this post was submitted on 08 Dec 2023
868 points (97.4% liked)

linuxmemes

21263 readers
1860 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [โ€“] [email protected] 7 points 11 months ago (1 children)

    Not just key store, since you can quite easily use a secure enclave on Linux just as on any other platform.

    The key issue is the render stack. On Windows and MacOS, providers can get certain assurances that the parts of the stack that take their decoded DRM'ed content and draw it into a window, get composited with other windows, have various transforms applied, and actually get things out to an HDCP-supporting monitor are all unmodified and (at least to a certain extent) immune to screen captures and other methods of getting the plain un-encrypted media stream. Linux on the desktop almost never provides those assurances. The only ones that really do are ChromeOS and Android--and both of those provide relatively high trust DRM as a result.

    DRM doesn't work in practice to prevent piracy, but if you drink that cool-aid and assume for a moment that DRM actually worked, then Linux is basically impossible to provide verified DRM content to with the current landscape in the way that Windows, MacOS, CrOS and Android/iOS do

    [โ€“] [email protected] 2 points 11 months ago

    Absolutely! You don't get the former (keys) because you can't get the later (secure render stack) as a "normal" Linux user.

    That said, one thing you got technically(!!) wrong:

    You can get a secured (stack) and certified (keys) Linux, if you close it up properly... Source: I worked a little bit on one of those, and yes, I'm ashamed, and yes, I'm expecting a bit of hell time for it... Was a fun task though.