Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

ARM takes hardware view of DRM

Posted: 16 Feb 2005 ?? ?Print Version ?Bookmark and Share

Keywords:digital rights management? drm? software? software?

Some engineers believe any successful digital rights management (DRM) solution must ultimately rest on special secure hardware. Thus far, these skeptics point out, software-based attempts at digital rights security have proved quick failures.

One reason, they claim, is that the huge body of code represented by the combination of a DRM application, media player and commercial OS is simply too large and complex to be secured against a patient and knowledgeable software attack. There is always some way to fool an OS into giving an attacker access to the protected data.

These engineers argue for a hardware means of creating a secure environmentin essence, an operating mode and an address space that can only be reached by passing through authentication, and that are sufficiently small and constrained to allow programs written for this mode to be formally proven.

That is the thumbnail description of ARM's TrustZone hardware. "The idea is to create a secure partition in the system that sits beside the normal operating partition," said Dave Steer, ARM North America's director of segment marketing. "In this way, hardware creates a small, formally provable environment in which secure applications such as DRM and cryptography can execute."

ARM's approach begins with a new instructionsecure monitor interrupt (SMI)that can only be executed by a task running in privileged mode. SMI sets a flag in the MMU and on the advanced microcontroller bus architecture that informs everyone the CPU is now in secure mode. It then places the CPU in monitor mode and traps directly to the user's authentication routine. The authentication software can then, at its discretion, pass the call on to a secure kernel.

Once the system developer writes formally proven secure code for the authentication monitor and kernel tasks, this is sufficient to prevent a software attack, Steer suggested. But it is not the ultimate protection.

"This will stop what we call the Radio Shack attacki.e. an attack by a very clever person using software," he said. "It won't prevent a hardware attack that involves taking the cap off the chip and probing or scanning the die."

"But that's not a realistic threat from someone trying to copy a protected video," Steer added.

Ron Wilson

EE Times

Article Comments - ARM takes hardware view of DRM
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top