![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mjg59As part of their "Defective by Design" anti-DRM campaign, the FSF recently made the following claim:
This is part of an overall argument that Microsoft's insistence that only hardware with a TPM can run Windows 11 is with the goal of aiding streaming companies in their attempt to ensure media can only be played in tightly constrained environments.
I'm going to be honest here and say that I don't know what Microsoft's actual motivation for requiring a TPM in Windows 11 is. I've been talking about TPM stuff for a long time. My job involves writing a lot of TPM code. I think having a TPM enables a number of worthwhile security features. Given the choice, I'd certainly pick a computer with a TPM. But in terms of whether it's of sufficient value to lock out Windows 11 on hardware with no TPM that would otherwise be able to run it? I'm not sure that's a worthwhile tradeoff.
What I can say is that the FSF's claim is just 100% wrong, and since this seems to be the sole basis of their overall claim about Microsoft's strategy here, the argument is pretty significantly undermined. I'm not aware of any streaming media platforms making use of TPMs in any way whatsoever. There is hardware DRM that the media companies use to restrict users, but it's not in the TPM - it's in the GPU.
Let's back up for a moment. There's multiple different DRM implementations, but the big three are Widevine (owned by Google, used on Android, Chromebooks, and some other embedded devices), Fairplay (Apple implementation, used for Mac and iOS), and Playready (Microsoft's implementation, used in Windows and some other hardware streaming devices and TVs). These generally implement several levels of functionality, depending on the capabilities of the device they're running on - this will range from all the DRM functionality being implemented in software up to the hardware path that will be discussed shortly. Streaming providers can choose what level of functionality and quality to provide based on the level implemented on the client device, and it's common for 4K and HDR content to be tied to hardware DRM. In any scenario, they stream encrypted content to the client and the DRM stack decrypts it before the compressed data can be decoded and played.
The "problem" with software DRM implementations is that the decrypted material is going to exist somewhere the OS can get at it at some point, making it possible for users to simply grab the decrypted stream, somewhat defeating the entire point. Vendors try to make this difficult by obfuscating their code as much as possible (and in some cases putting some of it in-kernel), but pretty much all software DRM is at least somewhat broken and copies of any new streaming media end up being available via Bittorrent pretty quickly after release. This is why higher quality media tends to be restricted to clients that implement hardware-based DRM.
The implementation of hardware-based DRM varies. On devices in the ARM world this is usually handled by performing the cryptography in a Trusted Execution Environment, or TEE. A TEE is an area where code can be executed without the OS having any insight into it at all, with ARM's TrustZone being an example of this. By putting the DRM code in TrustZone, the cryptography can be performed in RAM that the OS has no access to, making the scraping described earlier impossible. x86 has no well-specified TEE (Intel's SGX is an example, but is no longer implemented in consumer parts), so instead this tends to be handed off to the GPU. The exact details of this implementation are somewhat opaque - of the previously mentioned DRM implementations, only Playready does hardware DRM on x86, and I haven't found any public documentation of what drivers need to expose for this to work.
In any case, as part of the DRM handshake between the client and the streaming platform, encryption keys are negotiated with the key material being stored in the GPU or the TEE, inaccessible from the OS. Once decrypted, the material is decoded (again either on the GPU or in the TEE - even in implementations that use the TEE for the cryptography, the actual media decoding may happen on the GPU) and displayed. One key point is that the decoded video material is still stored in RAM that the OS has no access to, and the GPU composites it onto the outbound video stream (which is why if you take a screenshot of a browser playing a stream using hardware-based DRM you'll just see a black window - as far as the OS can see, there is only a black window there).
Now, TPMs are sometimes referred to as a TEE, and in a way they are. However, they're fixed function - you can't run arbitrary code on the TPM, you only have whatever functionality it provides. But TPMs do have the ability to decrypt data using keys that are tied to the TPM, so isn't this sufficient? Well, no. First, the TPM can't communicate with the GPU. The OS could push encrypted material to it, and it would get plaintext material back. But the entire point of this exercise was to avoid the decrypted version of the stream from ever being visible to the OS, so this would be pointless. And rather more fundamentally, TPMs are slow. I don't think there's a TPM on the market that could decrypt a 1080p stream in realtime, let alone a 4K one.
The FSF's focus on TPMs here is not only technically wrong, it's indicative of a failure to understand what's actually happening in the industry. While the FSF has been focusing on TPMs, GPU vendors have quietly deployed all of this technology without the FSF complaining at all. Microsoft has enthusiastically participated in making hardware DRM on Windows possible, and user freedoms have suffered as a result, but Playready hardware-based DRM works just fine on hardware that doesn't have a TPM and will continue to do so.
Today, most of the major streaming media platforms utilize the TPM to decrypt media streams, forcefully placing the decryption out of the user's control(from here).
This is part of an overall argument that Microsoft's insistence that only hardware with a TPM can run Windows 11 is with the goal of aiding streaming companies in their attempt to ensure media can only be played in tightly constrained environments.
I'm going to be honest here and say that I don't know what Microsoft's actual motivation for requiring a TPM in Windows 11 is. I've been talking about TPM stuff for a long time. My job involves writing a lot of TPM code. I think having a TPM enables a number of worthwhile security features. Given the choice, I'd certainly pick a computer with a TPM. But in terms of whether it's of sufficient value to lock out Windows 11 on hardware with no TPM that would otherwise be able to run it? I'm not sure that's a worthwhile tradeoff.
What I can say is that the FSF's claim is just 100% wrong, and since this seems to be the sole basis of their overall claim about Microsoft's strategy here, the argument is pretty significantly undermined. I'm not aware of any streaming media platforms making use of TPMs in any way whatsoever. There is hardware DRM that the media companies use to restrict users, but it's not in the TPM - it's in the GPU.
Let's back up for a moment. There's multiple different DRM implementations, but the big three are Widevine (owned by Google, used on Android, Chromebooks, and some other embedded devices), Fairplay (Apple implementation, used for Mac and iOS), and Playready (Microsoft's implementation, used in Windows and some other hardware streaming devices and TVs). These generally implement several levels of functionality, depending on the capabilities of the device they're running on - this will range from all the DRM functionality being implemented in software up to the hardware path that will be discussed shortly. Streaming providers can choose what level of functionality and quality to provide based on the level implemented on the client device, and it's common for 4K and HDR content to be tied to hardware DRM. In any scenario, they stream encrypted content to the client and the DRM stack decrypts it before the compressed data can be decoded and played.
The "problem" with software DRM implementations is that the decrypted material is going to exist somewhere the OS can get at it at some point, making it possible for users to simply grab the decrypted stream, somewhat defeating the entire point. Vendors try to make this difficult by obfuscating their code as much as possible (and in some cases putting some of it in-kernel), but pretty much all software DRM is at least somewhat broken and copies of any new streaming media end up being available via Bittorrent pretty quickly after release. This is why higher quality media tends to be restricted to clients that implement hardware-based DRM.
The implementation of hardware-based DRM varies. On devices in the ARM world this is usually handled by performing the cryptography in a Trusted Execution Environment, or TEE. A TEE is an area where code can be executed without the OS having any insight into it at all, with ARM's TrustZone being an example of this. By putting the DRM code in TrustZone, the cryptography can be performed in RAM that the OS has no access to, making the scraping described earlier impossible. x86 has no well-specified TEE (Intel's SGX is an example, but is no longer implemented in consumer parts), so instead this tends to be handed off to the GPU. The exact details of this implementation are somewhat opaque - of the previously mentioned DRM implementations, only Playready does hardware DRM on x86, and I haven't found any public documentation of what drivers need to expose for this to work.
In any case, as part of the DRM handshake between the client and the streaming platform, encryption keys are negotiated with the key material being stored in the GPU or the TEE, inaccessible from the OS. Once decrypted, the material is decoded (again either on the GPU or in the TEE - even in implementations that use the TEE for the cryptography, the actual media decoding may happen on the GPU) and displayed. One key point is that the decoded video material is still stored in RAM that the OS has no access to, and the GPU composites it onto the outbound video stream (which is why if you take a screenshot of a browser playing a stream using hardware-based DRM you'll just see a black window - as far as the OS can see, there is only a black window there).
Now, TPMs are sometimes referred to as a TEE, and in a way they are. However, they're fixed function - you can't run arbitrary code on the TPM, you only have whatever functionality it provides. But TPMs do have the ability to decrypt data using keys that are tied to the TPM, so isn't this sufficient? Well, no. First, the TPM can't communicate with the GPU. The OS could push encrypted material to it, and it would get plaintext material back. But the entire point of this exercise was to avoid the decrypted version of the stream from ever being visible to the OS, so this would be pointless. And rather more fundamentally, TPMs are slow. I don't think there's a TPM on the market that could decrypt a 1080p stream in realtime, let alone a 4K one.
The FSF's focus on TPMs here is not only technically wrong, it's indicative of a failure to understand what's actually happening in the industry. While the FSF has been focusing on TPMs, GPU vendors have quietly deployed all of this technology without the FSF complaining at all. Microsoft has enthusiastically participated in making hardware DRM on Windows possible, and user freedoms have suffered as a result, but Playready hardware-based DRM works just fine on hardware that doesn't have a TPM and will continue to do so.
Hardware DRM is broken too
Date: 2025-01-02 03:46 am (UTC)As usual DRM fails to prevent piracy while hurting the experience of paying customers.
Re: Hardware DRM is broken too
From: (Anonymous) - Date: 2025-01-02 08:19 pm (UTC) - ExpandRe: Hardware DRM is broken too
From: (Anonymous) - Date: 2025-01-03 12:12 am (UTC) - Expandno subject
Date: 2025-01-02 06:07 am (UTC)https://news.ycombinator.com/item?id=42572090
(no subject)
From:(no subject)
From:(no subject)
From: (Anonymous) - Date: 2025-01-02 09:13 am (UTC) - Expand(no subject)
From: (Anonymous) - Date: 2025-01-02 11:45 am (UTC) - Expand(no subject)
From: (Anonymous) - Date: 2025-01-02 12:19 pm (UTC) - ExpandTPM definitions
Date: 2025-01-02 12:01 pm (UTC)Any example?
It would help to clarify what definition of "TPM" is being used. For example, from an EU copyright law perspective, the TEE or GPU funcionality described here is definitely a technological protection measure/technical measure.
Re: TPM definitions
From: (Anonymous) - Date: 2025-01-02 02:42 pm (UTC) - ExpandRe: TPM definitions
From: (Anonymous) - Date: 2025-01-03 08:31 am (UTC) - ExpandRe: TPM definitions
From:no subject
Date: 2025-01-02 12:07 pm (UTC)Surely Virtualbox can't provide anything that is "trusted" (by anyone at all) in the way that a TPM is supposed to be? Is there a special exception made for VMs on the grounds that it would be just too awkward if there weren't? Or is there some genuinely relevant property shared by TPM-equipped hardware and virtual machines, and not possessed by TPMless hardware?
(no subject)
From: (Anonymous) - Date: 2025-01-02 01:51 pm (UTC) - Expand(no subject)
From:Microsoft's motivation
Date: 2025-01-02 03:22 pm (UTC)- Windows Hello (aka FIDO2, WebAuthn, Passkey)
- Bitlocker
- AD and cloud device management (Intune)
All of these require secure storage of secret keys. Many features in Windows and Active Directory environments require that the machine can authenticate itself to the domain controller etc. Companies also like to use it for VPN keys.
Android and iOS also make much more use of hardware key storage for all kinds of things than desktop operating systems.
no subject
Date: 2025-01-02 07:58 pm (UTC)While DRM sucks, streaming companies have a reason to use it: you don't own the content and they don't want people to slipstream content. And yes, I know pirate sites slipstream anyways.
The FSF needs to move on to newer problems, like Google Play Integrity API and modding. Or the fact that iPhones/Huawei/Verizon devices don't allow third-party OSes. Or how about preventing addictive ad-ridden feeds, that would be big.
(no subject)
From: (Anonymous) - Date: 2025-01-02 10:50 pm (UTC) - Expand(no subject)
From: (Anonymous) - Date: 2025-01-04 09:31 am (UTC) - ExpandDistracting from FSF's point
Date: 2025-01-02 11:34 pm (UTC)Re: Distracting from FSF's point
From: (Anonymous) - Date: 2025-01-03 12:51 am (UTC) - ExpandRe: Distracting from FSF's point
From:Re: Distracting from FSF's point
From: (Anonymous) - Date: 2025-01-06 08:53 pm (UTC) - ExpandRe: Distracting from FSF's point
From:Re: Distracting from FSF's point
From: (Anonymous) - Date: 2025-01-09 10:26 am (UTC) - Expandno subject
Date: 2025-01-03 04:55 pm (UTC)Second, TPM 1 with SPI/LPC header on the motherboard is not DRM. DRM. It is simply a means of providing privacy in the presence of persistent malware. It doesn't protect against physical access: if a user needs to compromise his system he can always plug in a cheap microcontroller board.
Thirdly, any TEE, including those based on TPM 2.0, which is right in the processor and with remote attestation is primarily for DRM.
Fourth, protected media path is not the whole DRM, but only one of its components.
TPM 2.0 is not always "right in the processor"
From: (Anonymous) - Date: 2025-01-09 10:34 am (UTC) - Expand(no subject)
From: (Anonymous) - Date: 2025-01-24 02:07 pm (UTC) - Expandno subject
Date: 2025-01-03 10:55 pm (UTC)no subject
Date: 2025-01-08 05:59 pm (UTC)a renovation of activism projects
Dual-use technologies
Date: 2025-01-10 01:10 pm (UTC)And stripped of emotion, the FSF's argument is essentially "this technology is dual-use, and the people you are choosing to trust with it are people we think are untrustworthy". But the technology is being used to solve problems you already have (TPMs used to back unphishable credentials, for ensuring that log-ins only come from your company's approved devices, and not from a hacker's device), and the problems that the FSF talks about are mostly hypothetical for now, as long as your suppliers that you trust don't turn on you.
For the FSF to convince people, it first needs to get its facts consistently right, so that it's not easy to discredit (which it's failed to do here), and secondly needs to actually try to convince people who currently trust Microsoft, Apple, Google et al but have no position on the FSF yet.
The biggest problem with DRM software
Date: 2025-01-18 05:23 pm (UTC)GNU/Linux for X86 and ARM devices such as a Laptop and the Raspberry Pi respectively do have support for the Widevine library.
Often you can get it in the "Non-Free" software repository of a Linux distro such as Debian or Ubuntu. But often times it's not a version compatible with the best version of your OS.
There was no WidevineCDM library for 64 bit ARM, so users with a 64 bit raspberry pi had to use the 32 bit version of Debian for streaming.
And these versions in the repository are I believe just for Chrome. Which brings me to the next example of the same problem.
The Widevine library has to be the correct one for a specific browser. If it is made for firefox it has to use GeckoMediaPlugins. WidevineCDM for Chrome uses something different and closed source. So you have to use the correct version of the library for your browser and your OS, and there is no guarentee that it will be available for either. There could have a version for Firefox that only supports X64 Linux or if there is another for ARM it could be a version which only supports 32 bit ARM Linux. Other independently developed browsers could be left out in the cold.
And it has been reported the version in the Linux repositories can have quality problems with streaming, not allowing 4K either. Even on Windows, people have noticed a quality difference when using a browser, compared to a smart TV or streaming device. Content from sailing websites look better apparently.
People are spending 100s or even thousands on Smart TVs, which will probably be obsolete in a few years, just so they can get a good quality stream. And when they're obsolete, the streaming apps will cease to function no doubt, due to software updates being discontinued. Hope the landfills are big enough. Maybe they can make a section next the mountain of old FireTV sticks.
no subject
Date: 2025-01-24 01:59 pm (UTC)Stuff like D-RTM can replace device lockdown like Intel Boot Guard and AMD PSB, thus allow users the freedom to replace their firmware with an open source alternative. Maybe then we'd see more devices running coreboot.
Intel me is tee and supports DRM
Like anything else streaming services relies on market size. They'll use abusive measures like DRM only when most of consumer base can run it. I don't think most x86 users have discrete gpu and things like ME and trusty widevine app are making hardware DRM viable.
(idk if amd PSP works the same).
OTOH some people are seeing the silverlining that users will switch to linux due to tpm requirement in windows and soon cancel netflix when highest it gives is 720p. IMO the opposite will happen, those who even bother will see netflix doesn't work and switch back to windows and apply the script kiddy level tpm bypass.
We often forget in these discussions that people don't know and care if they're being treated as potential thieves, or that hardware DRM on 'premium quality' content is saving streaming business. At least 1080p is available in pirate sites for almost all contents and even for many pirated contents have higher quality than low bit rate streams. If everyone watching at 1080p cancels subscription tomorrow the charges for others will rise sky high to keep the parasites aka shareholders happy. Similarly music DRM never works but see at spotify.
People. don't. care.
(anon cause openid creds nog synced to this phone).
Re: Intel me is tee and supports DRM
From: (Anonymous) - Date: 2025-02-05 08:04 pm (UTC) - Expand