What does "supports DRM and may not be fully accessible" mean for SATA SDDs?
156 comments
·January 20, 2025bdd
Maxious
> I don't think in this very case it has anything to do with digital rights management.
From your kernel source link
> DVR type users will probably ship with this enabled for movie content management.
Indeed where the DRM error message comes from https://github.com/torvalds/linux/blob/ffd294d346d185b70e28b...
> CPRM may make this media unusable
CPRM?
> Content Protection for Recordable Media and Pre-Recorded Media (CPRM / CPPM) is a mechanism for restricting the copying, moving, and deletion of digital media on a host device, such as a personal computer, or other player. It is a form of digital rights management (DRM) developed by The 4C Entity, LLC (consisting of IBM, Intel, Matsushita and Toshiba).
How can we be sure which CPRM it is though? Ah the kernel maintainers actually had an argument about it at the time https://www.linuxjournal.com/article/5091 https://www.linuxjournal.com/article/5092
bdd
> Indeed where the DRM error message comes from https://github.com/torvalds/linux/blob/ffd294d346d185b70e28b...
That's for compact flash cards. Based on the kernel message from the StackExchange post we can tell it isn't a CF. So it's not coming from the line you linked, but 11 lines below.
OptionOfT
The S in SD stands for secure, and can be used for DRM purposes as well.
Windows Phone 7 is the only one I know of that used it: https://web.archive.org/web/20110219215401/http://support.mi...
Once the SD card was bonded to your phone it was not reuseable elsewhere.
garaetjjte
>Once the SD card was bonded to your phone it was not reuseable elsewhere
It password-protected the card (using CMD42). You can remove password while erasing the card, but most devices weren't aware of password protection feature at all.
SD actually stands for "Super Density", optical disc format that was replaced by DVD but they already had the logo designed and apparently didn't want let it go to waste. https://www.global.toshiba/ww/news/corporate/1995/11/pr0701....
Marsymars
> It password-protected the card (using CMD42). You can remove password while erasing the card, but most devices weren't aware of password protection feature at all.
You could actually use a Symbian device to bring the cards back to life!
forty
OP is about SSD, 2 Ss, so twice as secure ;)
throw0101d
> OP is about SSD, 2 Ss, so twice as secure ;)
Like applying ROT13 twice?
baal80spam
Super Secure Drive
BlueTemplar
Looks to be 2 Ds, so Super Duper Drive ?
dmichulke
just like homo sapiens sapiens is ehhh ... nevermind
kurtoid
Some Garmin Marine units use SD cards for map updates (Bluechart), which also seem to use the S in SD
anilakar
So... one more reason to not buy the content and pirate it instead.
raxxor
Basically the idea of hardware/software attestation.
This is the "security" people try to sell you with secure boot mechanisms and signed software.
Don't use media that relies on it for your own sake.
Spivak
Don't use media that relies on it when you're not the one managing it. These features are cool when you control them. Digital signature verification on Redhat is great.
josephcsible
Even if you are managing it, you should still avoid it unless the hardware is designed so that it's inherently impossible for it to be used any other way. Otherwise you're financially supporting the problem.
kristjansson
Drives for/from Digital Cinema Packages?
supriyo-biswas
I wonder whether the "owning" argument against DRM and streaming media can be solved with physical media which you can still own.
Although, realistically we'll just end up with a drive that locks the user out of critical parts of the operating system and system data to ensure lock-in, which is related to the "restrictions" and "freedom" part of DRM.
ulrikrasmussen
I truly hate how the battle against DRM is slowly being lost, and I predict that in the near future it will be very difficult to use many apps (or even websites) while running on custom non-commercial builds of your operating system because "your" hardware will collude with the service provider to deny you access.
This should simply be illegal and considered a human rights violation. At least hardware vendors should not be able to claim that they sell you the hardware and that you own it, they should be upfront about it being a rental agreement, and you should be able to cancel that agreement and return the hardware with a full refund at any time.
jjcob
I was so happy when HDMI caught on that the troubles with VGA ports in meeting rooms were finally a thing of the past.
But now I randomly get "HDCP not supported" messages when trying to make a presentation because... I have no idea why. It's just a giant fuck you from the recording industry.
I could download a torrent of any movie I want, so the tech is obviously not preventing piracy.
It's just making random things in life harder than they should be.
BearOso
HDMI licensing is a pain in the ass. There's charges per device for simply providing connectors, and the HDMI forum refuse to let open source GPU drivers implement HDMI 2.0 or above.
pbasista
> HDMI forum refuse to let open source GPU drivers implement
What? How can an entity "refuse" to let others implement something?
It seems to me that the HDMI forum does not have any say in what someone decides to implement.
like_any_other
> I could download a torrent of any movie I want, so the tech is obviously not preventing piracy.
But you couldn't manufacture your own monitor/projector/media player without permission from and tribute to the HDMI lobby. Well, you could, but it would fail commercially due to incompatibility. In other words, DRM is an anti-competitive cartel.
geraldhh
> the troubles with VGA ports in meeting rooms
please elaborate
fwiw vga is plug and play, but multi-monitor support in operating systems was indeed a pia
jjcob
In my experience, the cables and dongles were prone to loose connections. You had to fiddle with the plugs to make sure they had a proper connection.
Selecting the right resolution was also problematic. Sometimes the native resolution of the projector didn't work for some reason, leading to blurry images.
I remember one time there was a weird issue where only half the image was shown. Another time, the image showed up with wrong colors (not sure how that happened).
HDMI isn't all rosy either, poor cables also cause connection issues. I had one cable that only worked in one direction. That was very odd. But in my experience HDMI connections are way more reliable than VGA connections.
(Maybe projectors and laptops also became more reliable, can't say for sure)
bayindirh
VGA/DB15 is not a hot-plug connection by default.
That part started with DVI.
bawolff
Especially silly because the HDCP master key got leaked back in 2010.
Clamchop
I've read that there are HDMI splitters and other devices like that that incidentally also happen to strip HDCP. Maybe you can scrounge up one of these to carry?
marcosdumay
Well, good thing that we are slowly moving everything into DP.
But it's a bad thing that it's so slow.
danaris
We're...not, though?
Sure, computer-based displays are supporting various DisplayPort standards more broadly all the time, but TV-based displays are still all-in on HDMI, and the #1 reason (well, OK, the #1 reason is "because that's how it's been", but the #2 reason) is because the big TV/movie companies demand HDCP—DRM on the cable.
I'd love to see a big dumb TV and a set-top box or game console with a DisplayPort cable connecting them, but I don't actually expect that to happen any time soon.
mindslight
> I could download a torrent of any movie I want, so the tech is obviously not preventing piracy.
Could? Why don't you? Stop feeding this terrible industry doing everything it can to put the personal computing genie back in the bottle.
Clamchop
Rights holders are pretty good these days about notifying your ISP so they can send nastygrams threatening to terminate service. Usually there's something like a three-strikes policy.
So, safe torrenting involves either paying for a seedbox, or tunneling your client through a VPN.
I'm sure you know all this already, just putting this as a warning to passers-by.
scotty79
> It's just a giant fuck you from the recording industry.
I eagerly await the moment when AI folks will just buy a bill to abolish copyright and send the content industry packing to do something more useful than sitting on swaths of human culture and clipping coupons.
bayindirh
Nah, that won't happen. AIBros will just pay them to get the medium for peanuts money.
Just like this: https://mathstodon.xyz/@johncarlosbaez/113221679747517432
Spoiler: Academic publisher Taylor & Francis recently sold many of its authors’ works to Microsoft for $10 million, without asking or paying the authors — to train Microsoft’s large language models!
xg15
Yeah, theoretically, this battle should already have happened, the moment Disney realized there was mouse IP in DallE's, Stable Diffusion's etc trainsets and people were using it to create unauthorized content.
In practice, they seemed too interested in using the technology themself to care.
I predict IP law will just become fully hypocritical, with your protection as a creator and consumer depending on your status and connections.
bayindirh
Well, in most cases they won't be able to get Microsoft PC certification, so it's not going to happen. Hardware vendors are the wrong tree to bark at. Most of these requirements are passed down by Microsoft and content lobbies.
If they require your PC to be tinkerable/repairable; higher end devices will come with a "toolbox loaded with high quality tools to ease and improve the experience", "for no additional charge", as a selling point.
grishka
> Microsoft PC certification
Why is that a thing to begin with? What happens if a PC doesn't have it? It's not like Windows would refuse to run on it.
bayindirh
You can't officially sell the computer as "Windows Compatible", and won't be able to sell it with Windows preinstalled with an OEM license, which is basically (i.e. heavily discounted) free to you as the OEM.
Plus, it doesn't protect you from Microsoft making Windows incompatible with your specific system "by accident" (See Dr.DOS incident), or sue you to oblivion by a very small clause in their licenses.
globular-toast
It's a thing because people want to control other people. This is what it all boils down to, sadly.
hun3
idk, losing access to preinstalled OEM license?
creer
> they won't be able to get Microsoft PC certification, so it's not going to happen
Really? That is the barrier?! How much control do you think you have on "Microsoft PC certification" standards?
pmontra
Don't give them ideas. 99 dollars per month to use your/their laptop. 49 extra to unlock the performance cores. 99 more for the discrete graphic card. 39 for the AI chip.
squarefoot
I think they'll push for something even worse: all computing to slowly become remote, turning local machines into dumb terminals as in the mainframe era, like the last 60 years of IT development never happened. Cloud, SaaS and vGPU are examples of this tendency.
Dumb terminals will be much cheaper: less resources, less (virtually no) storage, therefore many people will take this road to save money (ChromeOS anyone?), although in many cases they'll be forced to pay a lot more with time.
pmontra
> all computing to slowly become remote
If it will happen it will be probably championed because of security and law enforcement: automatic virus prevention, parental care, OS upgrades, content scans, piracy prevention, etc.
Phones are more or less already there right now.
reaperducer
Don't give them ideas. 99 dollars per month to use your/their laptop. 49 extra to unlock the performance cores. 99 more for the discrete graphic card. 39 for the AI chip.
Microsoft was talking publicly about pay-per-minute Windows use way back in 1999/2000, but the technology didn't exist then.
It does now.
bayindirh
Welcome to Intel On-Demand, formerly called Software Defined Silicon (SDSi): https://github.com/intel/intel-sdsi
From the README:
Intel® Xeon® family processors with support for Intel® On Demand (formerly known as Software Defined Silicon or SDSi) allow the configuration of additional CPU features through a license activation process.
baq
In the B2B world where everything is being converted into yoy roi/roe it makes perfect sense for both parties, especially if you can pay for your cpus out of opex budget instead of capex.
Absolutely abysmal for the consumer though.
mschuster91
The first generations of Raspberry Pi had the same with video codecs, IIRC MPEG and h264, to keep the price down for educational users but make it usable for people doing stuff with video.
baal80spam
This one ended just great for Intel, didn't it?
https://www.tomshardware.com/news/intel-finalizes-intel-on-d...
Sophira
That's horrifying.
sillywalk
IBM and HP have had something similar to this in their mainframes/servers - Capacity on Demand - for decades. Pay more licensing to activate more CPUs/Cores that are present but disabled.
eecc
That’s vintage Mainframe playbook
hansvm
> return the hardware at any time
"Any time" might be a stretch, but I've had no problems returning hardware which, after unboxing and/or setting it up, I found violated basic expectations and didn't have those limitations listed in the specs (no, I'm not buying and maintaining an un-rooted Android AND granting location services and other such permissions just to set up your special snowflake printer, and if your OBD-II control app works via a webview and one day starts requiring a subscription for the device I "purchased" then that's going straight back to the store/manufacturer even years later, ...).
TheJoeMan
Regarding the printer comment, I've bought HP printers that have stickers covering the USB port with a "NO" symbol, and removing the sticker the port works just fine. I'd like to think there is an engineer in the belly of the beast ensuring this stuff slips past the marketing team.
GuB-42
They probably shouldn't have called it "DRM" here. It can be used for DRM, but it can also be used to secure your own data, and calling it "DRM" is unclear on what feature it is. What standard does it follow?
The technology that can prevent a thief from getting all your data from your computer is the same that prevents you from ripping media files, the only difference is who owns the keys, but that part is out of scope for a SSD.
nicman23
just do not use them. actually vote with your wallet.
ulrikrasmussen
But that doesn't really work because "wallet voting" is very different from democratic voting. As part of a small minority you can be very sure that your wallet votes will be firmly ignored whereas well-designed democratic systems will at least let you vote for someone to represent your opinion. Wallet voting works very badly for protecting those who are in the minority.
LocalH
When you're a small enough minority politically speaking, your ballot votes will also effectively be ignored. I voted for a third-party candidate in a heavy red state, so my vote was purely symbolic, it had zero chance of having any effect.
ajsnigrutin
In theory this works, but when you have 4 banks in your country, and all 4 require this, you're basically fscked.
nicman23
your bank requires drm? what.
eecc
OTOH, it allows you to implement secure vaults for your personal and most important data.
It all depends on how access to these privileged interfaces is managed.
Gigachad
Why would that be implemented by the SSD rather than the OS? I can't see any realistic reasoning for this but DRM.
miki123211
To prevent disk cloning.
A typical attack scenario here would be something like:
1. You leave your laptop in a hotel room.
2. Criminals / police break in and clone the drive.
3. They install a (physical) keylogger between your keyboard and the rest of the computer.
4. You return, turn the computer on and enter your password, which the keylogger transmits to your attackers.
They now have both the drive contents and the password needed to decrypt them.
You can mitigate this by using a TPM and storing the key there instead of deriving it from the password, but even then, an attacker is able to clone the drive first and get the key later.
With this feature on, you can't clone the drive until you get that key.
luma
I could also have it show me one set of data on my secured machine, but a completely different filesystem + data if stolen and run on some other system, or booted under duress, etc.
This seems like a neat feature for some weird use cases.
ulrikrasmussen
Yes, the technology is not inherently evil, but some applications of it are. We shouldn't put bans on the tech, but we should put bans on usages of it which takes away personal freedom.
Using it to implement secure vaults for your personal data is a way to actually improve personal security, and I can get behind that.
Using it to prevent software from even running on your device claims to improve personal security, but actually it is mainly about asserting control over you. Yes, it improves security as a side effect, but it does so by taking away your freedom.
nonrandomstring
> a way to actually improve personal security,
I'm not sure this is true. I've studied trust models in some depth now and I think that cryptographic enclaves are at best an analgesic and sedative. Don't fall for any myth of symmetrical technology that can be used "for evil or good".
The purpose of this technology is to assert logical ownership over computation under remote physical control of another. That would serve your interests and rights iff you purchase a cloud computing resource you want to make secure in an untrustworthy data-centre.
Sadly "security" gets used as a bare noun.
One must always ask three questions:
- security for who?
- security against who or what?
- security to what end?
josephcsible
> Yes, the technology is not inherently evil, but some applications of it are. We shouldn't put bans on the tech, but we should put bans on usages of it which takes away personal freedom.
IMO, any technology that can be used to take control of devices away from their owners is inherently evil and should be banned outright, even if there are other uses of it that would be legitimate.
null
I don't think in this very case it has anything to do with digital rights management. It detects an Intel SATA SSD, SSDSCKJF360A5L a disk that supports ATA Trusted Send/Receive commands used to interface with on-disk encryption features. Specifically 5B to 5F (reference: https://wiki.osdev.org/ATA_Command_Matrix).
To make things even more confusing, kernel refers to the command between 5C and 5F with the acronym TPM, and requires `libata.allow_tpm=1` command line parameter to be passed to allow issuing them. (kernel source reference: https://github.com/torvalds/linux/blob/v6.12/drivers/ata/lib...), which has _nothing to do_ with the trusted platform module TPM, just another TLA clash.
Here's the original commit from 2008. The naming is very likely through misassociation. TCG: Trusted Computing Group is most known for creating TPM specification. Another thing they work on is the OPAL specification for self encrypting drives. Author possibly clumped them into the same thing. https://github.com/torvalds/linux/commit/ae8d4ee7ff429136c8b...