Wayland content-protection extension
Pekka Paalanen
ppaalanen at gmail.com
Mon Jun 18 10:22:38 UTC 2018
On Mon, 18 Jun 2018 14:32:32 +0530
Ramalingam C <ramalingam.c at intel.com> wrote:
> On Monday 18 June 2018 02:23 PM, Pekka Paalanen wrote:
> > On Mon, 18 Jun 2018 13:38:09 +0530
> > Ramalingam C <ramalingam.c at intel.com> wrote:
> >
> >> On Monday 18 June 2018 01:34 PM, Pekka Paalanen wrote:
> >>> On Sat, 16 Jun 2018 12:50:52 +0530
> >>> Ramalingam C <ramalingam.c at intel.com> wrote:
> >>> The SRM table smells very much like compositor configuration,
> >>> especially because a) it is global state: you cannot program two
> >>> different tables to the same connector, and b) the compositor is
> >>> required to save it and use it later for all clients(?). One can also
> >>> envision a security issue, if a system allows third party apps: an app
> >>> could install a fake SRM table with a fake date.
> >> Compositor is expected to store the latest SRM in the non-volatile and
> >> update with only newest versions.
> >> And it will supply the latest version to kernel(irrespective of what
> >> version is provided by app). This caching is not per connector.
> >> SRM table itself provides the version of it. and The validity of an SRM
> >> is established by verifying the integrity of its
> >> signature with the Digital Content Protection LLC public key, which is
> >> specified by the Digital
> >> Content Protection LLC. So no fake SRM will be accepted.
> > Right, so I would propose to make that completely separate.
> Ok. So how that should be implemented? As another protocol extension?
I don't know. Is there a reason to do it by Wayland?
Requesting content protection is a good fit to do by Wayland, because
it is per-window. Uploading a new SRB table is not tied to any window
or even a Wayland client, so why should it be a Wayland extension?
Is maintaining the SRB table the compositor's job, or is it a separate
service in the system that the compositor contacts?
I think this digs into the system design, and there is no obvious
benefit from using Wayland for it, that I don't think I can make a
recommendation.
For instance, if installing a new SRB table optionally uses internet
access to e.g. verify the signing key is still valid, then I don't
think it should be the compositor in charge of maintaining the SRB
table.
Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20180618/0a7310b4/attachment-0001.sig>
More information about the wayland-devel
mailing list