|
|
|
|
|
|
by slrz
3639 days ago
|
|
|
> The spec allows them to be anything, including kernel modules or hardware (and in practice they're… plug-ins). On mobile platforms, they generally are system-integrated (and hardware-supported) components, often running at privilege levels exceeding the running Android/Linux kernel. See the recent Qualcomm case where a DRM component (Widevine) running in TrustZone context[0] was used to attack Android's full disk encryption scheme. [0] TrustZone is an ARM architecture feature for running code in a different execution context not accessible from the "normal" running kernel. Useful for running small amounts of code dedicated to protecting crypto keys, but horrible if you load gigantic DRM blobs into it that no one could reasonably audit due to sheer size even if their source code was available. |
|
|
On the other hand, almost all DRMs were broken because the content is available in clear: http://betanews.com/2016/06/26/chrome-drm-streaming-video-fl... https://iseclab.org/media/uploads/zotero/Steal_This_Movie_-_...