[coreboot] AMD EPYC and PSP

Patrick Georgi pgeorgi at google.com
Thu Jun 8 21:46:35 CEST 2017

Since these discussions flare up time and time again (without ever being
resolved in any productive way because the discussion happens in the wrong
forum [0]):
Netflix et al are (probably) required by their contracts with the content
providers (producers, distributors) to make it reasonably hard to access
the unencrypted bits of sufficiently high quality video (discussing the
merit and feasibility of these approaches should also happen elsewhere [0]).
The PSP (or ME, or ARM TrustZone) provide the technical means for a
programmable DRM path (what Intel calls the PAVP, protected audio/video
path, which seems to be partly implemented by the ME) with sufficient
security guarantees that Netflix et al are willing to risk sending HD  (or
4K or better) video through that channel.

Therefore: A CPU with PSP/ME/ARM TZ is one that won't support Netflix [1].


[0] Preaching to the choir is fun the first 10 times. It's slightly less
fun the next 10 times. And totally tedious the 1000th-1010th times. Sorry
that you're late to the party but that's not our fault.
Worse, debating these things here helps nothing since the people that you
really should to talk to for making a difference aren't subscribed to
technical lists like this one. They probably play golf and enjoy the sun.
You can likely talk to them if you present a business case with ~8
significant non-zero digits in some currency not very unlike the USD. While
playing golf. And enjoying the sun.

[1] It's quite possible to build designs that come without such a "locked
down processor with access to everything". There's also little money to be
had in building these, while the current designs have a certain level of
maturity that makes any significant deviation a serious risk: These chains
of contracts that connect these coprocessors with Hollywood (probably) come
with contractual penalties for breaches that result from reckless behavior
(such as changing the security architecture nilly-willy). "Not rocking the
boat" is a rather sensible option under such constraints.
Those ~8 significant digits in some USD-style currency mentioned earlier
might help change that risk assessment. You won't be able to crowdfund them

2017-06-08 21:00 GMT+02:00 Rene Shuster <rene.shuster at bcsemail.org>:

> Nico,
> Would you mind to elaborate and enlighten us on this matter?
> On Thu, Jun 8, 2017 at 1:31 PM, Nico Huber <nico.h at gmx.de> wrote:
>> On 08.06.2017 16:48, Johnysecured88 via coreboot wrote:
>> > Does anyone anticipate the new EPYC cpus not having PSP?
>> Well, I don't. The answer is quite simple if you ask the question
>> differently: Do you expect AMD to drop Netflix support?
>> Nico
>> --
>> coreboot mailing list: coreboot at coreboot.org
>> https://mail.coreboot.org/mailman/listinfo/coreboot
> --
> Tech III * AppControl * Endpoint Protection * Server Maintenance
> Buncombe County Schools Technology Department Network Group
> ComicSans Awareness Campaign <http://comicsanscriminal.com>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot

Google Germany GmbH, ABC-Str. 19, 20354 Hamburg
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft:
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20170608/b5391783/attachment.html>

More information about the coreboot mailing list