DRM Dictates that Hardware Cannot be Owner-Controlled

This started out as a post for The POWER and PowerPC General Discussion / News Thread, since the POWER9 chips in the Talos II are the antithesis of all this DRM-encouraged crap.


For context:

  • Raptor Engineering makes the Talos II
  • IBM makes the POWER9 chips, and uses them in enterprise servers and supercomputer nodes
  • ME is the Intel Management Engine, which can only run signed, proprietary, Intel code and has complete control over the system
  • PSP/ASP is the Platform Security Processor, later renamed AMD Secure Processor, does the same as ME, but for AMD chips - can also do memory encryption

Summary

The requirement for DRM from consumer OEMs is the reason why CPUs and GPUs are becoming locked down without owner-control. AMD and Intel can use the same anti-user components (ME/PSP/ASP) to also give a small value-add to small companies for remote management, but the primary reason it cannot be open-source or controlled by the owner of the hardware is because DRM proponents a “loosley defined” hardware assurance that DRM cannot be disabled.

OEMs aren’t willing to sell hardware that won’t run DRM software, and therefore chip makers cannot sell chips unless they support DRM protections. This doesn’t affect IBM, because they don’t sell consumer-targeted chips; their remote management is done via BMC instead; and some of their customers are control freaks: Google, Rackspace, and supercomputer researchers. If you want proof that those are control freaks: the coreboot project was originally started by supercomputer researchers, and is now most widely used by Google Chrome OS devices.

What I’m not sure about is whether ME/PSP/ASP is being used now to enforce DRM, or is it just the groundwork for future DRM software? Does PlayReady for example, actually make use of ME/PSP/ASP?

On the horizon, are technologies like Intel’s SGX, which can prevent you from even seeing what code your processor is running; like above, I’m not sure if any DRM systems are actually using this yet, or if it’s just a disturbing future possibility.

I have seen that Signal uses SGX potentially for good, but it’s still a situation of centralizing trust to Intel.

Outside of the CPU, everything is in much worse shape, graphics cards are already locking down firmware, and if you look at how Blu-ray works, the optical drive itself is part of the DRM system.

Sources

Both Phoronix comment threads I link and quote below feature discussions between madscientist159 (Timothy Pearson, works at Raptor Engineering) and bridgman (works at AMD?) about AMD’s ability to make owner-controlled chips.

Why Intel will never let owners control the ME

https://www.devever.net/~hl/intelme

This itself links to:

Phoronix comment thread where bridgman first spoke about AMD being required to lock down products to support DRM

bridgman

The obvious challenge is that the vast majority of our sales still come from the OEM PC market, which brings a non-negotiable requirement for DRM that can not be tampered with or disabled by the owner, backed by assurances from the HW vendor. Signing the microcode and keeping it closed are two things that help to get us over the (loosely defined and constantly evolving) threshold for “good enough” DRM.

One option that I have been exploring is whether we could make the business case work for compute-only GPUs that used a different execution environment for the microcode (so that opening it would not put OEM PC products at risk) and which could potentially be offered with open sourced microcode. I say “compute-only” because we would not be able to sell those products into the OEM PC market at all, and could not leverage any of our current video encode/decode technology. That last point is proving to be a problem because even compute applications are making use of video-in / video-out capabilities these days.

So the short answer is yes we could do it if we could afford to develop a chip with different microcode engines from our OEM PC parts and continue to support both design paths. Obviously the less functionality we have to include (relative to OEM PC parts) the easier that would be, since each HW block that we did require would need significant rework.

From Phoronix comment thread for sub-Lite Talos II article

bridgman

What I have said is that computer manufacturers (who specify and purchase parts from us and from our competitors) have to comply with industry restrictions if they want to offer features like convenient BluRay or Netflix support, that those restrictions conflict to some extent with the idea of being fully owner-controlled, and that computer manufacturers include DRM requirements in the specifications that we and our competitors need to meet in order to sell our components.

IBM no longer sells into the consumer market, so they have the luxury of not having to include DRM considerations in their CPU designs. We don’t have that luxury right now (our desktop parts and server parts share enough technology to make that impractical) but given time and R&D budgets we could certainly have customized offerings with different security models.

madscientist159

A few years back we attempted to contact AMD via multiple channels to see if a custom PSP-free server SKU was possible, but received no response. It doesn’t really matter if the barrier is economic, legal, technical, or simply executive fiat – the fact remains that, to the best of my knowledge, there are no owner-controllable AMD parts on the market now nor any plans for them in the future. Even if we started out with GPUs it would be a step forward, but that also seems to be going nowhere unfortunately.

bridgman

GPUs are the hardest, as I have explained multiple times, because of DRM requirements. The most likely first step would be a server CPU.

DRM Again Mentioned as a Reason for Management Engine

SGX and Unbreakable DRM (Handmade Hero Chat 005)

5 Likes

Werr, too bad arm and risc are literally everywhere but the desktop. Like linux, Risc could stomp all of this out in a matter of 2 years and force the major companies to play nice.

I’ll talk more later on this, I’m at work.

Good job on the research.

If ARM makes it to the desktop, most chips will probably have a similar system. In fact, the PSP/ASP on AMD’s chips is an ARM TrustZone core; it would probably be easier to use it with an ARM chip rather than x86.

Whose to say the same thing won’t happen to RISC-V? The best-value chips will be made for large customers who want to sell massive quantities to consumers. If consumers are willing to accept DRM, proprietary DRM co-processors or instructions will be added to those chips as a “value-add”. RISC-V is not safe. The general IP for RISC-V is BSD licensed, so any customizations add on top can be proprietary. But don’t blame the license; if RISC-V were GPL licensed, no major company would have touched it. RISC-V allows companies to collaborate on the core components, while keeping their IP (and the resulting product) proprietary.

POWER9 is safe, only because of the control-freak market IBM caters to; that’s why it’s important to make consumers a part of this control-freak market too.

BTW, the ARM TrustZone system does have a BSD-licensed reference implementation, Trusted Firmware-A (TF-A); again, just like with RISC-V and UEFI’s Tianocore, this does not mean that derivatives will be open source.

As someone that is dumb. How will this affect me?

I’m not entirely sure, how does technology affect you now?
Do you not care if you control the devices you’ve purchased?

I’m not trying to be insulting here, but if you don’t expect to have control of the devices you own, then maybe little will change for you initially. Over time, as things get more and more locked down, there will likely be some way to monetize your lack of control. So you loose control first, and then probably money; if you care about neither, than maybe this isn’t a concern for you.

My guess is that if nothing changes, we will see general purpose computers devolve into what IoT devices are now, except with better security. Note that the better “security” I’m referring to in this case will be focused on keeping you the user out, rather than protecting your data.

1 Like