audio
- Vista covertly degrades the signal in a dynamic manner, so you'll never know if the fuzzyness you see on your high-end HD screen is due to a bug or to Vista content management doing its job
- the implication of content protection is that driver specifications are kept to a minmum, ensuring that open-source drivers will be few and far between
- another driver problem is that the Hardware Functionality Scan (HFS) prevents using the Unified driver models because it requires the driver to be specifically certified for the hardware - so it's back to one driver per model of graphics card or sound card
- Microsoft can apparently revoke the useability of a driver or device if it decides to, which means that all users of said element will be left in the cold until a replacement is available (at cost ?)
- Vista can now be TILTed, just like the pinball machines of old. Apparently, in order to detect hardware tampering, Vista now tracks glitches in results, buffers and signals, and when enough happen, guess what you see ?

There's more in the analysis, but I'll stop there.
Now I'm sure that some people will find perfectly reasonable arguments to justify all the above, but I'm interested in objective opinions. Doesn't all this open wide avenues for hacking ? And please don't answer that it doesn't matter because Vista "is more secure" - let's see just how secure Vista actually is in the field before giving it the laurels.
I think this whole DRM scheme will be a useability disaster. The worst case scenario would be a hacker finding out how to hijack the revocation process and actually using it.

What do you think ?

Pascal.


I've got nothing to hide, and I'd very much like to keep that away from prying eyes.

 

[kHz]

Microsoft is already watching a revealed security flaw in Vista, but they are claiming it is low because someone already has to have access to the computer to exploit it. That was in an article in the newspaper yesterday.

 

[tfg13]

pmonett,
I thought I included this in the other thread, and didn't hear no comments about it. Maybe I didn't point any one to the thread:

http://www.infoworld.com/article/06/10/13/HNvistapgwoes_1.html

Any way, as the article states, there are already vulnerabilities identified. How long before there is code to take advantage? The article states less than a year. As KHz points out, I would say 1 more week?

 

[Stevehewitt]

It's an intersting article. I did email the author when I read it a few days ago off a link on theregister.co.uk.

I wanted to mention a few points that were omitted...!:


If Microsoft didn't include this function, premium content wouldn't be able to be played on Vista

The specification is set by Hollywood, not MS

There is little difference between HDMI/HDCP compliance built into Vista that DVD Regional restrictions

Only premium HD content is applicable. As yet there is no mainstream HD content that takes advantage of this

It's up to the content author what happens if you do not meet the DRM spec's. Many will allow to play at DVD / SD quality.

HD-DVD and BR Drives will also be taking advantage of this as well.


Nobody can say that Vista doesn't contain DRM, however I want to clarify that this is the same technology that is also in HD-DVD and BlueRay drives too. In addition I also think it's very unfair in it's angle. It fails to mention that the content author determins what happens to the content if the system isn't encrypted to the output.

To be honest, I can't see it being a problem. To the end user the disc gets put in, and if the monitor is HDMI compliant they get HD. If not then the content author can either prevent it from being played or it will be in SD instead.




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[Stevehewitt]

Just add a few more cents in...!

The whole revocation process is very, very interesting. I wish MS would publish more information about it, as it could be quite concerning.

How on earth it would be implemented I have no idea, but very interesting all the same.

Something that strikes me is the comments quoted from ATi. Maybe I'm reading it the wrong way, but it sounds like moaning. Yes ATi, you're drives should be perfect. It's not a OS, or a enterprise level reporting suite, or a database server. It's a video driver. It's what they do. So yeah, the drivers should be throughly tested so they don't have these 'glitches'. Companies get slammed all the time for sloppy code with poor error handling. (MS the all time fave, but ranging from Novell through to Apple) - Why should drivers be any different?

The best one was:

Cannot go to market until it works to specification... potentially more respins of hardware

Isn't that the whole development this? A spec is written, code is written based on the spec then it's throughly tested? If you weren't doing it before then thank god you are now!

Of course, with ATi being owned by AMD, it's not suprising they're p*ssed off with handing Intel lots of cash to use it's HDCP spec...! ;-)




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[pmonett]

The specification is set by Hollywood, not MS

And that matters how, exactly ? The result is still in Vista, and that's the problem.

To be honest, I can't see it being a problem

Well then, let's run through this list again :

- the Hardware Functionality Scan (apparently) forbids using a unified driver architecture, which is going to force all graphics and sound card vendors to go back to the bad old days of one driver per card type - whether or not you use HD on your PC. In other words, it multiplies the work for everybody including those that are not concerned (because they don't want/need HD at the time). I think that is a problem.
- the revocation function (clearly the most dangerous, yet the most virtual at the moment) could remain unused (yet, as you said, Hollywood wants it), but it could also be hijacked for a much more dire impact. Before this becomes possible, we'd have to learn that revocation is possible in real life, and is not just a marketing feature or vaporware, but if it's true, hackers will be after it like bees on honey. That is a very serious potential problem.
- the TILTing is also a big issue. Frankly I don't see how this can work without screwing up a PC every day. Lots of people buy low-spec PCs, and on low-spec PCs the PSUs are not the most reliable - meaning power spikes and voltage irregularities all day long. If that's enough to tilt the machine, then it'll be BSOD paradise and a bunch of very unsatisfied customers. This "functionality" leaves me quite skeptical - PCs have enough trouble remaining stable as is, there is no need to introduce further measures to destabilise it. Plus, hackers could have a field day finding ways to tilt the OS.

In a perfect world, content protection would only apply when premium content is being played. Unfortunately, the above measures can come into play at any time, and that is a problem.

Pascal.


I've got nothing to hide, and I'd very much like to keep that away from prying eyes.

 

[Stevehewitt]

I can't disagree with anything said, as it's all true. I just think the perspective is a little too extream.

For a start, this isn't Vista DRM, but BlueRay and HD-DVD DRM. Vista can play those media types and thus must conform to the specification that Hollywood have agreed on. (Remember that HDCP over HDMI was designed by Intel, not hollywood. Hollywood just chose that one)

Hardware Functionality Scan? Do me a favor. Maybe it will give the driver developers a chance to write some propper software for a change. I don't want the 40Mb driver 'package' - which nearly always contains drivers for pretty much every other bloody device they have manufacturered. It's already happening - but as it's one single file to download we don't care. I remember the good old days when a driver was a .sys and a .inf. Possibly a .dll if it was a funky device. Catalyst? ForceWare? Give me a break, they contain the drivers for about 20 devices already - so yeah, possibly more work for the developers, but none for the consumer.

I can't comment on the revocation function and neither can the author of the report as there's no documentation on it. It's still speculation. My guess is that it won't be used as I would have thought MS would have documentation on it by now as Vista's been released for nearly a month. Only docs I have found state that Microsoft will manage a 'Global Revocation List' and content authors can specify the minimum version number required to be used by the PC for the content to be played. That's all I can find on the MS site.

The tilt bit's make me laugh. It's a clear way of showing bias in an 'analysis'. Please google:

"tilt bits" site:microsoft.com

I quote the only reference I found...

Driver applies tilt detection mechanism (as needed)
Tilt bits are provided in the DDI as the driver’s mechanism for reporting that a hacker is suspected. If at any time the graphics driver determines that something improper has happened, then it can set the appropriate tilt bit—for example, if the hash of an output status message doesn’t match the message. If any tilt bit gets set, then Windows Vista will initiate a full reset of the graphics subsystem, so everything will restart, including re-authentication.

The tilt bits are also used by the driver in PVP-UAB to report problems with its bus encryption mechanisms. When setting a tilt bit, the vendor-supplied kernel-mode driver will also typically invalidate its session key as a further precaution.

There is no requirement regarding the circumstances under which a driver should set a tilt bit. Adopting this mechanism is another example of the hardware manufacturer showing their intent to properly protect premium content. An example of its use is as follows:

A hacker might try to use a hardware signal-injection device on the PCIe bus to try to force the graphics chip out of virtual memory mode, in order to read back premium content from VRAM. The graphics chip could detect that it was no longer in virtual memory mode, and could then set a tilt bit to request that premium content not be sent.
Another scenario might be a hacker trying to feed the graphics chip a fake page table, using a hardware injection device.

As part of the tilt detection mechanism, the hardware manufacturer might choose to have the driver track the state the chip is supposed to be in and compare that with the actual state.

Windows Vista will poll the state of the tilt bits at some frequency—likely on every video frame. It will be the same mechanism used to frequently check Output Protection Management states.

So forget this nonsense of BSOD's and if there is a minor power fluctuation. It appears to be hype. Yes, tilt bits exist. No, they won't cause a machine to crash to BSOD - it just resets the secure channel for the premium content path. Oh, and it's optional.

I'll be honest, I'm still not too concerned. Looks like a IDS system for HD content to me.




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[Grenage]

For a start, this isn't Vista DRM, but BlueRay and HD-DVD DRM. Vista can play those media types and thus must conform to the specification that Hollywood have agreed on. (Remember that HDCP over HDMI was designed by Intel, not hollywood. Hollywood just chose that one)

Hardware Functionality Scan? Do me a favor. Maybe it will give the driver developers a chance to write some propper software for a change. I don't want the 40Mb driver 'package' - which nearly always contains drivers for pretty much every other bloody device they have manufacturered. It's already happening - but as it's one single file to download we don't care. I remember the good old days when a driver was a .sys and a .inf. Possibly a .dll if it was a funky device. Catalyst? ForceWare? Give me a break, they contain the drivers for about 20 devices already - so yeah, possibly more work for the developers, but none for the consumer.

Shocking, Steve; something we agree on. /wink

With regards to Pascal's opener:

I'm interested in objective opinions. Doesn't all this open wide avenues for hacking?

I'm not sure, but if the revocation service really does exactly what it says on the tin, I'll wager it is very likely. I'm really not a fan of systems like this.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[Sympology]

If I'm not mistaken, reading about many other devices, but ports are disabled (as he keeps going on about), but the signal is degraded. So if shoving it out over component video, it runs at a stand res, not HiDef. This is the same as many other devices.
He goes on about the Graphics not be able to run protected content, why is this Vista fault? From what I can see x1900 doesn't have an HDMI connector! Content protect states that is the signal is passed through a non compliant HDCP hardware, i.e a DVI to HDMI converter, then the signal is to be downgraded. This is the specs and not a "feature" of Vista.
And those that have got the hardware but dsay it doesn't work, I guess this guy has never heard of firmware upgrades. Not only that, is it Vista or is it the Screen? Many screens have the interface, but may still not play it correctly, due to not being compliant.

Only the truly stupid believe they know everything.
Stu.. 2004

 

[Stevehewitt]

I don't like a lot of this DRM stuff, and MS have buggered it up by caving into Hollywood, I can't even pretend to go along with the fact that I like it. But the 'analysis' is very bias, and whilst some parts are valid and do give the DRM a well deserved smack, it's too bias for me to take it a a technical research document.

{Grenage, I'll mark this one in my calendar! ;-))




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[Sympology]

And remember it's Holly wood that's driven this not MS. If hollywood turned round (in fact they have effectivly) and said, until OS's support HDCP, we won't release HiDef movies, the people would moan at MS for not supporting it. Apple will be doing it as no doubt, as will Linux.


Only the truly stupid believe they know everything.
Stu.. 2004

 

[Stevehewitt]

FYI - I'm sure I read that Apple are planning to include this in one of the next releases of Mac OSX. (Can't remember the source, but sure I read something)

I doubt that Linux will look at supporting this in the short term. The Linux community need to address more fundemental issues with the OS if aiming for home desktop deployments - something that HD Content won't be critical to compared to other items on the agenda.
Just can't see it being a priority compared to other items that Linux needs to get sorted for mass home user acceptance.



Steve.

"They have the internet on computers now!" - Homer Simpson

 

[Sympology]

Steve, kind of agree, but one thing in the next couple of years is HD-DVD / Blu_ray support. People (by that I mean non techies) may be a little peaved if they get a super Linux box, that can't play Superman 5 or Rocky 27 in HiDef.

Only the truly stupid believe they know everything.
Stu.. 2004

 

[Grenage]

Perhaps, but do you know anyone who would actually sit and watch a film on their computer, rather than on their TV, with a comfortable sofa?


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[Sympology]

Kind of guess you've never seen the likes of:

http://www.reghardware.co.uk/2007/01/04/review_netgear_digital_eva700/

or used a proper Media setup.

Only the truly stupid believe they know everything.
Stu.. 2004

 

[Grenage]

Oh I have, I've just never met anyone who bothered with more than a DVD (or Blueray shortly) system plugged directly into the Video and sound system. After all, you'd never really need to.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[Sympology]

My friend has a pc hooked up to his Plasma, he tends to use it as a fancy HDD recorder & audio playback device.

Only the truly stupid believe they know everything.
Stu.. 2004

 

[gbaughma]

Let's face it.

Hollywood won't be happy until they can wipe your memory of the movie you just saw as you're coming out of the theater.

And the RIAA won't be happy until they can bill you or sue you for humming a tune to yourself.

And it's all **BULLHOCKEY**. Record labels are still ripping off artists and consumers. Remember when we were told that CD's would be less expensive than casettes, because there were no moving parts, etc. etc.? Yet CD's are still $15 a throw, and the artist (*IF* he/she is lucky, is getting 25 cents per copy sold). And the RIAA wants to cry poor-mouth about all the money they're losing?

I've run the math many many times proving how the RIAA rips off consumers and artists all the time. Sony, BMG, and WB being the worst.

The bottom of that article makes the best example. The guy who went out and bought a brand-new Home Theater PC with Blu-ray, and even got a free Blu-ray movie with his purchase, and it *REFUSED TO PLAY*.

I have my Media Center at home, loaded with every CD that I own ripped into MP3 format (8500+ songs), and it's connected with TOSLINK. I will *NOT* ever go to Vista after this. When MS stops support for MCE backended with XP, I will be looking at an open-source media center solution, such as Freevo.

I've had it. Hollywood can stuff their $20 a ticket, and the RIAA can stuff me ever paying $15 for a 25-cent CD again. I'll buy my movies from the $5 previously-viewed bin at Blockbuster. And, IMHO, microsoft caved in. Of course, I'm not surprised, really.... every time I do an update, it wants to verify that my copy of windows is "Legitimate". We, as consumers, are constantly forced to upgrade, update, and continue to pour money into keeping WORKING TECHNOLGY WORKING.

I can't even count the number of times that I've been told by software vendors "Oh, yes, that's a KNOWN BUG in our software, but the only way that we will FIX OUR OWN ERROR is if you purchase a SUPPORT CONTRACT." What????? You just admitted that it was BROKEN WHEN I BOUGHT IT (a known bug), but you won't fix it without MORE MONEY?

And don't even get me STARTED on the SonicWall firewall that TOTALLY CRASHED because I hadn't kept up with the support contract. It self-destructed. Period. Kaput.



Just my 2¢

"What the captain doesn't realize is that we've secretly exchanged his dilithium crystals for new Folger's Crystals." -- My Sister
--Greg

http://parallel.tzo.com

 

[RandeKnight]

Hollywood won't be happy until they can wipe your memory of the movie you just saw as you're coming out of the theater."

I've had that thought myself. Just leave the impression that it was a good movie and the punters'll go again and again.
And then stop bothering with making the movie and just give them drugs instead. Cheaper and more efficient.

 

[Sympology]

Hollywood won't be happy until they can wipe your memory of the movie you just saw as you're coming out of the theater."

No problem there, most films hollywood make are pretty forgetable....



Only the truly stupid believe they know everything.
Stu.. 2004