[mythtv-users] CableCard Chain.

Devin Heitmueller dheitmueller at kernellabs.com
Wed Jul 25 01:05:40 UTC 2012

On Tue, Jul 24, 2012 at 8:37 PM, Chuck Peters <cp at ccil.org> wrote:
> Tivo was, and probably still is, running Linux, so why is it technically
> insurmountable for MythTV to get certified by CableLabs?

The way most of these hardware designs work is the encryption is done
in hardware and the operating system never has access to the
unencrypted stream.  It comes in on the cable card, gets reencrypted
in silicon using keys built into the chip, and the encrypted stream is
stored on disk.  Then when playback is needed the encrypted stream is
read off disk, fed into the on-chip decryption engine and the
resulting stream is funneled out the video output.  The point is that
the operating system can never actually see the unencrypted stream.

The other approach is to allow the operating system access to the
unencrypted stream, but use code signing to ensure that only the
kernel that was provided by the vendor can access it (enforced in
hardware or the boot loader).   In this case they can make the kernel
source available, but without the code signing key you cannot run an
unsigned kernel on the hardware platform.

Most people don't realize it, but many of the settop boxes provided by
the cable companies themselves run Linux.  Of course they are under no
obligation to give you the GPL source, since the cable company is
technically the owner of the hardware and you just lease it.


Devin J. Heitmueller - Kernel Labs

More information about the mythtv-users mailing list