Protected Media Path
Encyclopedia
The Protected Media Path is a set of technologies creating a "Protected Environment," first included in Microsoft
's Windows Vista
operating system
, that is used to enforce digital rights management
(or DRM) protections on content.
Its subsets are Protected Video Path (PVP) and Protected User Mode Audio (PUMA).
) third-party software modules to be added. It provides a "wall" against outside copying, where within the walls, content can be processed without making the content available to unapproved software.
In order to prevent users from copying DRM content, Windows Vista provides process isolation and continually monitors what kernel-mode software is loaded. If an unverified component is detected, then Vista will stop playing DRM content, rather than risk having the content copied. The protected environment is implemented completely in software, so software-based attacks such as patching the Windows kernel are possible.
These restrictions concern the various outputs from the PC. For DRM content, digital outputs such as Digital Visual Interface
(DVI) and High Definition Multimedia Interface (HDMI
) will have High-bandwidth Digital Content Protection
(HDCP) enabled, to prevent someone from recording the digital stream. Even analog TV-style outputs typically require some restrictions, provided by mechanisms such as Macrovision
and CGMS-A
. These restrictions only apply to DRM-restricted content, such as HD DVD
or Blu-ray that are encrypted with AACS
, and also apply in Windows XP using supported playback applications. Users' standard unprotected content will not have these restrictions. Some output types such as S/PDIF
(Sony/Philips Digital Interchange Format) typically don’t have a suitable DRM scheme available, so these need to be turned off reliably if the content so specifies.
In Vista, the control of PC video outputs is provided by PVP-OPM, which is essentially the next generation of Certified Output Protection Protocol (COPP) introduced in Windows XP
. However, rather than being a software application programming interface
, PVP-OPM operates with the Windows media components in the protected environment.
Additionally, PVP-UAB (Protected Video Path - User-Accessible Bus) is used to encrypt
video and audio data as it passes over the PCI-Express bus
, to prevent it from being intercepted and copied on the way to the graphics card. It is complementary to PVP Output Protection Management.
This would allow digital content to be played on equipment that does not implement DRM restriction measures (like rescaling of video resolutions and disabling analog audio outputs).
However, he did not release any source code in fear of a Microsoft lawsuit regarding possible violation of the DMCA. On 6 March 2007, Microsoft responded after internal testing, that the described method would not work.
schemes, there has been speculation that this scheme has been motivated by the fact that it would affect official free/open source graphics driver support by manufacturers. The scheme relies on the internals of graphics cards to tell whether the hardware is trustworthy (permitted to play copy-protected content). This could be subverted if an attacker knows certain details about the hardware's operation, which could be disclosed by hardware documentation
or open source device driver
s. However, this will not affect platform independency, as the scheme is provided with no charge.
Microsoft has frequently been accused of adding the Protected Media Path feature to Vista to block customers from copying rightfully owned media content (a practice believed to be protected by Fair Use provisions of the Copyright Act), and the feature is widely quoted as an example of Microsoft's uncompromising adherence to DRM.
These accusations have never gained much traction largely because Vista treats non-DRM media exactly the same as previous versions of Windows, and that following Vista's release there has been no change in the availability of free/open source drivers from graphics hardware manufacturers.
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
's Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, that is used to enforce digital rights management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
(or DRM) protections on content.
Its subsets are Protected Video Path (PVP) and Protected User Mode Audio (PUMA).
Overview
The protected environment in which DRM content is played contains the media components that play DRM content, so the application only needs to provide remote control (play, rewind, pause, and so on), rather than having to handle unprotected content data. The protected environment also provides all the necessary support for Microsoft-approved (signedDigital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
) third-party software modules to be added. It provides a "wall" against outside copying, where within the walls, content can be processed without making the content available to unapproved software.
In order to prevent users from copying DRM content, Windows Vista provides process isolation and continually monitors what kernel-mode software is loaded. If an unverified component is detected, then Vista will stop playing DRM content, rather than risk having the content copied. The protected environment is implemented completely in software, so software-based attacks such as patching the Windows kernel are possible.
These restrictions concern the various outputs from the PC. For DRM content, digital outputs such as Digital Visual Interface
Digital Visual Interface
The Digital Visual Interface is a video interface standard covering the transmission of video between a source device and a display device. The DVI standard has achieved widespread acceptance in the PC industry, both in desktop PCs and monitors...
(DVI) and High Definition Multimedia Interface (HDMI
HDMI
HDMI is a compact audio/video interface for transmitting uncompressed digital data. It is a digital alternative to consumer analog standards, such as radio frequency coaxial cable, composite video, S-Video, SCART, component video, D-Terminal, or VGA...
) will have High-bandwidth Digital Content Protection
High-Bandwidth Digital Content Protection
High-bandwidth Digital Content Protection is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio and video content as it travels across connections...
(HDCP) enabled, to prevent someone from recording the digital stream. Even analog TV-style outputs typically require some restrictions, provided by mechanisms such as Macrovision
Macrovision
Rovi Corporation is a globally operating, US-based company that provides guidance technology, entertainment data, copy protection, industry standard networking and media management technology for digital entertainment devices and services...
and CGMS-A
CGMS-A
Copy Generation Management System - Analog is a copy protection mechanism for analog television signals. It consists of a waveform inserted into the non-picture Vertical Blanking Interval of an analogue video signal...
. These restrictions only apply to DRM-restricted content, such as HD DVD
HD DVD
HD DVD is a discontinued high-density optical disc format for storing data and high-definition video.Supported principally by Toshiba, HD DVD was envisioned to be the successor to the standard DVD format...
or Blu-ray that are encrypted with AACS
Advanced Access Content System
The Advanced Access Content System is a standard for content distribution and digital rights management, intended to restrict access to and copying of the "next generation" of optical discs and DVDs. The specification was publicly released in April 2005 and the standard has been adopted as the...
, and also apply in Windows XP using supported playback applications. Users' standard unprotected content will not have these restrictions. Some output types such as S/PDIF
S/PDIF
S/PDIF is a digital audio interconnect used in consumer audio equipment over relatively short distances. The signal is transmitted over either a coaxial cable with RCA connectors or a fiber optic cable with TOSLINK connectors. S/PDIF interconnects components in home theaters and other digital high...
(Sony/Philips Digital Interchange Format) typically don’t have a suitable DRM scheme available, so these need to be turned off reliably if the content so specifies.
In Vista, the control of PC video outputs is provided by PVP-OPM, which is essentially the next generation of Certified Output Protection Protocol (COPP) introduced in Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
. However, rather than being a software application programming interface
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
, PVP-OPM operates with the Windows media components in the protected environment.
Additionally, PVP-UAB (Protected Video Path - User-Accessible Bus) is used to encrypt
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
video and audio data as it passes over the PCI-Express bus
Computer bus
In computer architecture, a bus is a subsystem that transfers data between components inside a computer, or between computers.Early computer buses were literally parallel electrical wires with multiple connections, but the term is now used for any physical arrangement that provides the same...
, to prevent it from being intercepted and copied on the way to the graphics card. It is complementary to PVP Output Protection Management.
Possible bypass
In January 2007 the developer Alex Ionescu announced that he had found a method that allows end users to bypass Vista's Protected Media Path.This would allow digital content to be played on equipment that does not implement DRM restriction measures (like rescaling of video resolutions and disabling analog audio outputs).
However, he did not release any source code in fear of a Microsoft lawsuit regarding possible violation of the DMCA. On 6 March 2007, Microsoft responded after internal testing, that the described method would not work.
Criticism
In addition to the regular criticism against Digital Rights ManagementDigital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
schemes, there has been speculation that this scheme has been motivated by the fact that it would affect official free/open source graphics driver support by manufacturers. The scheme relies on the internals of graphics cards to tell whether the hardware is trustworthy (permitted to play copy-protected content). This could be subverted if an attacker knows certain details about the hardware's operation, which could be disclosed by hardware documentation
Documentation
Documentation is a term used in several different ways. Generally, documentation refers to the process of providing evidence.Modules of Documentation are Helpful...
or open source device driver
Device driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....
s. However, this will not affect platform independency, as the scheme is provided with no charge.
Microsoft has frequently been accused of adding the Protected Media Path feature to Vista to block customers from copying rightfully owned media content (a practice believed to be protected by Fair Use provisions of the Copyright Act), and the feature is widely quoted as an example of Microsoft's uncompromising adherence to DRM.
These accusations have never gained much traction largely because Vista treats non-DRM media exactly the same as previous versions of Windows, and that following Vista's release there has been no change in the availability of free/open source drivers from graphics hardware manufacturers.
See also
- Features new to Windows VistaFeatures new to Windows VistaWindows Vista has many new features compared with previous Microsoft Windows versions, covering most aspects of the operating system.This article discusses the changes most likely to be of interest to non-technical users...
- Windows Vista I/O technologies
- Trusted ComputingTrusted ComputingTrusted Computing is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by...