What Windows Vista Means to the Open PC Platform
By Alexander Grundner |
July 24th, 2005
Comments (19)
This post started out to a response to forum comments regarding Windows Vista’s DRM and its upcoming effect on the open PC platform, but it turned into a full-blown overview of where we are and what’s to come in Windows personal computing and media playback. Have a read and let me know if I’m off base (if I am, where?) or if it’s worse than even I suspect.
Disclosure: I’ve been a dedicated Microsoft Windows user for the past several years, now. However, I like to consider myself platform-neutral, since I’m comfortable using Apple and Linux based computers.
Open PC Platform:
Let’s get back to basics for a few seconds and discuss what an “open PC platform” is. An open PC platform is one where ANYONE can buy off-the-shelf PC hardware components and build their own PC – mixing, matching, and upgrading hardware at their own discretion. Moreover, depending on the PC architecture one chooses, the user has the option of installing one of various operating systems (OS) to suit their needs.
Microsoft Windows:
Microsoft Windows, to a fair extent, has embraced and leveraged the open PC platform in its mission to dominate the world’s PC market (this is one of the main reasons why Apple’s computers, which are relatively closed systems, have never been able to gain a market share large enough to compete with Microsoft). Windows users, up to Windows 98, have enjoyed this freedom to custom configure, swap, and upgrade their components. However, with the introduction of Windows XP, Microsoft decided it would be a good idea to protect their OS from unauthorized duplication by tying its installation with the CPU, motherboard, and hard drive serial numbers and requiring online registration.
Microsoft’s DRM Direction for Windows Vista (aka Longhorn):
As I’ve stated before, most of the DRM Microsoft is introducing in its future OS release is designed to appease the MPAA and RIAA. It turns out that having only a software based DRM solution, in their eyes, is not sufficient for the playback of copy-protected content on a PC. Content owners are demanding both a software and hardware DRM solution before they are comfortable letting digital works play on a PC. (Remember, though, that 90%+ of what people use their computers for are commonplace tasks like: writing e-mail, surfing the Web, word processing, finances, and gaming.)
So what does this mean? The open platform PC you have grown to love is inevitably going to disappear (at least for Windows users). Here’s what my crystal ball shows me (see Media Advances for the Windows PC Architecture, The Four Musketeers, and Intel to cut Linux out of the content market):
In order to have a trusted/secure computer for the playback of premium digital content, computer owners will be required to have the following certified, DRM-embedded hardware: CPU, motherboard, hard drive, graphics card, sound card, and monitor (yes, even the monitor).
Microsoft Overview: Windows Longhorn Output Content Protection:
Protected Video Path (PVP) provides encryption of premium content as it passes over the user-accessible PCIe bus to discrete graphics cards. It uses Diffie Hellman to establish a session key and seeded hardware functionality scan (HFS) for authentication, and an AES 128-bit counter mode and an optional high-bandwidth cipher to encrypt the data.Output protection management (OPM) provides secure control of the various output protection schemes such as High-bandwidth Digital Content Protection (HDCP), Macrovision, CGMS-A, and resolution constrictors. It uses a simpler form of HFS for authentication and requires content industry robustness rules to be met for hardware implementations. [Note: OPM is incompatible with most monitors sold today. Joe Wilcox explains, "People with non-supported monitors would not be able to play certain types of content, presumably high-definition, at all or full quality."]
Protected User-Mode Audio (PUMA) is the user-mode audio engine (completely new for Windows Longhorn) that runs in the software protected environment. PUMA also includes the same level of audio output protection management that Secondary Audio Programming (SAP) provides in Windows XP, but it is done in a completely different way and takes advantage of the Windows Longhorn software PE.
Protected Audio Path (PAP) is a longer term project to introduce audio encryption all the way to the audio codec chips.
Significant hardware features must be implemented in graphics chips for Windows Longhorn to support PVP and OPM, with additional larger implications for the drivers. This session provides an overview of those requirements.
The bottom line is that if you decide to swap out one of the above mentioned hardware items with a non-certified component, the system will be crippled, or worse, unable to boot! That’s the impression I’m getting. On top of that, I can see the scenario where you’ll have to update your registration with Microsoft every time you change a component – unless your computer can talk to an online Microsoft hardware database that can give the computer the green light to claim itself a “protected environment” once it checks in.
My other concern is with software developers. If Microsoft is disabling software that circumvents copy-protection, how about software that uses codecs that Microsoft doesn’t deem secure? Or how about PVR companies like SnapStream, will they be put out of commission on Windows machines because Microsoft certified hardware won’t allow their software to access broadcast or premium content being played through the computer unless they use Microsoft’s DRM technologies? (Say bye, bye to your DivX TV show recordings.)
Streaming Content over the Home Network:
Chris Lanier, in his forum comments to my previous post, notes that the PC is the center of digital home experience and that by using only stand-alone devices to gather and share content from, consumers will get “a lot less interoperability.” Both are valid points, but both issues can be easily addressed with interoperable DRM (which I’ve been pushing for) that can be played back on any device regardless of OS platform and integrating UPnP functionality.
Conclusion:
My thoughts are that DRM is a necessary evil, but that PC users shouldn’t have to give up their open PC platform to accommodate secure media playback functionality. If the content creators are so bent on having a locked down system, then maybe Microsoft should consider selling a locked down media center PC to consumers that will offer CE product security, but will be able to share and stream content securely (say, using DTCP-IP or CGMS-A) to other devices and networked computers. Unfortunately, that prospect is not in the cards. Microsoft wants to make ALL future computers “protected environments,” like it or not – most likely for the reason that computers are becoming a commodity. “Why upgrade when you can buy a new computer?” is their reasoning. As to how consumers are going to react to these changes, we’ll have to wait and see. But I, for one, will think long and hard before continuing down Microsoft’s upgrade path.
July 24th, 2005 at 7:31 pm
Windows will be able to do the checks via drivers and the OS for the different devices, dial-up shouldn’t be an issue here to see what’s protected and what’s not.
Codec’s don’t matter, they don’t need or have anything protected to decrypt or verify. The content protection systems sets the bar, the people who enable playback (in this case Microsoft) must meet that bar, or they can’t add playback functionally.
This is something I don’t know about, but assuming they play this like they have with other technologies (WMRM, DirectShow, etc) they will be able to interface with the bits that are in Windows Vista. They will likely just need to license it. Same type of thing that Blight has done with Zoom Player, and the countless other applications that support WMRM. License it, to allow your application to play protected content. The problem with this will surely be open source projects like Media Portal.
The whole “only one DRM’ system is a great idea, but it’s not coming fast enough. The systems need to be ready to use and develop for today! Don’t think this is a Microsoft only type thing, both DivXNetworks and Real’s Helix DRM were/are both approved for things like the Broadcast Flag. Microsoft isn’t the only one in the game.
TiVoGuard, WMRM, DivX DRM, 4C, DTCP (5C), Phillips VCPS, DHCP, Sony MagicGate, Helix DRM, and Thomson SmartRight are all different DRM/Protection system that have/had been approved by the content owners/MPAA for the BF. Clearly the content owners don’t care about a single system, nor do the CE/IT companies! Sucks, but it’s too late to change that.
Plus, open platform really can’t play nice with many DRM system, it’s not exactly an easy task to incorporate DRM into an OS like Linux where anyone can download the souce! No matter what DRM system, whether it be interoperable or not, are easy to enable on such an open system.
There reason is to allow you to play the content! I will have more this week on this at my blog, but upgrade or not, it’s a difference in playing the content on your PC and not playing it. Only you can make that choice.
You will see a company or two that will bring you playback of the media via software+hardware that we have currently, but I don’t think that will last very long.
Chris
***Does anyone have suggestions on how-to implement a DRM system in a completely open OS (i.e. Linux)? I’d be interested in how everyone thinks it could be done and what would be involved. Without compromising the openness (i.e the source for the OS and Kernel must still be open for download)
July 24th, 2005 at 7:49 pm
Wow, you are basing your anger on a whole lot of conjectures here:
From which part of of the whitepaper are you getting this impression? Certainly not the part you quoted. Do you really think Microsoft and Intel are going to prevent your computer from running legacy hardware, thereby giving up a major selling point of the PC platform–backward compatibility?
The fact is that the whitepaper does not suggest anything other than that only the playback of previously unavailable premium content will be affected by OCP. Your are seeing things that aren’t there.
Once again, where does the whitepaper mention disabling third party software, or preventing your from playing back unprotected content? What evidence do you have that Microsoft will somehow cripple all or some pre-DRM content, DivX included?
Should a third party developer want to play back DRM-protected content in their own applications, they will simply do what they have been doing for some time–tap into the Microsoft-supplied API and allow Windows to prompt the user for licensing information. If a license for the video already exists on the system, it starts playing automatically without bothering the user.
The whitepaper explicitly states:
In other words, Microsoft is trying to strike a balance of openness and protection. What they are proposing is essentially to allow the PC, when needed, to curtain off a certain part of the runtime environment and form a “gated community” full of checkpoints wherein the integrity of protected content can be guaranteed. The openness of the PC architecture as a whole is not compromised significantly by this, since it will continue to support non-certified hardware and software–Linux included.
Having conceded defeat on SD content, Hollywood is betting on the new HD codecs as a fresh start in their war against piracy. Microsoft has to placate this need in order to allow the playback of this new content (as will any operation system that wishes to do the same). But for them to do anything more than this would be shooting themselves in the foot. Fortunately this vision of the future currently only exists in the minds of conspiracy theorists, and of those who do not–and refuse to–understand the technology being proposed. Stay away from the hysteria.
July 24th, 2005 at 10:03 pm
Newsforge reports (via Managing Rights Management): “On the security front, the kernel is to get its own contact for security issues. Trusted computing — digital rights management support — is being implemented for better or for worse in the Linux kernel.”
July 24th, 2005 at 11:07 pm
Alex - great article!
They are not - they will prevent you to play DRMed content and for that there is a list of approved hardware. Read this article on my blog TheaterAtHome.blogspot.com
It does complement what Alex is saying.
Mike
July 24th, 2005 at 11:17 pm
Mike, thanks for the heads up on “East Fork” and its tie-in to MCE 2006! I didn’t even know it existed.
(FYI, I just added The Inquirer link to the body of the article.)
Related links:
The Inquirer - Intel to cut Linux out of the content market
Slashdot - Intel to cut Linux out of the content market
Theater @Home - Intel’s new media platform exclusively for Microsoft
July 25th, 2005 at 12:24 am
That’s precisely my point–only DRMed content is affected. Alex is saying more than that–he fears that installing uncertified hardware will no longer be possible–and that’s the point of disagreement.
July 25th, 2005 at 5:46 am
I’m sorry, but anything written by Charlie Demerjian should be discredited from the start. This guy has a track record of not being able to get a single thing right about Microsoft and Media Center. Go back and look at some of his other “work”, but remember 90% of what he writes is false.
BTW, if anyone can find information about “Secure Premium Content Module (SPCM)” please let me know. Google way to find that the only sources are those who are quoting the article.
Interesting. When and if ships, it will be interesting to see if anything is actually made of it. If the source is there for it, no one is going to allow protected content on Linux. If the source is not there, that’s no step closer to a closed system. And the hardware needed to output some of this content (HD-DVD = HDMI) puts the cap on Linux being an open system with playback.
Chris
July 25th, 2005 at 9:21 am
I don’t want to be rude (I appreciate all comments), but what part of “locked down” don’t you get? If you replace a certified piece of hardware out of a “protected environment” PC, and replace it with a generic version, YOU WILL have loss of functionality – to what extent, I don’t know. (Look at the list of MCE compatible hardware – Anything not approved by Microsoft, and installed on your PC, will render parts of MCE useless)
Let me give you a scenario: Say you want to replace your sound card with one that is not Microsoft cetified (with PUMA and PAP technologies enabled), you’ll most likely not be able to play any DRM-protected music that you’ve purchased, or possibly, not even be allowed to hear audio coming from a DVD or HD-DVD. How’s that for the “openness of the hardware platform?”
BTW, don’t fall for marketing double-speak: (Do you have the link to the whitepapers you quoted?)
July 25th, 2005 at 10:26 am
FYI: I just got off the phone with a PR Rep at Intel in regards to Charlie Demerjian’s article at The Inquirer. While she didn’t go into detail, I did get that the article includes “several inaccuracies on many levels”. Also that they can’t comment on “technologies that might or might not exist”. Lastly, I got that Intel has not released any public information on the subject. Leading me to think Charlie may have pulled 99% of that article out of his…
Of course you will have a loss of functionality, protected media will not playback. That’s the idea behind all of this, to enable you to play protected media. If your not interested in playing protected media, you don’t lose a thing. Nor do you gain anything.
EDIT: “will not playback” isn’t the right usage. That all depends on the media, for the most part we are taking about playing media back at full-res.
Chris
July 25th, 2005 at 10:35 am
LOL, good one
But I’m still curious to learn more about East Fork and SPCM (Secure Premium Content Module). I’m sure the developers I know are under NDA regarding these types of upcoming technologies.
July 25th, 2005 at 11:14 am
Ok, pertend I’m the average Joe consumer (not far from the truth). These are the questions I would ask (my own guess in italics):
Can I use the new OS on my old PC?
Not if you want to watch/listen to any ‘premium’ content.
Can I use my old monitor?
No.
If I need a new/special monitor, with this work with the $3000 tv I just bought?
Will all my old media files be upgraded to the new DRM without my consent?
Do I have to use Windows Media Player, or can I use the media player of my choice.
Can I still rip my CDs and DVDs?
Will this work with my iPod or any other mp3 player I may want to buy?
If my hard-drive or some other component fails, will I be able to repace it and still access my media (assume no loss of functionality)? Will I have to buy an expensive brand instead of the cheapest I can find?
Yes, but not as easily as before. No ,only a small set of approved components
Can I store my files on a networked computer, USB drive, or NAS?
Why is this better then tivo or some other cheaper options?
Will hackers be able to get around this?
Eventually, yes, but we’ll have more hardware or software you’ll need to buy by then, so don’t worry about it.
Does anybody have solid answers to these questions yet? I admit, I’m too lazy to go through all the links.
July 25th, 2005 at 11:35 am
Melvin, you bring up good questions, but most of the answers you’re looking for can only get speculative responses. Unfortunately, we don’t know how this will all play out. However, the ability to rip CDs and DVDs on any of the new Windows Vista machines, I’m almost positive, will be disabled. Just look at all the effort Microsoft is putting into integrating next-gen copy protection technology… I’m sure their software will be able to detect DRM-circumvention software installed on a PC and disable it (they’ll probably tag it as spyware and notify you that it’s a security vulnerability that must be eradicated — creative, aren’t I?
).
July 25th, 2005 at 11:39 am
The “Designed for Windows XP Media Center Edition” Logo Program is nothing more than a certification program to assure consumers that certain hardware products are guaranteed to be compatible with MCE, since the requirements are quite high-end. Uncertified hardware is not guaranteed to work, but the operating system itself does not insist on certification. For example, non-WHQL-certified beta video card drivers will work fine with MCE, as long as they have the requisite capabilities, have enough video memory, etc.
This has nothing to do with DRM. The aim is to make MCE computers as close to painless to use as consumer electronics, since they are supposed to find a place in the living room.
Well, we are talking about DRM only, aren’t we? Once we step into protected content, talks of “openness” is completely irrelevant, since the very point of DRM is to limit what you can do with the licensed material.
The thing to remember is that outside of protected content the “openness” of the PC will not be impacted much at all by the new technology. You can still do whatever you want with unprotected content, uncertified software, and uncertified hardware.
This paper has been out for a while:
Output Content Protection
July 25th, 2005 at 11:50 am
To be clear, we’re talking about PC components that are required to have DRM technologies built-in to them to create a “protected environment.” Hence, any non-certified, off-the-shelf component is considered a vulnerability to the system, which I suggest will cripple the machine if installed.
I think Chris Lanier says it best:
That’s the decision consumers will have to make: To play ball or not to play ball?
July 25th, 2005 at 12:01 pm
…only in the sense that it won’t play DRM-protected material. If you don’t have such content, you are not impacted.
Now imagine that Microsoft has not created OCP, and the content providers therefore refuse to make their HD material playable on PCs all together. Do you find this scenario preferable to the one above?
July 25th, 2005 at 5:31 pm
Microsoft on DRM, Content Protection, and PVP-OPM
Chris
July 26th, 2005 at 1:12 am
Chris, as I am sure you know, the theory of cryptography is always assuming that the details of the system are open and are known by the adversary and that the security of the system has to be proven under these circumstances. This means that opening the source has nothing to do with creating a secure system. In fact if anything it will get the bugs eliminated faster.
So I am puzzled here, what makes you say that it is not possible to build a secure system when the source is open? I can tell you that if the security of Microsoft solution has anyhting to do with the fact that the code is closed it will be broken within days!!! But if they have a solid solution from computer science perspective then it won’t. Take RSA and other public key systems for example, they are not broken and yet their underlying methods have been published and known for many years plus there are many open source implementations out there. In fact the open source implementations are considered by academia far more secure than the Microsoft implemetation (or any closed source for that matter), in which I am willing to bet there are far more bugs than in the open source ones (not to mention all the theories about the big brother introducing some back doors into these closed systems).
July 26th, 2005 at 7:03 am
Good point!
However, DRM Systems work with more than just “cryptography” or encryption. If you look at a system like WMRM, the encrypted key is distributed out of the package. There is a whole lot more than just that single key that plays into actually obtaining a license, then being able to play the content. One of the top reasons a closed implementation would have to be done, IMHO, is any “individualization” method used in the system. I personally think if you got a completely open system, tasks like that and others like revocation and renewability would not be able to happen.
Now the other part comes with the developers of the protection system, who can set the bar for exactly how “open” the system can be. Most of the time, you would be licensing the technology from the developers or creators, and I doubt you will find many next-gen DRM/protection systems that allow for an open implementation.
Chris
August 5th, 2005 at 11:19 am
New articles to look over: (Not pretty)
Sydney Morning Herald - Windows Offers New Vistas Of Spending
The Inquirer - Microsoft Vista Creates DRM Insanity
TechWeb - Microsoft Buffeted By Criticism Over Vista DRM