All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@ucw.cz>
To: Alex Deucher <alexdeucher@gmail.com>
Cc: Sean Paul <seanpaul@chromium.org>,
	David Airlie <airlied@linux.ie>,
	Intel Graphics Development <intel-gfx@lists.freedesktop.org>,
	LKML <linux-kernel@vger.kernel.org>,
	linux-mediatek@lists.infradead.org,
	Maling list - DRI developers  <dri-devel@lists.freedesktop.org>,
	Daniel Vetter <daniel.vetter@intel.com>,
	"linux-arm-kernel@lists.infradead.org" 
	<linux-arm-kernel@lists.infradead.org>
Subject: Re: [RFC PATCH 1/6] drm: Add Content Protection property
Date: Tue, 5 Dec 2017 19:01:07 +0100	[thread overview]
Message-ID: <20171205180107.GA22672@amd> (raw)
In-Reply-To: <CADnq5_PcbBeGL+3CxOpNgRiih4czU9SnmjNbRyyRHOn-OZvy5Q@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2084 bytes --]

Hi!

> >> > Why would user of the machine want this to be something else than
> >> > 'OFF'?
> >> >
> >> > If kernel implements this, will it mean hardware vendors will have to
> >> > prevent user from updating kernel on machines they own?
> >> >
> >> > If this is merged, does it open kernel developers to DMCA threats if
> >> > they try to change it?
> >>
> >> Because this just implements one part of the content protection scheme.
> >> This only gives you an option to enable HDCP (aka encryption, it's really
> >> nothing else) on the cable. Just because it has Content Protection in the
> >> name does _not_ mean it is (stand-alone) an effective nor complete content
> >> protection scheme. It's simply encrypting data, that's all.
> >
> > Yep. So my first question was: why would user of the machine ever want
> > encryption "ENABLED" or "DESIRED"? Could you answer it?
> 
> How about for sensitive video streams in government offices where you
> want to avoid a spy potentially tapping the cable to see the video
> stream?

Except that spies already have the keys, as every monitor
manufacturer has them?

> >> kernels and be able to exercise their software freedoms already know to
> >> avoid such locked down systems.
> >>
> >> So yeah it would be better to call this the "HDMI/DP cable encryption
> >> support", but well, it's not what it's called really.
> >
> > Well, it does not belong in kernel, no matter what is the name.
> 
> Should we remove support for encrypted file systems and encrypted
> virtual machines?  Just like them the option is there is you want to
> use it.  If you don't want to, you don't have to.

Encrypted file systems benefit users. Encrypted video is designed to
work against users. In particular, users don't have encryption keys
for video they generate. I'd have nothing against feature that would
let users encrypt video with keys they control.
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

WARNING: multiple messages have this Message-ID (diff)
From: Pavel Machek <pavel@ucw.cz>
To: Alex Deucher <alexdeucher@gmail.com>
Cc: David Airlie <airlied@linux.ie>,
	Intel Graphics Development <intel-gfx@lists.freedesktop.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Maling list - DRI developers <dri-devel@lists.freedesktop.org>,
	linux-mediatek@lists.infradead.org,
	Daniel Vetter <daniel.vetter@intel.com>,
	"linux-arm-kernel@lists.infradead.org"
	<linux-arm-kernel@lists.infradead.org>
Subject: Re: [RFC PATCH 1/6] drm: Add Content Protection property
Date: Tue, 5 Dec 2017 19:01:07 +0100	[thread overview]
Message-ID: <20171205180107.GA22672@amd> (raw)
In-Reply-To: <CADnq5_PcbBeGL+3CxOpNgRiih4czU9SnmjNbRyyRHOn-OZvy5Q@mail.gmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 2084 bytes --]

Hi!

> >> > Why would user of the machine want this to be something else than
> >> > 'OFF'?
> >> >
> >> > If kernel implements this, will it mean hardware vendors will have to
> >> > prevent user from updating kernel on machines they own?
> >> >
> >> > If this is merged, does it open kernel developers to DMCA threats if
> >> > they try to change it?
> >>
> >> Because this just implements one part of the content protection scheme.
> >> This only gives you an option to enable HDCP (aka encryption, it's really
> >> nothing else) on the cable. Just because it has Content Protection in the
> >> name does _not_ mean it is (stand-alone) an effective nor complete content
> >> protection scheme. It's simply encrypting data, that's all.
> >
> > Yep. So my first question was: why would user of the machine ever want
> > encryption "ENABLED" or "DESIRED"? Could you answer it?
> 
> How about for sensitive video streams in government offices where you
> want to avoid a spy potentially tapping the cable to see the video
> stream?

Except that spies already have the keys, as every monitor
manufacturer has them?

> >> kernels and be able to exercise their software freedoms already know to
> >> avoid such locked down systems.
> >>
> >> So yeah it would be better to call this the "HDMI/DP cable encryption
> >> support", but well, it's not what it's called really.
> >
> > Well, it does not belong in kernel, no matter what is the name.
> 
> Should we remove support for encrypted file systems and encrypted
> virtual machines?  Just like them the option is there is you want to
> use it.  If you don't want to, you don't have to.

Encrypted file systems benefit users. Encrypted video is designed to
work against users. In particular, users don't have encryption keys
for video they generate. I'd have nothing against feature that would
let users encrypt video with keys they control.
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

WARNING: multiple messages have this Message-ID (diff)
From: pavel@ucw.cz (Pavel Machek)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH 1/6] drm: Add Content Protection property
Date: Tue, 5 Dec 2017 19:01:07 +0100	[thread overview]
Message-ID: <20171205180107.GA22672@amd> (raw)
In-Reply-To: <CADnq5_PcbBeGL+3CxOpNgRiih4czU9SnmjNbRyyRHOn-OZvy5Q@mail.gmail.com>

Hi!

> >> > Why would user of the machine want this to be something else than
> >> > 'OFF'?
> >> >
> >> > If kernel implements this, will it mean hardware vendors will have to
> >> > prevent user from updating kernel on machines they own?
> >> >
> >> > If this is merged, does it open kernel developers to DMCA threats if
> >> > they try to change it?
> >>
> >> Because this just implements one part of the content protection scheme.
> >> This only gives you an option to enable HDCP (aka encryption, it's really
> >> nothing else) on the cable. Just because it has Content Protection in the
> >> name does _not_ mean it is (stand-alone) an effective nor complete content
> >> protection scheme. It's simply encrypting data, that's all.
> >
> > Yep. So my first question was: why would user of the machine ever want
> > encryption "ENABLED" or "DESIRED"? Could you answer it?
> 
> How about for sensitive video streams in government offices where you
> want to avoid a spy potentially tapping the cable to see the video
> stream?

Except that spies already have the keys, as every monitor
manufacturer has them?

> >> kernels and be able to exercise their software freedoms already know to
> >> avoid such locked down systems.
> >>
> >> So yeah it would be better to call this the "HDMI/DP cable encryption
> >> support", but well, it's not what it's called really.
> >
> > Well, it does not belong in kernel, no matter what is the name.
> 
> Should we remove support for encrypted file systems and encrypted
> virtual machines?  Just like them the option is there is you want to
> use it.  If you don't want to, you don't have to.

Encrypted file systems benefit users. Encrypted video is designed to
work against users. In particular, users don't have encryption keys
for video they generate. I'd have nothing against feature that would
let users encrypt video with keys they control.
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20171205/179f88b1/attachment.sig>

  reply	other threads:[~2017-12-05 18:01 UTC|newest]

Thread overview: 62+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-30  3:08 [RFC PATCH 0/6] drm/i915: Implement HDCP Sean Paul
2017-11-30  3:08 ` [RFC PATCH 1/6] drm: Add Content Protection property Sean Paul
2017-11-30  3:08   ` Sean Paul
2017-11-30  3:08   ` Sean Paul
2017-12-05 10:28   ` Pavel Machek
2017-12-05 10:28     ` Pavel Machek
2017-12-05 10:28     ` Pavel Machek
2017-12-05 10:45     ` Daniel Vetter
2017-12-05 10:45       ` Daniel Vetter
2017-12-05 10:45       ` Daniel Vetter
2017-12-05 17:34       ` Pavel Machek
2017-12-05 17:34         ` Pavel Machek
2017-12-05 17:34         ` Pavel Machek
2017-12-05 17:53         ` Alex Deucher
2017-12-05 17:53           ` Alex Deucher
2017-12-05 17:53           ` Alex Deucher
2017-12-05 18:01           ` Pavel Machek [this message]
2017-12-05 18:01             ` Pavel Machek
2017-12-05 18:01             ` Pavel Machek
2017-12-07 14:32           ` Alan Cox
2017-12-07 14:32             ` Alan Cox
2017-12-05 19:03         ` Sean Paul
2017-12-05 19:03           ` Sean Paul
2017-12-05 19:03           ` Sean Paul
2017-12-05 20:14         ` Daniel Stone
2017-12-05 20:14           ` Daniel Stone
2017-12-05 20:14           ` Daniel Stone
2017-12-07 14:30       ` Alan Cox
2017-12-07 14:30         ` Alan Cox
2017-12-07 14:30         ` Alan Cox
2017-12-08  8:55         ` Daniel Vetter
2017-12-08  8:55           ` Daniel Vetter
2017-12-08  8:55           ` Daniel Vetter
2017-11-30  3:08 ` [RFC PATCH 2/6] drm: Add some HDCP related #defines Sean Paul
2017-11-30  3:08   ` Sean Paul
2017-11-30  3:08 ` [RFC PATCH 3/6] drm/i915: Add HDCP framework + base implementation Sean Paul
2017-11-30  3:08   ` Sean Paul
2017-11-30  9:12   ` [Intel-gfx] " Chris Wilson
2017-12-01  7:23   ` Ramalingam C
2017-12-01  7:23     ` Ramalingam C
2017-12-01  7:36     ` [Intel-gfx] " Daniel Vetter
2017-12-01  7:36       ` Daniel Vetter
2017-12-01  8:36       ` [Intel-gfx] " Ramalingam C
2017-12-01  8:36         ` Ramalingam C
2017-12-01 14:13         ` Sean Paul
2017-12-01 14:13           ` Sean Paul
2017-12-01 14:12       ` [Intel-gfx] " Sean Paul
2017-12-01 14:16       ` Sean Paul
2017-12-01 14:16         ` Sean Paul
2017-11-30  3:08 ` [RFC PATCH 4/6] drm/i915: Add function to output Aksv over GMBUS Sean Paul
2017-11-30  3:08   ` Sean Paul
2017-11-30  3:09 ` [RFC PATCH 5/6] drm/i915: Implement HDCP for HDMI Sean Paul
2017-11-30  3:09   ` Sean Paul
2017-12-01  7:31   ` Ramalingam C
2017-12-01  7:31     ` Ramalingam C
2017-11-30  3:09 ` [RFC PATCH 6/6] drm/i915: Implement HDCP for DisplayPort Sean Paul
2017-11-30  7:50 ` [Intel-gfx] [RFC PATCH 0/6] drm/i915: Implement HDCP Daniel Vetter
2017-12-05 13:45   ` Ville Syrjälä
2017-12-05 14:45     ` Sean Paul
2017-11-30  9:07 ` ✗ Fi.CI.BAT: failure for " Patchwork
2017-11-30 10:05 ` Patchwork
2017-11-30 15:15 ` Patchwork

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171205180107.GA22672@amd \
    --to=pavel@ucw.cz \
    --cc=airlied@linux.ie \
    --cc=alexdeucher@gmail.com \
    --cc=daniel.vetter@intel.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mediatek@lists.infradead.org \
    --cc=seanpaul@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.