[mythtv-users] cablecard

Thu Apr 7 15:41:01 UTC 2005

MythTV can't meet the certification guidelines, I'll
out and simple say that.

Having worked in the DOCSIS industry for a few years,
I know that there's no such thing as perfect security.
 I also know a bit about the way that CableLabs works.

Anyway...  Set-top boxes will have access to the
unencrypted video, they will need this to run their
"trick" modes - fast forward, rewind, on screen
display, etc.  However, some of the processors that
the set-tops run on will have encrypted memory and
buses (i.e. the memory bus will be encrypted) - but
that isn't really a necessity.

Basically, what they (CableLabs) want is some sort of
promise that the platform can't easily be compromised.
 So, in a typical cable modem submission, you need to
do things like:
1. Remove the serial port pins
2. Remove the shell from the DOCSIS software, or make
it so that it only responds to a minimal set of
commands (none of which can compromise the integrity)
3. Each modem has an X.509 certificate that is chained
to the DOCSIS root authority
Etc., etc.

In reality, cable modems have been compromised a few
times.  There's a few groups that devote their time to
hacking modems (mainly Motorola) and writing new
firmware for them and such.  For the most part,
although CableLabs and the modem manufacturers care
about it, I haven't heard of any public lawsuits, or
CableLabs revoking Motorola's DOCSIS X.509 certificate
(which CL is well within their rights to do).

Microsoft might be able to get away with this because
they are a closed-source implementation, which might
be enough for a CableLabs certification.  If not, then
they might have to have a special security chip put on
board - surely this would not be an issue for them, I
would think that there are manufacturers making PC
motherboards like this (I know that there are laptop
manufacturers that do this).

In this case, the open nature of MythTV will preclude
it from playing the game (legally).  I'm not saying
that MythTV should go closed source, I'm just stating
facts.  I also suspect that other closed-source
programs running on Windows (like SageTV) might have a
problem as well, since if Microsoft does get a
CableCard implementation, there is no way that they
will be allowed to provide a DLL that gets unencrypted
data to a user application.

It really becomes interesting with a "generic PC"
implementation of CableCard, because of the modularity
of PCs, and the open hooks in place to sniff the data
out.  (Also, there is some sort of strange stigma that
embedded devices are so much more difficult to program
for, but in general, they're not.  All you need is a
smart guy to write the drivers/interfaces, and
everybody else can be a generic C/C++ programmer.)

-- Joe

--- Brad Templeton <brad+myth at templetons.com> wrote:
> On Wed, Apr 06, 2005 at 07:33:10PM -0400, Jay R.
> Ashworth wrote:
> > Just to be clear: the best we're likely to get
> would be QAM compatible
> > *tuner cards* with cablecard slots on them.  Don't
> expect mezzanine
> 
> Can you say what you have heard?  Again, purpose #2
> of the cablecard
> (their purpose) just doesn't work at all if they
> give us something
> like this that will talk to a program like mythtv. 
> So it's hard to see
> why they would give this, it goes against everything
> they have said they
> want.
> 
> The purpose of the cablecard is to split the
> decryption from other
> functions of the set top box, officially.  But
> unofficially they have
> no desire to let ordinary users get at the video
> stream.
> 
> Even if myth people could come up with the $100,000
> it costs to certify
> to use the cablecard, how would myth meet the
> requirements not to let the
> unencrypted video be available?
> > _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
>
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
> 

__________________________________ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs