57 lines
6.5 KiB
Plaintext
57 lines
6.5 KiB
Plaintext
|
[video member=cmuratori stream_platform=twitch stream_username=handmade_hero project=chat title="SGX and Unbreakable DRM" vod_platform=youtube id=8eULB8uMIuc annotator=Miblo]
|
||
|
[0:18][@AndrewJDR][Can you explain how this Intel SGX thing allows for "unbreakable DRM" for applications (kind of an uncommon thing on the PC side up until now)?]
|
||
|
[1:55][Blackboard: The current state of DRM]
|
||
|
[7:51][Blackboard: Baking the key, e.g. RSA private key, into the CPU]
|
||
|
[15:13][@andsz_][You could just give them another public key that you have the private key for \[see Resources\]]
|
||
|
[18:42][Attestation \[see Resources\]]
|
||
|
[21:03][@bastheimreth][What about the above scenario, but where there is no internet connection? How would one run such software in off-line mode?]
|
||
|
[21:54][@Pseudonym73][So the NSA doesn't have to crack it. They just have to rubber-hose Intel]
|
||
|
[22:36][@Stevoid1990][Can't this be broken using emulation?]
|
||
|
[22:48][Blackboard: SGX, step-by-step]
|
||
|
[26:14][@macielda][Can't they just figure out Intel Key Generator and make a Key Generator for it?]
|
||
|
[27:18][@Stevoid1990][So even if the emulation contained a valid key from a registered copy it couldn't be cracked?]
|
||
|
[28:33][@AndrewJDR][I assume this breaks certain features of the windows API since the memory is protected? Global hook DLLs for example?]
|
||
|
[29:38][@ejunkie64][What if the CPU fails or you want to upgrade?]
|
||
|
[30:02][@Longboolean][Would Intel create a different key for each manufactured CPU or is there only ever one key?]
|
||
|
[30:42][@CrackedOrb][But this means you lose control of your own system since only Intel can perform actions]
|
||
|
[31:18][@ezioauditorerevs][How susceptible is the locking of portions of memory / CPU cores to malicious encryption programs that simply want to screw your computer over?]
|
||
|
[32:13][@ratchetfreak][But if the game is sloppy and ends up allowing arbitrary user code execution, then the code can be leaked]
|
||
|
[32:43][@pragmascrypt][If anyone ever leaks Intel's private key, SGX on all those CPUs would be exploitable?]
|
||
|
[33:44][@Popcorn0x90][Why don't they use this system for banks, something that's worth protecting?]
|
||
|
[34:12][@quartertron][Can you think of awesome usages for this? Like an opt-in anti-cheat thing, so the server would know everyone on it had no aim bots or whatever]
|
||
|
[36:39][@Rfh666][Will this constant decryption used while running a game have an effect on performance?]
|
||
|
[37:02][@Robrobby][Once a key pair is known, everybody could use it and encrypt the game with it through Valve, leaving Valve at encrypt everything with the same key (CPU) for different users. Well fail on the way very fast]
|
||
|
[39:13][@cubercaleb][Redownloading games sounds bad for SSDs]
|
||
|
[39:37][@macielda][Isn't it expensive for Intel to print a different circuit for each CPU?]
|
||
|
[39:49][@Pseudonym73][Does SGX sound like a great place for a rootkit to hide or what?]
|
||
|
[40:15][@ratchetfreak][Doesn't that also prevent JIT'ing?]
|
||
|
[41:20][@macielda][Isn't it expensive for Intel to print a different circuit for each CPU and maintain a queryable database for each client 24/7 considering its Key was generated using a quantum measurement of some kind and stuff?]
|
||
|
[43:08][@AndrewJDR][Have you heard any word on whether AMD will be implementing this?]
|
||
|
[43:16][@cubercaleb][Isn't DRM good if you want to prevent people from freely redistributing your software?]
|
||
|
[45:37][@Robrobby][How you draw the future of restricted hardware I should start not buying hardware like this, right?]
|
||
|
[46:19][@Stevoid1990][I imagine this would be great to use for hardware banning from games?]
|
||
|
[47:12][@Rawdge][Let's say a revoke certificate is issued for a compromised CPU, and Valve et al no longer issue new software, why would your system be 'bricked?' Since you already have an encrypted version of the software on your HD, how could they still prevent you from running that software that's already installed?]
|
||
|
[48:04][@Gobfather][Since the key is on the CPU, couldn't you just buy a new CPU if the key gets blacklisted instead of a whole new computer?]
|
||
|
[48:32][@mmv94][Won't that generate a huge market for computers that have been blacklisted?]
|
||
|
[49:01][@macielda][It feels like it is just a matter of time until someone somewhere breaks this scheme and it is just a massive waste of time and resources for everyone. Am I right?]
|
||
|
[49:42][@ezioauditorerevs][Isn't it DRM that is the primary driving force for piracy in the first place?]
|
||
|
[50:09][@cubercaleb][I think it is a bigger deal for companies like Adobe and Autodesk, both of which have software with insanely high piracy rates]
|
||
|
[50:20][@mmv94][When big companies start locking out people from using their software, they (the people) will start looking for software from smaller companies that won't use this technology]
|
||
|
[51:39][@Hayai][Do you think that there's a chance that the smallish trend of DRM-free games will counteract this SGX stuff in any significant way?]
|
||
|
[53:09][@Robrobby][Sad the entry costs in fab productions are so high, else I would find a Kickstarter soon to some fantastic "user-owned CPU architecture"]
|
||
|
[53:39][@ezioauditorerevs][Could this be taken a step further if they start putting the key on the motherboard instead of the CPU? That's less replaceable, isn't it?]
|
||
|
[54:15][@AndrewJDR][So apparently QEMU (a VM hypervisor) has support for emulating SGX. How is this useful?]
|
||
|
[55:32][@SoysauceTheKid][For businesses wouldn't this tech be good for the consumer? I would feel more comfortable if my bank had my data encrypted as tight as possible]
|
||
|
[56:55][@cubercaleb][Has RAD ever had problems with people pirating their software or people releasing the source code?]
|
||
|
[57:09][@macielda][Could encrypting each (16GB?) game download using your SGX key be a prohibitive cost for a company like Valve? How likely would it be for Valve to refuse doing such a thing?]
|
||
|
[58:39][@Robrobby][I am less afraid of prize control with DRM strong as this one. I am more afraid that the OS of the future will block software that hasn't been signed. That is scary!]
|
||
|
[59:14][@Avalier][Would the entire time \[game\] need to be encrypted or just the executable part]
|
||
|
[1:00:00][@Gobfather][Since Valve made a big push for Linux, I'm willing to bet that they wont jump on the SGX train since it is a possible limiter to consumers]
|
||
|
[1:00:17][@cubercaleb][What is code signing anyway?]
|
||
|
[1:00:43][Blackboard: Public Key Encryption]
|
||
|
[1:03:53][@macielda][Casey, would you consider prioritizing developing for OSes which refuse to use SGX?]
|
||
|
[1:04:09][@Stevoid1990][You should do more streams about this kind of stuff, it's really interesting]
|
||
|
[1:04:18][@Robrobby][DRM like this is sad. Can you please choose a happier topic for the next chat?]
|
||
|
[1:04:29][Wrap things up]
|
||
|
[/video]
|