Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DRM Google Linux

Why Linux HDCP Isn't the End of the World (collabora.com) 136

"There is no reason for the open-source community to worry..." writes Daniel Stone, who heads the graphics team at open-source consultancy Collabora. mfilion quotes Collabora.com: Recently, Sean Paul from Google's ChromeOS team, submitted a patch series to enable HDCP support for the Intel display driver. HDCP is used to encrypt content over HDMI and DisplayPort links, which can only be decoded by trusted devices... However, if you already run your own code on a free device, HDCP is an irrelevance and does not reduce freedom in any way....

HDCP support is implemented almost entirely in the hardware. Rather than adding a mandatory encryption layer for content, the HDCP kernel support is dormant unless userspace explicitly requests an encrypted link. It then attempts to enable encryption in the hardware and informs userspace of the result. So there's the first out: if you don't want to use HDCP, then don't enable it! The kernel doesn't force anything on an unwilling userspace.... HDCP is only downstream facing: it allows your computer to trust that the device it has been plugged into is trusted by the HDCP certification authority, and nothing more. It does not reduce user freedom, or impose any additional limitations on device usage.

This discussion has been archived. No new comments can be posted.

Why Linux HDCP Isn't the End of the World

Comments Filter:
  • by Anonymous Coward on Saturday December 16, 2017 @03:41PM (#55752101)

    When Game of Thrones gets interrupted in the middle because the HDCP checks fail, it takes away my freedom!

    Copy protection almost always comes at a cost to usability.

    #firstworldproblems

    • by saloomy ( 2817221 ) on Saturday December 16, 2017 @04:03PM (#55752211)

      It also affects your ability to trust your system. When there is unauditable code, you have no idea of its malicious or poorly written. Thatâ(TM)s the problem. There are going to be asshats on here who say no one does code review anyway, but that isnâ(TM)t the point. The point is you become no longer free to even if you wanted to. In this day and age of all the software bugs, bad implementations and massive data breaches and hacks, how on earth is closed-source client-side code or hardware still a thing?

      • Re: (Score:2, Funny)

        The same way we can’t really trust Slashdot since they don’t seem to be able to fix simple character encoding problems.

      • It also uses energy. For low-power devices like iPods, DRM has a measurable effect on battery life.

      • It also affects your ability to trust your system. When there is unauditable code, you have no idea of its malicious or poorly written. Thatâ(TM)s the problem. There are going to be asshats on here who say no one does code review anyway, but that isnâ(TM)t the point. The point is you become no longer free to even if you wanted to. In this day and age of all the software bugs, bad implementations and massive data breaches and hacks, how on earth is closed-source client-side code or hardware still a thing?

        But you don't have any idea if it is poorly written or malicious if it is auditable. The fact that we have some absolutely mind blowing whoppers of bugs in FOSS, some of which have existed in software part of almost every distro and in some cases for several years is living proof that it doesn't matter a toss whether you can review the source code or not. Quite simply the number of people who have the competence to at a sufficient level as well as the time to do it as well is very very limited and for all i

        • by ccady ( 569355 )
          Having software it that is too complex for you too work on is VERY different from having software that you are NOT ALLOWED to work on. Those bugs you mention were found. If it was closed source, they would not have been found.
  • by Anonymous Coward

    How long until this implemented by default in systemd and you can't turn it off without ripping the guts out of your system?

  • Intel: "Trust me!" (Score:5, Informative)

    by ITRambo ( 1467509 ) on Saturday December 16, 2017 @03:46PM (#55752133)
    We've seen what Intel's Management Engine did, it made systems less secure while keeping a backdoor to your system open at boot. Now, nothing to concern yourself with here either. No thanks, Intel.
    • by Anonymous Coward

      Well said - of course what tipped me off was the name "Secure boot" - I immediately figured it was for the opposite purpose..

      • by Anonymous Coward

        What a terrible thing to say!

        Of course it's for securing the boot process. Specifically, securing the boot process for the company so that pesky "user" person can't tamper with it. Tech companies are beyond pesky things such as personal property, silly. Next thing you know people will object to those same companies hollowing out every right they can so that you technically have rights but in practice have virtually no realistic option to enjoy any of them if you use modern technology.

    • by Anonymous Coward

      This is more like TPM than ME. ME was a dedicated chipset that had direct access to the north/south bridge. This is more of like an SSE or MMX style implementation in the video chipset. It must be specifically invoked and then you are filling registers with regular data to receive an HDCP encrypted response. TPM is implemented in a similar style. The idea being you don't have to implement if you don't want to.. think 386 protected mode back in the early 90s. BUT, like 386 protected mode, it became the

      • by tepples ( 727027 )

        THAT IS THE PROBLEM WITH HDCP when all content or devices require HDCP

        Works require HDCP, not displays. All displays can view unencrypted signals. Works under a Creative Commons license do not require HDCP for playback. Only viewing non-free works will ever require HDCP.

        • Well, isn't HDCP really someone else's computer *fully* determining what you see? If it encrypts the monitor's image stream, can't it modify it?

          What if you've got an HDCP-protected YouTube stream playing in the background as you're logged on to Net-banking and then happen to click the browser's address bar? Could HDCP *hardware* insert a fake 're-enter your banking credentials' message and image-capture your password as it appears in the address bar? Remember "Reflections on trusting trust" and the Intel

          • The HDCP hardware is part of hardware you already have to trust not to do things like that.

            • That's right. :( The same way I must trust Intel's management engine.

              But can we trust Intel to not let _others_ take control and do such things? The more such independent 'hardware engines' a computer has, the less we can trust it.

        • by AmiMoJo ( 196126 )

          I can't see a down side to this. You want to watch something that requires HDCP, so you enable it. You are still running a free OS, HDCP itself is easy to remove, and the content is none the wiser.

          • If the studio requiring HDCP on the output of a PC running a free operating system expects HDCP to be effective, the video will need to be decoded by a non-free executable on the video card in order to keep free software from seeing (and teeing) the cleartext decoded RGB or YCbCr output of the decoder. This is acceptable to some operating system distributors (Debian, Fedora, and the like), because all the non-free stuff happens out of the CPU's address space, but not in any distribution recommended by the G [gnu.org]

            • by AmiMoJo ( 196126 )

              Sure, but even so it doesn't affect anyone who doesn't enable it. They can't play that stuff now, they won't be able to play it in future if they don't want non-free binaries.

          • Part of the problem is that it makes it less likely that people will complain about media that they can't play, which reduces the likelihood of media companies backing down on limiting what people can do with their legally purchased media. For example, under fair use rights, you are allowed to take screen captures of a film and include them in an article about the film, or use small extracts from it for a variety of purposes. With HDCP working, these are not possible.

            That said, you can bet that, once thi

    • If its fully open source, including no secret firmware or secret code, then its fine. If we can edit, tweak, fix, compile and see all the bits, DRM all you want, no problem.

      But obfuscate and secret away the code? The get out of my operating system.

  • by sanf780 ( 4055211 ) on Saturday December 16, 2017 @03:49PM (#55752149)
    HDCP, like any form of DRM, ends up doing more harm than good to the user. As far as I know from the Windows machines, HDCP is enabled by DVD and Bluray players - probably 4K Netflix too. I cannot think of any other reason to enable HDCP other than licensed multimedia archives. I would not enable HDCP on my computer for most of the typical usage scenarios of any personal computer.
    • by Anonymous Coward

      While the DRM itself doesn't give any benefit to the actual user of the computer, one side-effect of the scrambling might. Good encryption renders anything passed through its algorithm indistinguishable from noise. While HDCP may not be perfect, it still makes your video data more noise-like than it used to be. This is important if you're worried about TEMPEST attacks. By spreading the video data wider across the frequency spectrum, each individual component has less power and as such will be less detectabl

      • That is about the only thing I can think of HDCP: you XOR and scramble the signal you send through the link and thus reduce emissions. However, it only does encrypt the signal from GPU to monitor. The link is usually short and you better have physical restrictions here too. MitM attacks can still be done by plugging an HDMI repeater device.
  • by Anonymous Coward

    Except when Firefox, Chrome and the rest of willing hollywood goon start "requesting" that you enable hdcp, or else no html5 video? How long will it take until the shuttleworth (you know, the guy with the spine of a jellyfish in sulfuric acid) enables it by default (and ms remands the same for secure boot shif signature)?

    • Except when Firefox, Chrome and the rest of willing hollywood goon start "requesting" that you enable hdcp, or else no html5 video?

      Then I will view non-Hollywood video. And even if the ISPs throttle it, 1.5 Mbps is enough to stream at 480p.

      How long will it take until the shuttleworth (you know, the guy with the spine of a jellyfish in sulfuric acid) enables it by default

      I don't know how long it will take, but I can guess the result: more adoption of Linux Mint Debian Edition.

  • by Anonymous Coward on Saturday December 16, 2017 @03:55PM (#55752177)

    How stupid do you think we are?

  • by Wuhao ( 471511 ) on Saturday December 16, 2017 @04:02PM (#55752201)

    DRM does not work. If you doubt this, name for me one piece of copyrighted material HDCP is intended protect that is not already available for piracy online. This cannot be done, therefore, anything I could watch if HDCP is supported, I can already watch without it. So if there's no value-add for the user, and no value-add for the media companies, and it contradicts the open nature which has made Linux so successful in the first place, why should it be included?

    • your country's police might kick in your door for downloading pirated content

      • by Wuhao ( 471511 )

        You know, the-man-will-get-you FUD used to worry me, but now it doesn't. They tried it, and it was way too expensive. So instead they did what we said they ought to do all along: release their stuff on a platform like Netflix, which is easier to use than piracy. And lo, I pay for Netflix! But I'm likely to cancel my subscription because of barriers introduced by DRM.

        • last I looked several countries have recently made laws with severe punishments for piracy. They tried it and got lawmakers on board so it's not as expensive now to bring the hammer down.

    • So if there's no value-add (...) for the media companies

      Takes a bit longer to crack, and pirating become less trivial / useful so it does deter a few users on the margin therefore the value isn't exactly zero.

      • by c6gunner ( 950153 ) on Saturday December 16, 2017 @04:55PM (#55752411)

        Takes a bit longer to crack, and pirating become less trivial / useful so it does deter a few users on the margin therefore the value isn't exactly zero.

        I would argue the opposite. DRM often ends up causing playback issues even with purchased media due to various glitches and incompatibilities. This causes frustration and disgust amongst consumers, which could very well drive some of them towards piracy as a solution. Assuming they didn't already pirate before, they're quickly going to learn how easy and convenient it is, making them more likely to do it again in the future.

        • This. So much this.

          I remember when Bluray was new, and the PS3 came out, and bought my first few Bluray movies. Sure enough, I couldn't actually watch the movies right away. They forced the PS3 to download and install an update in order to watch.

          I've found piracy much more convenient. No updates, no waiting, no forced ads. Now with faster internet and better encoding methods, it's quicker to download 1080p content than it is to even dig the disc out and put it in a player.

        • This! I remember downloading a crack for the Assassin's Creed game I purchased because I became frustrated in the game kicking me out if I had intermittent internet.

          Though crack is a strong word, more like a local DRM server to fool the game into thinking it has connected to whatever shitty idea Ubisoft dumped out at the morning meeting of the retard convention.

        • " how easy and convenient it is"

          hahahahaha! No one in my family pirates because it's "too hard" and they're not dumb people at all, mostly professionals and all with college degrees.

          You underestimate how tech unsavvy most are, by a large margin.

          • Except it's not. For one thing, I try not to confuse the words "professional" and "college degree" with "smart". They do not mean the same thing.

            Also I know dozens of people (some with college degrees, some without) who have an android based Kodi box by their TV, and use it to stream movies from ice films and similar Kodi channels. While that may not be what you typically think of when someone says the word "piracy", it does certainly fall into that category, and it's about as simple as using Netflix.

            T

            • College to me means, ability to learn, not necessarily "smart."

              Your example is what I include in piracy, and I only know techies with those setups. "regular users" I encounter, which is a LOT as I own a growing MSP, don't even know about any of that.

    • by kwerle ( 39371 )

      xbox games? Are those cracked, these days?

      • Xbox games do not rely on HDCP to avoid piracy. HDCP encrypts the video stream. If it is used by an xbox game, then it only forbids you from recording your gaming sessions. You can't copy a game over HDMI. Unless your game is a movie.

        • If [HDCP] is used by an xbox game, then it only forbids you from recording your gaming sessions.

          Which is exactly what the game publishers want, especially if they have a policy of asserting copyright against players who upload videos of their game session to video hosts.

          • by Anonymous Coward

            If [HDCP] is used by an xbox game, then it only forbids you from recording your gaming sessions.

            Which is exactly what the game publishers want, especially if they have a policy of asserting copyright against players who upload videos of their game session to video hosts.

            Too bad then since it's well known there are HDMI splitters that strip HDCP. I personally got one because my PSTV wasn't working with my HDMI->VGA adapter. Ended up getting both an HDMI->VGA adapter that works with the HDCP and a spl

        • by davecb ( 6526 )

          ... If it is used by an xbox game, then it only forbids you from recording your gaming sessions.

          This makes it hard to prove you won when you're playing in a for-money tournament. Better have your phone on a tripod, recording the match as you play

          My old employer, https://worldgaming.com/ [worldgaming.com] sponsors just such tournaments and asks for evidence in case of two people claiming to have won.

          --dave

      • These days games are just boilerplate code that connects to the Internet for additional assets and the core gameplay even. Itâ(TM)s not DRM but it effectively limits your ability to play if you donâ(TM)t have a connection. Theyâ(TM)re also cheap and available enough that most donâ(TM)t have to bother with DRM anymore so for games the market has resolved the situation.

        The same is becoming true of video, my time these days is now evenly shared between my Netflix backlog and YouTube/Twitch/

      • by Wuhao ( 471511 )

        Maybe there's an emulator for it and maybe there's not, but I was never expecting to play the Xbox games on my Linux box, any more than I expect my phone apps to run on it. But there's no movie, TV show or music album for instance that was released, DRMed and unpiratable, unless that media was so spectacularly unpopular that no one wanted to pirate it in the first place.

    • Naw, linux should support all the things. Even the sucky things. Let people choose.

  • by Anonymous Coward

    "It does not reduce user freedom, or impose any additional limitations on device usage."

    Yeah, it just allows others to do so, and doesn't even provide any beneficial functionality in return. Go figure.

    • by jmccue ( 834797 )

      "It does not reduce user freedom, or impose any additional limitations on device usage."

      Sound familiar, I heard something like that before ? Wait, I remember last Thursday Dec 14. These days I am convinced a statement like that made by any large agency, either Gov or Private really means the exact opposite.

    • and doesn't even provide any beneficial functionality

      Well, at a minimum you can use it to test used monitors and determine if they support the feature. So recyclers might have a use case.

  • The real issues... (Score:4, Insightful)

    by Anonymous Coward on Saturday December 16, 2017 @04:10PM (#55752233)

    The are many problems with this, in no particular order:

    1) HDCP imposes restrictions on what users can do with content they've legally purchased. I should be able to record content that I'm sending over an HDMI cable to my TV, but HDCP prevents this.

    2) It's an inconvenience to users, while not actually impeding piracy. HDCP encryption has been broken, so it's not secure. There are also some HDMI splitters that can remove HDCP encryption.

    3) If HDCP is supported by more systems, it does provide convenience to users. However, many of those users are likely to tolerate HDCP, further allowing DRM to become entrenched.

    HDCP stops me from recording the HDMI signal that comes out of my cable box. Most of the channels are protected by setting the CCI flag to copy once, which prevents me from recording them on any software other than Windows Media Center. Were it not for the DRM, it would be completely legal for me to record content through either of those means. If I can easily record the content myself, it takes away the incentive to pirate that content from the internet. I might share the content with friends by giving them copies on flash drives, but small scale piracy has been around at least since the days of VHS. However, it reduces the incentive to participate in large scale piracy like obtaining the content from torrents. I hypothesize that DRM like HDCP actually encourages piracy.

  • Why would it be?
  • Errrrr.... (Score:4, Insightful)

    by JustAnotherOldGuy ( 4145623 ) on Saturday December 16, 2017 @04:51PM (#55752395)

    Every single time I've heard the phrase, "...does not reduce freedom in any way...." it ALWAYS turns out to be a lie. The context is almost irrelevant.

    It's a red flag- if they're telling you they're "not doing XYZ" or that "XYZ won't affect you", you can usually bet your ass that they are in fact doing "XYZ" and/or it does indeed affect you in some way.

    Much like net neutrality- Comcast would never ever throttle your connection or block certain sites, they just want the ability to do so, even though they would never ever do that. But they want to be able to anyway. Hmmm.

    • Much like net neutrality- Comcast would never ever throttle your connection or block certain sites, they just want the ability to do so, even though they would never ever do that. But they want to be able to anyway. Hmmm.

      three seconds later "Hey, here's how to pay us to remove this throttle we just added."

      • three seconds later "Hey, here's how to pay us to remove this throttle we just added."

        Exactly. "Pay us more for this new service, which is basically restoring the old service you had."

  • AMD AMD AMD! intel better not force this to be moved to on all the time

  • by blind biker ( 1066130 ) on Saturday December 16, 2017 @05:21PM (#55752513) Journal

    People have replaced perfectly working video connectors/standards (VGA and DVI) with DRM-laden, controlled up the wazoo stuff like HDMI and DisplayPort. People have replaced perfectly working, and safe, boot firmware - BIOS - with shit that is controlled not by the user but by a third party, and it is not safe, and it can be altered from userland (UEFI). People are in the process of replacing a decent if closed-source OS (Windows 7) with an ad-laden, telemetry-laden OS that reboots when uncle Microsoft says so - Windows 10.

    It is amazing that people are OK with taking all this crap up the ass and after a while, actually feel happy about it. I am glad there are exceptions, but we are a tiny, insignificant minority.

    • by DRJlaw ( 946416 )

      People have replaced perfectly working video connectors/standards (VGA and DVI) with DRM-laden, controlled up the wazoo stuff like HDMI and DisplayPort.

      You do realize that HDCP over DVI has been a thing since forever. It's HDMI without the audio/networking links.

      • People have replaced perfectly working video connectors/standards (VGA and DVI) with DRM-laden, controlled up the wazoo stuff like HDMI and DisplayPort.

        You do realize that HDCP over DVI has been a thing since forever. It's HDMI without the audio/networking links.

        Donofadiddley, you're right! I was wrong about DVI, it's no better than DisplayPort in that regard.

    • by Anonymous Coward

      > People have replaced perfectly working video connectors/standards (VGA and DVI) with ... HDMI and Displayport.

      a) DVI is identical to HDMI. That is to say that HDMI is DVI over a different shaped plug. This means that DVI supports HDCP, too..

      b) Just _try_ to get "4k" at 60Hz over "VGA" cabling and connectors. _If_ you could find a video card (and graphics card) with the internal hardware to _handle_ that signal, I bet you _could_ make it work, but I bet you _couldn't_ do it over cables longer than a foo

    • perfectly working

      Define perfectly working. You're comparing a standard that can't display 1920x1080 without fuzzy edges (VGA) to perfect 8K 60fps 30bit content (DisplayPort)
      VGA has been far from "working" for a long time now.

      While you're at it you're also comparing a current OS to one that is out of mainstream support and already has shown support issues with various pieces of hardware on the market.

      If that's your idea of "perfect" then its no wonder that the actions of people come as a surprise to you.

    • by AmiMoJo ( 196126 )

      DisplayPort doesn't do DRM natively, only in legacy HDMI mode. It's useful because it's packet based, so should be flexible enough to serve us for the foreseeable future.

      UEFI is a useful upgrade over the old BIOS. It ditched a lot of legacy crap like running x86 code directly from PCI ROMs and then having the OS reconfigure them anyway. It's much more secure, not tied to x86 and not full of crappy hacks.

      Sometimes change is good. Not always, and in the absence of central planning this is how the market decid

    • by antdude ( 79039 )

      That is why I still use old stuff like VGA, DVI, coax, W7, Linux, analog, etc.

      • by Mal-2 ( 675116 )

        Sorry, DVI is electrically and signal-compatible with HDMI, and supports HDCP. You'll have to dump that too.

  • That leaves out anything running UEFI, of which one of it's features is root kiting.

  • by Anonymous Coward

    This dude is missing a basic point: He's saying if YOU don't want it, YOU don't enable it - but YOU might be a consumer using some kind of box that outputs this encrypted HDCP signal with no ability to recompile the fucking kernel or whatever hoops you have to jump through to "not enable it". It's possible to use it, so now it enables the creation of an entire class of systems with this bit flipped on and this unwanted functionality permanently on with no option to disable it. Of course whether it's "wan

  • Please select from one of the following options:
    (1) Never Requires Encryption
    (2) Accept Encryption / Unencryption
    (3) Does not accept Unencrypted Data

    the linux kernel - used in the majority of TVs, PVRs, STBs and Android devices - used to be at level (1). it's now moved to level (2). this is the "Green Light" for manufacturers to start producing HDMI devices at level (3). so tell me: in what way does this decision NOT reduce user freedom?

  • Asking for a friend.

    • by Mal-2 ( 675116 )

      In theory, no, but in practice -- sort of.

      Would an analog VGA signal at full resolution be close enough? You can sometimes escape through the analog hole still. I have an HDMI-to-VGA dongle that reports itself HDMI-compliant. Since it's pushing analog out the other end, it obviously is not compliant, but all that matters is that it says it is. It cost me less than $10 and is not marketed as having this ability.

  • by Anonymous Coward

    6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
    82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
    1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
    b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
    2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
    672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
    07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc3

  • it has been plugged into is trusted by the HDCP certification authority, and nothing more. It does not reduce user freedom, or impose any additional limitations on device usage.

    HDCP requires that the entire chain - from source through display device - support HDCP. Therefore by allowing it, one then ends up needing devices (e.g video sources, video cards, monitors, etc) that *all* support HDCP. If any one of those does not, then the video will be refused. Therefore "additional limitations on device usage" are imposed by definition.

  • If they think it's easy to manipulate it, make it very easy to disable or subvert.
  • This functionality cannot be used by an open source kernel. This functionality cannot be used by an open source userspace. Why should it be maintained by the open source community? It doesn't belong on kernel.org; it should stay within Google together with the rest of the binary nonsense that they develop and keep in order to fulfill their contractual obligations with Disney. Nobody said that DRM in the kernel was "the end of the world". The point is that asking the open source developers, that is the very
  • by sad_ ( 7868 )

    Makes him sound like Ajit Pai - nothing will change, you will still be able to do everything you are doing now. nothing is being taken away.

COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. -- J.N. Gray

Working...