undefined | Better HN

0 pointsbri3d1y ago0 comments

> x86 has no TEE

Not really; AMD have PSP (which, okay, isn’t x86, but it’s on the die) and Intel, as you mention in your post, had SGX and have ME. Google use PSP TrustZone to run Widevine on Chromebooks, for example. PowerDVD used SGX to decrypt BluRay, which led to BluRay 4K content keys being extracted via the sgx.fail exploit.

You’re right though that PlayReady is usually GPU based on x86; on AMD GPUs PlayReady runs in GPU PSP TrustZone. On Intel iGPUs I think it runs in ME.

The lower-trust (1080p only) software version of PlayReady uses WarBird (Microsoft’s obfuscating compiler) but this is of course fundamentally weak and definitely bypassed.

Anyway, none of this takes away from your post, which I agree with. The FSF (and many HN commenters) have been whining about TPM in unfounded ways since the 2000s.

0 comments

mjg591y ago

My fault, I meant x86 has no architectural TEE - various vendors offer their own weird things. But thanks, this is good clarification.

j / k navigate · click thread line to collapse

0 pointsbri3d1y ago0 comments

> x86 has no TEE

You’re right though that PlayReady is usually GPU based on x86; on AMD GPUs PlayReady runs in GPU PSP TrustZone. On Intel iGPUs I think it runs in ME.

The lower-trust (1080p only) software version of PlayReady uses WarBird (Microsoft’s obfuscating compiler) but this is of course fundamentally weak and definitely bypassed.

Anyway, none of this takes away from your post, which I agree with. The FSF (and many HN commenters) have been whining about TPM in unfounded ways since the 2000s.