Peter Gutmann, crypto geek and author of “Everything you never wanted to know about PKI but have been forced to find out“, has written an analysis of the long-delayed Microsoft’s “Vista Content Protection” specification1.
The Vista Content Protection specification could very well constitute the longest suicide note in history.
Peter has drawn on a heap of sources (both public and private) to work out the implications of Microsoft wanting to make the content providers dreams come true and going to extreme lengths to try and stop a few people tampering with “premium content”. The results are going to be more unreliable systems with large processing overheads and less functionality.
Since S/PDIF doesn’t provide any content protection, Vista requires that it be disabled when playing protected content. In other words if you’ve invested a pile of money into a high-end audio setup fed from a digital output, you won’t be able to use it with protected content. Similarly, component (YPbPr) video will be disabled by Vista’s content protection, so the same applies to a high-end video setup fed from component video.
Echo cancellation will be another victim of Vista as the required feedback system will not be permitted, instead it’ll degrade the quality to stop the potential for capturing “premium content” and the legitimate users will just have to cope. This sort of audio and video degradation will occur whenever the system believes it is playing “premium content”, even if you’re doing something else important:
What makes this particularly entertaining is the fact that the downgrading/disabling is dynamic, so if the premium-content signal is intermittent or varies (for example music that fades out), various outputs and output quality will fade in and out, or turn on and off, in sync. Normally this behaviour would be a trigger for reinstalling device drivers or even a warranty return of the affected hardware, but in this case it’s just a signal that everything is functioning as intended.
It appears the user will have no control over this, if someone manages to introduce something that Vista believes is “premium content” (and we all know how bad Microsoft are at getting things right) then the constrictors will kick in, downgrading the signal and then upgrading it to the required spec but with loss in quality. This pretty much rules Vista out for use in hospital imaging systems, astronomy or anywhere else where lossy compression is verboten. This is going to be a nightmare for the hardware vendors:
Amusingly, the Vista content protection docs say that it’ll be left to graphics chip manufacturers to differentiate their product based on (deliberately degraded) video quality. This seems a bit like breaking the legs of Olympic athletes and then rating them based on how fast they can hobble on crutches.
This is also going to have serious ramifications for developers of drivers for open source operating systems like Linux, FreeBSD, etc as Vista will introduce a requirement called Hardware Functionality Scan (HFS for short) where the driver interrogates a device and gets it to attest it is legitimate (and not a software phantom). This, of course, is being done through security through obscurity and, as Peter says:
In order for this to work, the spec requires that the operational details of the device be kept confidential. Obviously anyone who knows enough about the workings of a device to operate it and to write a third-party driver for it (for example one for an open-source OS, or in general just any non-Windows OS) will also know enough to fake the HFS process. The only way to protect the HFS process therefore is to not release any technical details on the device beyond a minimum required for web site reviews and comparison with other products.
In return the hardware will be monitored for odd things happening (unexpected voltage changes, etc) and the drive can set so called “tilt switches” to let the O/S know that something bad might be happening, which will be real fun for Vista users when the virus writers figure out how to trip these from software. The hardware is also going to have to support video decompression as the CPU won’t be allowed to do that due to its vulnerable nature, which is going to constrain the codecs that “premium content” will use. This is already an issue:
This is particularly troubling for the high-quality digital cinema (D-Cinema) specification, which uses Motion JPEG2000 (MJ2K) because standard MPEG and equivalents don’t provide sufficient image quality. Since JPEG2000 uses wavelet-based compression rather than MPEG’s DCT-based compression, and wavelet-based compression isn’t on the hardware codec list, it’s not possible to play back D-Cinema premium content (the moribund Ogg Tarkin codec also used wavelet-based compression). Because *all* D-Cinema content will (presumably) be premium content, the result is no playback at all until the hardware support appears in PCs at some indeterminate point in the future.
So this will stifle the innovation in video codecs, no hardware support then no undegraded playback. This will probably rule out the use of Vista for high-def Access Grid videoconferencing. Add in on top of all this the requirements to support hardware encryption between components and all the patent licenses that are needed for this and you’ve got a recipe for disaster.
For those of us lucky enough to not be under the thumb of the Redmond monopoly this will either mean a ramp up in hardware costs across the board, or (less likely) the hardware vendors will start to sell two streams of hardware, one “Vista Certified” and costing more and another which isn’t and costs less (possibly being older hardware predating these crazy requirements).
- Warning, plain text document, may cause culture shock to the Flash Generation due to high signal to noise ratio and lack of pretty pictures [back]