Slashdot Mirror
Phoenix Bios to Incorporate DRM
defishguy writes "Extreme Tech is reporting that Phoenix Technologies is shopping a DRM-capable BIOS to OEMS. Reportedly the BIOS with DRM enabled allows for software to be tracked and traced from one PC to another." See also this older story about AMI.
how long before someone comes up with a 'workaround'? As long as there are security measures, there are people with no goals in life but to circumvent those measures.
[ Don't reply to this ]
Looks like we've gotten a heads up on whose equipment not to buy anymore.
Thanks a lot.
Why would OEMs buy something that would piss off their customers? I can see Sony doing it to their VAIOs but would Dell?
If something like this sells, it just makes custom building of PCs more attractive IMO.
There is nothing inherently safe about liberty. That's why so many people died protecting it.
Until no one sells one without DRM.
That's why opposition must be raised now.
So what? don't most OSes bypass most of the BIOS code anyway?
...Looks like the next time I upgrade, I'm trading in my P4 2.4c for a new G5 instead of a new P5. Perhaps someday Mac might be the majority not due to their software or design, but the fact that they like to have customers...
This is going to be a big bitch and complain session about liberties and what not, and I agree. However complaining never solves anything. The simple and most effective solution is to *not* buy boards with these chipsets.
Also don't think that your purchase won't make a difference.
E.
Never rub another man's rhubarb - The Joker
Just like those people don't sign their work with their names, phone numbers and signatures, they won't use these motherboards.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
It's not only possible and likely, it has been done. Look at the cromwell bios for xbox (open source bios to boot linux)
Linux doesnt really use the bios anyways, once it boots it reconfigures the system and pretty much ignores the bios. You only need enough bios to find the boot block and load the OS.
I don't need no instructions to know how to rock!!!!
If the BIOS hooks are there, but the software is trusted (free) and known not to use them, can the feature effectively be therefore disabled?
who are those slashdot people? they swept over like Mongol-Tartars.
p3-700? Serial Number Disabled of course? I see no difference in DRM and the despised SN Intel chose to put in its procs.
And don't try to say, "Well, they'll need a subpoena." See how well that worked with the RIAA.
I had but a simple dream, to destroy all humans.
>Since when does these schmucks start thinking that I as a consumer doesnt have the right to take apart, enable/disable features, and smash to smithreens whatever shit I buy from them?
Since the US passed the DCMA.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Respects your freedom? What about my freedom to write my own applications without requiring Apple to approve it? What about my freedom to use my own hardware, instead of being forcing to use Apple's mouse, Apple's memory, Apple's monitor (with boat anchor attachment on the top), Apple's video card, etc.?
Sorry, but give me a PC with some competition, instead of talking about a monopoly that "respects your freedom".
Zodiac Survey
Now that you are supplying DRM Bios's I will no longer consider products containing your Bios's in any form Yours
"Initial customer feedback from the entertainment industry in general has been very favorable," Eades added.
Apparently Phoenix and their OEMs need to be re-educated about who their customers are.
I've never owned an OEM PC, but have been considering Dell for my next box. If I find Dell is using a DRM'd BIOS that I can't turn off, the box will return to Dell.
Optimisticly speaking, this development has a number of potentially positive outcomes for us:
A. Pheonix & OEMS again re-educated about the fact that customers value their privacy.
B. Hackers paying more attenting to contents and modification of BIOS.
C. Motivation for additional development of OpenBIOS projects.
D. A court case regarding the rights of customers who purchase PCs and produce content with them. (OK, this one is a long shot...)
carefully examine the wording there. "customer feedback from the entertainment industry" ....... And I thought that computer manufacturers were the BIOS manufacturers customers and we were the customers for the computer manufacturers. Since the only "product" Phoenix makes is BIOS code, if the entertainment industry is their customer, then they are now writing code under contract for the entertainment industry. Not that it wasn't obvious before, but this does state it rather directly.
I reject your reality
It it routine for various motherboards to have hacked BIOS developed for them (usually to turn on hidden features). This won't be any different, within a few weeks of a motherboard's release there will be versions of the bios released that will disable the DRM, exactly like how DVD drives have region free firmware released (I usually flash my drive before first use). So the only people this will be relevant to are those who are uneasy flashing their bios.
Doubtful. With the iTunes store, Apple have shown that they are as attracted to the idea that computers should decide for their users what they can and cannot do with their data as all the others. That iTunes is currently heavier on the "can" then some other systems does not change the fact that Apple had embraced the paradigm that computers should be hostile to their users and in charge. I would hardly call that "clean hands".
That the current iTunes DRM has no presense in the hardware simply means that anybody with a hexeditor could crack it - that nobody has is simply because nobody cares (if you want mp3s there are easier ways). I don't see any reason to believe that Apple, having embraced user hostility, would back away from securing it from trivial cracks once the technology to do so becomes ubiquitous.
(I hate to mention this, but now lets watch the Slashdot Mac Maffia mod me down...)
The best opposition to this would be and Open Source BIOS. I've no idea if this is possible, likely, or already being done. It simply seems like the best response to DRM enabled BIOS.
Well, DRM and open-source technology aren't mutually exclusive. Indeed, any protection of this scope (e.g., relying on a flawless interaction between the CPU, the hardware devices and drivers, and the OS) really should be so securely implemented that publishing the details doesn't weaken it - i.e., "obscurity isn't security."
(Whether or not this level of coordination is achievable is an interesting point to consider. The fact that Microsoft's implementation of DRM is breakable by a routine, authorized use of their DirectX processing-filter functions is striking.)
- David Stein
Computer over. Virus = very yes.
I'm reminded of one of the only TV commercials ever published by 3dfx. An engineer introduces his new chipset, capable of billions of calculations per second. With pride and courage in his voice, he speaks of how this chip will allow them to revolutionize medicine and scientific research, saving billions of lives. An interruption over the intercom says, "Excuse me people, we changed our minds; we're going to use it to play video games."
We have remarkable technology at hand, capable of verifying the source and integrity of data transmissions, communications, financial records, all manner of irreplacable information. We're going to use it to keep people from listening to music. Irrespective of copyright and how poor and hungry Metallica and Dr Dre are right now... that's a totally different issue. We're going to use it to keep people from listening to music. I hope somebody's proud.
-j
Right, but the problem is that as DRM becomes an accepted technology, your non-DRM compliant computer will go the way of the personal check. It will be one large pain in the ass to buy something online from major distributors. You'll "need" DRM. Then of course there is even the possibility of further legislation in this arena that requires computers connected to the internet to have signed OSs that booted from valid BIOSs.
But thats not going to happen. There is no government agency that can legislate "only signed OS's can use the internet". There are no hardware manufacturers willing to piss away billions of dollars in revenue so the entertainment industry can make a paltry couple of extra million.
I don't do the conspiracy thing. This technology seems directly targetted at the office workstations of the world, and is a feature that PC's have been sorely lacking for much too long.
I don't need no instructions to know how to rock!!!!
There's a problem with replacing it though.. You see, Phoenix has already made its money by then.. it sold the BIOS to the motherboard manufacturer.
They don't care if you replace their BIOS with an alternative, because they've already sold it to you.
So you can't scare them with that threat.
Embedding DRM in hardware is great news - it ensures that DRM will die a huge, flaming death.
Any protection mechanism of this scope - designed to work on many kinds of media, on all kinds of hardware, and on a host of operating systems - is bound to be full of holes when it's first released. Even Microsoft's audio-processing filters can be used to strip out DRM (i.e., to transform a locked sound file into an unprotected stream.)
Since this is known, the only really sensible way to implement an encryption method like this is to engage in an arms race with hackers. Release a first version, let hackers rip it to shreds, then release DRM v2.0 with those holes patched. Lather, rinse, repeat. If your encryption system has a sound basis and you're patching it in a smart, sensible way, the hacks will have to get more and more creative. Soon users will have to go to great lengths to defeat the scheme - mod chips, soldering connections onto circuit boards - so you've essentially made it tight enough that casual users won't bother. You can then crack down on the big sources of hacked media (e.g., large file-sharers on Kazaa), and voila, your scheme is fine.
But here's the key: Inherent in this arms race is the ability of the protection scheme to evolve in a robust way to patch holes. You can't do that if you create a hardware platform. Every new generation of DRM will (a) have to be backwards-compatible, in which case it can be broken on hardware running the older (unsecured) version; or (b) not be backwards-compatible, in which case you're breaking all of the old hardware.
Practical example: Look at today's media players - Quicktime Player, WMP, RealPlayer, DivX player. When new encoding mechanisms are invented for them, users have to grab a new version of the player, or at least download new codecs, to interpret files encoded under the new scheme. The new media won't play on the new players. This is greatly annoying, but users put up with it because it's software and it's easy to update.
Hardware is no such thing. Every time you release DRM version x+1, users have to download new drivers for their video card, sound card, hard drive, and bus and flash-update the ROMs on each device. Forget it. Users aren't going to put up with having to update their hardware devices every six weeks.
So, be happy: embedding DRM in hardware ensures the grand defeat of the whole thing.
- David Stein
Computer over. Virus = very yes.
Is there any real benefit to the user with the inclusion of this technology. I know the article claims "rovides an enhanced BIOS that allows greater interaction with the operating system"; but does this affect the users experience? Or is this simply a move to force DRM down our throats? I'm not trolling; I just wonder if there is an upside to the consumer.
"Reality is a crutch for people who can't handle drugs" - George Bernard Shaw (1856 - 1950)
The article calls it DRM-ware, but surely "SPY-ware" is more appropriate.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
The truly big problem will be the need to repurchase your huge software investment each time you upgrade to a new machine. This will put momentum AWAY from buying new hardware. It seems the hardware OEMs will be shooting themselves in both feet if they use this.
I think you're missing the fact that in order to capitalize on the DRM feature in the BIOS, new applications have to be written. You would not be able to install(pirate) a DRM enhanced AutoCAD on a Windows98 PC. You'd need Windows 2010 or newer. Ditto for Linux. If Matlab for Linux is DRM enhanced, then it would require Linux w/ DRM as well.
Phoenix probably couldn't care less if you elect to install a DRM unaware OS. It's just one more feature in the BIOS that's going unused. But by including the feature, they're opening the door for others to build off of it.
Wouldn't do any good. You'd just hack the executable to ignore it.
What they could do is use public key encryption to sign the hash of the BIOS, then the BIOS chip checks that this is a valid signature before it flashes the new code.
But, BIOS chips aren't massively secure (well, in fact, they aren't at all, being just an EEPROM) so this wouldn't be too hard to reverse engineer. Until they go to using a smart-card (or other security system designed in a similar way) to authenticate, it would be pretty easy to get around.
But thats not going to happen. There is no government agency that can legislate "only signed OS's can use the internet". There are no hardware manufacturers willing to piss away billions of dollars in revenue so the entertainment industry can make a paltry couple of extra million.
You're vastly underestimating the momentum behind this thing.
You know the *AAs' current actions? Suing Napster, cracking down on Kazaa users, non-rippable audio CDs? Why do we think they're foolish? That's right, because they're a whole lot of effort for not much copyright enforcement.
The *AAs know this, too. These are really just treading-water exercises - making an attempt to squelch the big offenders, and plant the idea in peoples' minds that piracy = theft. It's all they can do, and everyone knows it.
Their long-term strategy has to focus on making media completely non-rippable. Digital encryption will be how digital media is distributed in the future. By digital media, I mean all digital media that big corporations want to protect - music, movies, streamed video (i.e., all TV shows), electronic texts, you name it. It's the big gun that media producers intend to wield in the future.
This isn't conspiracy-theory stuff. It's sound business sense. Just look at the trends and listen to the *AAs talk about the future of distribution - it's obvious.
- David Stein
Computer over. Virus = very yes.
Until no one sells one without DRM.
Nice theory but since profit margins on PC hardware is razor thin the manufactures are looking for anything to give them an edge. If DRM in the BIOS becomes common then there will be motherboards made, most likley in places like Korea, that do not have this "feature".
Another day closer to redwood heaven
Ordinarily I would agree with you. It SHOULD work such that the DRM BIOS makes certain facilities available to a DROM OS.
OTOH...
Imagine a DRM OS that has a small special bootloader. The BIOS has a small conversation with this bootloader prior to allowing it to load the OS. If the bootloader "passes" the conversation test, it loads the OS. If it "fails" the test either shut the hardware off or HALT the cpu.
That wouldn't prevent reverse-engineering a bootloader that could boot a non-DRM OS. But it could prevent marketing it, by claiming protection for the bootloader under the DMCA. Hack together such a thing, and you're under the radar screen. Market such a thing, and you go to court.
Fortunately I haven't heard of such sophistication in DRM BIOS's, yet. Think for a moment what it would take for a BIOS at some date to "securely" allow loading an as-yet unwritten DRM OS a few years in the future, while not allowing an as-yet unwritten non-DRM OS to load. IMHO, keeping stored private keys just doesn't cut it, though maybe with enough lawyers.
Still, this would have to get past other lawyers to not look like collusion between BIOS writers and Microsoft. There would also be LOUD wailing and moaning to the effect, "Microsoft can't compete in security, so they're counting on legislation for their monopoly."
(One can readily argue that that last statement is unfair. One can also argue that Microsoft is already doing such things.)
The living have better things to do than to continue hating the dead.
Well, I think Taiwan, rather than Samsung, oops I mean Korea is where all the boards come from. And it was not that long ago that we saw a post here on /. about a board coming out of Taiwan from a comapny called Abit with a special chipset they call the X-Wall that they claimed in their marketing materials could be used to keep out both the RIAA and government agencies. So, I would have to imagine that the notion of the entire motherboard market being controlled by a dark mysterious anti-consumer entity is a bit far fetched.
And watch the U.S. federal government block trade with countries that don't have a strong copyright law, strong enforcement thereof, a Bono Act, and a DMCA.
Will I retire or break 10K?
Send Phoenix abusive email. Tell them you will never buy their products EVER AGAIN. Intuit recently deployed DRM and their customers screamed so loud that the CEO nearly shit himself and the company backpedalled like mad.
If this happens enough times, DRM will die in the ass as it should.
If there is one thing I have always admired about the U.S. it's that people speak their mind.
Complacency now by those of you who are too pathetic and lazy to complain will cause great suffering later for you later. So be smart because now is the time to get ANGRY. Not later.
The great danger though is if DRM ends up being widely deployed enough that only or two major PC makers isn't using it. Then all of a sudden the idea of legislating DRM-only PCs is a plausible prospect. Something the media cartels would dearly love. They would probably lose the first time but there would inevitably be some comprimise. Then they would try again in the typical relentless fashion and more rights would go away. Stallman's prescience is amazing.
> I build all my own PC's and I've never used Pheonix bios, usually AMI or Award.
Um.. Hate to break it to you, but Award _is_ Pheonix.
> You make it sound like there is there is no alternative to DRM hardware in PC land.
With this article, that is fairly correct for all intents and purposes.
There are only two main BIOS companys, which happen to be AMI and Pheonix.
Those are the only two that make BIOS code and not motherboards.
The only other BIOS makers out there are companys such as IBM and Compaq and the like, but those BIOS's only work with their own hardware.
So if you do build your own hardware, you are getting the BIOS from one of two companys, both of which use DRM (AMI has for awhile now, but award bios's were touted as better because phoenix wouldnt DRM them.. ah well.)
Apple is not the ONLY option, but you will most likely not be buying a motherboard that didnt come with a preconfigured and built PC any more without DRM already in it.
> I'll keep my additional $2,000 and my freedom to choose the hardware that goes
> into my machines thankyouverymuch.
Well, that $2,000 that isnt going to apple will need to go to IBM or Dell or Compaq instead.. which means you get no freedom to choose whats in your machine outside of 'CDROM or DVDROM' and '128mb ram or 256mb ram' etc.
And in all honesty, I dont know any longer which 'big builder' still makes their own BIOS and which ones buy from AMI/Phoenix. So even some of the above companys may have DRM now..
If the bios could run ONLY signed operating systems, then future windows versions would be disabled as well unless you let the bios connect to the internet. Many computers aren't connected to the internet - so this wouldn't be an option. If it was signed to run ONLY windows longhorn, how many people do you think would buy it? Linux may be able to just emulate being compatable, really returning different information to programs that request it.
Earth to dickheads: Your main customer is supposed to be motherboard manufacturers, and then ( indirectly ) computer users. Since when is the entertainment industry a customer?
Oh wait. I suppose if you count those brown paper bags that Sony and Disney have been sending...
Does this effect virtual OS's?
-- I was raised on the command line, bitch
Couldn't the Euro Union reject it and force Phoenix to sell DRMless BIOS? Just like they did with the pentium-II Machine ID.
Patola (Claudio Sampaio)
Unix System Administrator