The Good & Bad of DRM (Digital Rights Management) Technology on Future Video Formats (1 Viewer)

[Shawn Perron]

Updatable firmware is neither good nor bad, but it is necessary in todays world. The technology is here to stay. Keep in mind that unless the firmware has modular parts that can be universally updated (has never happened yet), your manufacturer would have to provide specefic firmware for your player. If you flash firmware that isn't 100% made for your player, you can turn your player into a useless brick. The programming that makes your player work is different then not only every other manufacturer, but most likely every other model by the same manufacturer. Even flashing the correct firmware isn't 100% guaranteed to work. If you were to lose power during the process, you now own a metal brick.

In other words it would be an almost impossible undertaking to get every player on the market to be upgraded without tremendous problems. How would they distribute the new firmware? A correct firmware for every Blu-Ray player that would exist in a few years would take up a substantial portion of a dual layer Blu-Ray disc. They would have to verify and test every single firmware update and verify they are all correct. The logistics of this are mind boggling.

My main feeling is that they will enforce AACS with existing firmware and never require an update. It'd be far easier to set up flags ahead of time to prohibit certain functions. As long as they have the AACS spec fully laid out, they can set up flags for just about any scenario. It's far easier to believe there would be a file that says "if you are a model XXX player, you cannot play this movie" then they will come up with a feasible universal firmware.

 

[Steve Berger]

Firmware upgrading is a necessary evil of modern electronics. The first round of DVD players were built before a single dual-layer disk had been pressed and only researchers knew that DVD+/-R/RW disks were possible: firmware upgrading was the only way to keep those $700 machines working.

The scary part of HD players is the fact that the next movie you insert can change the firmware (or the phone line or Internet connection). With previous products, you couldn't change the firmware without active user intervention or cooperation.

How many TIVO owners woke up to find that features had been removed (or added) during the night? I thought I heard that manual recording (no phone line or subscription required) disappeared after one "upgrade".

 

[Glenn Overholt]

But why would that be scary? Any firmware upgrade should be a plus, not a minus. I don't think that they would screw that one up, because, as we've already talked about, if the players didn't work after that they'd be returned, and the uproar would probably be big enough to make that the last player that company ever sells!

Glenn

 

[Steve Berger]

Normal firmware upgrades are supplied by the set manufacturer and installation is voluntary. In this case upgrades would be developed by a third party and controlled by the disk production facility and would be mandatory.

I don't think they will get it right more than half the time for the first few years. I think that every failure will be blamed on the source of the upgrade and the player manufacturers will accept no responsibility for mistakes.

An acceptible solution (for me at least) would be a fallback reset to initial (out of box) conditions which would be in ROM; but that would remove the ability to "kill" a hacked machine. In 34 years of TV repair I've seen too many Manufacturer's errors to think that they will all of a sudden "get it right".

 

[Lew Crippen]

The depth of your knowledge of technical issues is matched only by your understanding of business.

 

[AaronMK]

As I understand it, player lockout would not be implemented through a firmware update. Think of it more like this: each title has a master key. A copy of that key is placed in a seperate lockbox for each AACS licensee, and each licensee is given the key to their lockbox to get the master key for the title. Revocation would be not including a lockbox that a given licensee can open on future titles.

That revocation might take place if the licensee's key is compromised, or if a circumvention method is found for a particular player. Firmware updates could possibly plug secrity holes, and make your player a candidate for keys to a new lockbox on titles. That is a big positive.

Of course, it could also be used to implement new AACS requirements that might be made in the furture. As someone else posted, distributing all those firmware updates on a tiltle would not be practical. They would have to revoke every lincesee's keys, and require people to seek out the manufacturer's update to implement a usage rule change. Even if it is as simple as the consumer downloading a CD image, burning it, and sticking it in their player, it would be a public relations nightmare. Such drastic steps were not even taken when CSS was broken wide open.

 

[Thomas Newton]

Aaron,

So you're saying that the discs won't directly install firmware "upgrades"? Instead, all of the new discs from a given studio would stop working on your player, until you install the firmware "upgrade" the studio wanted? (That is, assuming that the manufacturer implemented one to the studio's satisfaction.)


Allowing studios to use DRM to force firmware "upgrades" (at the point of a "comply, or your player will become a paperweight for new titles" gun) is a security hole.

If there are mechanisms that allow automatic installation of new firmware, revocation lists, or persistent settings (from any source), those would also be security holes. I think you're saying that such mechanisms don't exist, and hope you're right.

Conversely, if I have a standalone disc player that can't install any firmware upgrades or other persistent changes without my approval, my player is pretty secure. Malware and dowgrades have no vector through which to infect that machine except firmware updates themselves.

As for "making your player a candidate for keys to a new lockbox", that's simply the studios offering a second-rate solution to a problem of their own making. If they could not "revoke" your player in the first place (or were such angels that they would never use the ability), it would not stop working, and there would be no need for new keys!

 

[Shawn Perron]

Not only would this anger and alienate customers, it would actually prevent software sales. Once you have a player that can play movies, they want you to buy them. Anything that could stop a majority of thier sales just won't happen.

The only way they would even attempt this is if the new firmware autoinstalled off the discs requiring it without any need of consumer understanding or input. Even if they managed this, there would still be a small percentage of players that would die every upgrade due to techinical problems during the process (power loss). Imagine if one of thier upgrades managed to kill half the players on the market because a flaw made it through quality assurance. Firmware upgrades are never a sure thing.

My guess is that AACS will be implemented from the start, and any security will be forced through data on the discs using existing firmware functionality. Really, if the players have enough ram on board, they could load a new program off the disc and use it in place of the firmware actually in the player. A small ammount of ram could be used to hold just current security policy. This way even if a disc manages to screw up and not play properly, it would only be temporary until you power down the player and only affect that disc.