This section reviews the steps that PVP-OPM follows in determining whether premium content can play on a Windows Vista PC.
PVP-OPM Initialization Sequence
The Windows Vista PVP-OPM software determines whether to allow premium content to play, based on the state of the outputs as reported by the Output Protection Management mechanism and other factors.
PVP-OPM Initialization Sequence
The fundamental sequence used in PVP-OPM is as follows:
1. HFS authentication
On initialization after power-up or after a hibernation, the vendor-supplied kernel-mode driver uses HFS to determine beyond reasonable doubt that it is talking to genuine hardware, as opposed to an emulation device. It also determines the exact model number and variant, what outputs are present, and the protection capabilities of those outputs. It also determines whether a user-accessible bus is present.
2. Certificate verification
Next, the OPM user-mode software requests a PVP-OPM certificate from the vendor-supplied driver, which is required to return the certificate only if it has determined that it is talking with hardware that conforms to the PVP-OPM compliance rules.
3. OMAC channel
Next, using the key pair in the driver, a verified command-and-status channel is established between the OPM user-mode Windows component, and the vendor-supplied kernel-mode driver. Both commands to the driver and status from the driver are OMAC’ed to ensure that any tampering with these messages is immediately detected. When the Protected Environment is operating in high-level security mode, there is no absolute need for an OMAC’ed communication channel, but it does allow for mid-level security (like Windows XP COPP), even if the Protected Environment is not allowing the playing of high-level premium content.
4. Attributes reporting
Next, by way of the verified command channel, the OPM user-mode component asks the graphics driver to report on the attributes of the graphics hardware and the enable/disable state of the outputs.
5. Outputs, protections, state, and UAB
The driver returns a list of outputs (connector types) plus the protection mechanisms available on those outputs and whether the outputs are currently disabled. The driver also reports whether a user-accessible bus is present.
|