
Microsoft Edge is now the exclusive browser to support 4K streaming in Netflix - aq3cn
https://www.neowin.net/news/microsoft-edge-is-now-the-exclusive-browser-to-support-4k-streaming-in-netflix
======
wahern
It apparently requires Kaby Lake. I assume that means a DRM scheme using Intel
SGX.

Intel SGX allows dynamic creation of a so-called secure enclave on the chip,
bound to a segment of code. Once setup not even the kernel can read the
contents of memory within the address range of the secure enclave (at least,
not unencrypted). Only code within the address range can read and write memory
in that range. The protections are implemented and enforced by the CPU and
MMU, somewhat similar to ARM-based secure enclaves, but more dynamic and
flexible.

Each SGX-enabled chip also includes hard-coded symmetric and asymmetric keys,
and only Intel has the database for the secret components of those keys. Long
story short, this allows vendors to ship a small program that can setup a
secure (confidential, authenticated) channel to somewhere else on the network
that is impenetrable to the host computer.

It would be a malware writers wet dream, except your program needs to be
signed by Intel, and you need online access to Intel's database to initially
authenticate a channel. So instead it's a wet dream for businesses
implementing DRM schemes and who can afford paying the Intel tax.

In this case Netflix is likely shipping an SGX-protected program that decrypts
and decodes the stream, installed using new hooks in the Edge browser. Pushing
the contents to HDMI probably requires another layer of software provided by
Windows. Perhaps even another SGX-protected program, authored and signed by
Microsoft, that can securely push to HDMI.

SGX includes features to allow two SGX-protected programs to authenticate each
other at runtime--that is, that each is legitimately SGX-protected. That
allows two SGX-protected programs to setup a secure channel between
themselves, using the platform's native ABI (if within the same process) or
IPC mechanisms. I don't think SGX supports mechanisms for direct bus access,
so Microsoft's half probably requires some kernel work to provide and
authenticate the public key for the HDMI/HDCP controller, unless Intel also
keeps a database of HDCP keys.

SGX could also theoretically be used for so-called secure computing. For
example, being able to process sensitive data in shared hosting environments
without worrying about bugs in the kernel or virtual machine manager. But
because it requires Intel to sign the binary code, it's not really useful for
implementing Free or Open Source software. Even development is a giant PITA,
which is why Linux still hasn't (AFAIK) implemented the necessary
infrastructure to make it work from user space.

You could theoretically implement a virtual machine inside an SGX enclave, but
Intel would never sign such a thing as it would permit malware to proliferate.
That cat should never be let out of the bag, given how keys are hard coded in
each chip. Intel's verification and validation process is presumably
_extremely_ rigorous.

