In association with heise online

HDCP, HDMI and DisplayPort

HDMI logo Since hackers didn't really need to break a sweat cracking the CSS content protection for DVDs the movie studios demanded a tougher system for Blu-ray. Rather than contain the protection within the playback drive, it was decided to harden the entire playback chain against attack. For consumer electronics this has resulted in High bandwidth Digital Content Protection (HDCP) systems using High bandwidth Digital Media Interface (HDMI) connections. In this system each appliance is regarded as a sealed 'black box' linked together in a signal chain through a single HDMI connection, carrying encrypted digital audio and digital video signals. Each device establishes an encrypted signal link with the next device by sending and receiving authentication handshakes. Currently HDMI links support digital video at up to 1080p resolution and up to eight channels of digital audio. Each HDMI link consists of a bundle of 5 screened pair cables (three TMDS links, one TMDS clock and one control cable) acting as transmission lines plus a 5V power wire terminating in a 19 pin connector. For the consumer, one advantage of HDMI is that it minimises cable clutter and only one type of cable is used to connect all the devices – Blu-ray player, set top box, display, computer and audio amplifier – together.

Early in the development of HDCP it was implemented using DVI connections. However DVI is a video connection standard and does not provide the audio paths commonly found in home cinema. HDMI, which does include the audio support within the one cable bundle, was developed from DVI technology and is a superset of DVI. HDCP-compliant DVI requires the additional encryption/decryption hardware added to the interface to support HDCP. For several years following Blu-ray's launch many DVI products were shipped without HDCP support, particularly computer monitors. Graphics cards were sold that promised they were HDCP ready, but this required plugging in an update chip containing the HDCP encryption; few if any of these chips were ever shipped. Current graphics cards and monitors with Blu-ray playback capability tend to use HDMI connectors.

There is a competitor to HDMI called DisplayPort, a VESA standard. DisplayPort includes optional DPCP (DisplayPort Content Protection) copy-protection from Philips, which uses 128-bit AES encryption, although version 1.1 of DisplayPort added HDCP support too. DisplayPort is used on Apple Mac computers.

HDMI cable pin out In order to avoid signal degradation of the high bandwidth signal as it passes over the relatively long cable runs, HDMI signals are based on transition minimised differential signalling (TMDS) developed for the Digital Video Interface (DVI). In that sense DVI is a subset of HDMI and converter cables can be used to connect between devices fitted with HDMI and DVI connectors. However few DVI devices support the encryption used for HDCP signals, which is particularly annoying when connecting to a slightly older monitor that has the required resolution for high definition video, but won't display it because it lacks the encryption. It is also annoying that many HDCP compliant devices do not have separate analogue audio outputs to allow audio to be fed to older analogue amplifiers.

HDMI cables
A typical HDMI cable
With consumer electronics the assumption is made that each device in the high definition playback chain is a sealed box and that the consumer has no easy way to access the unencrypted signals inside the boxes. When a computer is used to play Blu-ray media it's a different story, since most internal data streams can usually be easily accessed by the computer user. With proprietary operating systems such as Windows Vista, Microsoft have driven protected data channels through the operating system which, in theory, are not accessible even to experienced users. The proprietary software players are issued with private encryption keys in the same way that private encryption keys are allocated and installed in hardware Blu-ray players.

The typical high definition encrypted computer set-up consists of a Blu-ray compatible drive with a software player application which handles the encryption running on a proprietary operating system that preserves the integrity of the encrypted data stream. The encrypted data stream from the optical disc drive is split into video to drive a graphics card with HDCP encryption support and an HDMI output, and into audio to drive a sound card.

A Linux system can use all the same hardware, so the in-drive encryption and handshaking are preserved and the encrypted external video link from the graphics card to the monitor will also be maintained. However, once the data gets inside the computer and under control of the operating system, it's 'open source rules' and the data is accessible to the computer user.

Big media has realised that any static protection scheme is likely to be compromised as time goes by, so provision has been made to allow Blu-ray's encryption scheme to be changed. Recent stand alone Blu-ray players come with an internet connection that not only allows remote handshaking and interrogation, but also allows remote commands and even fresh encryption keys or encryption schemes to be downloaded. Of course such features are useless if the player is not connected to the internet.

Changes in the law in the USA and in Europe in the form of the DMCA 1998 and the European Union Copyright Directive 2001, which make it illegal to crack DRM schemes even if no copyright is infringed, are gradually beginning to have an effect. This makes it less likely that any free HDCP work-arounds will appear for true Blu-ray playback under Linux.

Next: Intel and DTCP-IP

Print Version | Permalink: http://h-online.com/-746607
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit