undefined | Better HN

0 pointsslrz9y ago0 comments

> The spec allows them to be anything, including kernel modules or hardware (and in practice they're… plug-ins).

On mobile platforms, they generally are system-integrated (and hardware-supported) components, often running at privilege levels exceeding the running Android/Linux kernel.

See the recent Qualcomm case where a DRM component (Widevine) running in TrustZone context[0] was used to attack Android's full disk encryption scheme.

[0] TrustZone is an ARM architecture feature for running code in a different execution context not accessible from the "normal" running kernel. Useful for running small amounts of code dedicated to protecting crypto keys, but horrible if you load gigantic DRM blobs into it that no one could reasonably audit due to sheer size even if their source code was available.

0 comments

RBO29y ago

Agreed. Some opponents of DRMs say this is the beginning of the end of open computers. We've heard recently about the Intel Management Engine.

On the other hand, almost all DRMs were broken because the content is available in clear: http://betanews.com/2016/06/26/chrome-drm-streaming-video-fl... https://iseclab.org/media/uploads/zotero/Steal_This_Movie_-_...

j / k navigate · click thread line to collapse