Comment by Borealid
6 hours ago
How would you define it if:
- the DRM/delivery software is open source
- the game payload is sent to you encrypted using the public key of a secure enclave on your computer
- while the game runs all its memory is symmetrically encrypted (by your own CPU) using a key private to that secure enclave. It is only decrypted in the CPU's cache lines, which are flushed when the core runs anything other than the game (even OS code)
- the secure enclave refuses to switch to the context in which the CPU is allowed to use the decryption key unless a convolution-only (not overwriteable with arbitrary values) register inside itself had the correct value
- the convolution-only register is written with the "wrong" value, by your own computer's firmware, if you use a bootloader that is not trusted by the DRM system to disallow faking the register (ie, you need secure boot and a trusted OS)
That doesn't seem to fit in any of your models. There's no online check, you can't send someone else the key because it's held in hostile-to-you hardware, you can't bypass the local-PC check because it's entirely opaque to you (even the contents of RAM are encrypted). You can crack into a CPU itself I guess?
I don't think the mechanism of the DRM being open source helps with the copying AT ALL in this design.
This design is, by the way, quite realistic: most modern CPUs support MK-TME (encrypted RAM mediated by a TPM) and all Windows 11 PCs have a TPM. Companies just haven't gotten there yet.
I don't know about how secure enclaves work, so this may be a solution I'm not aware of. Thank you for explaining!
So I guess the whole game software, or at least a significant part, is loaded encrypted and runs encrypted. It's on the users hardware but the user can't access it.
The only thing I can think of: You say the game payload is encrypted using the public key of a secure enclave. This means the open source game launcher has to pass the public key to the server doing the encryption. Could you not supply a fake public key that goes to a virtual secure enclave? I guess the public key could be signed by intel or something, is that something that happens on current TPMs?
Would it even be possible to do this if the program had to run under Proton/Wine? The original subject here is the launcher running on Linux.
I do wander about the use of an open source launcher at this point though. As someone who prefers open source software, the idea of encrypted software running on my PC makes me uncomfortable, more than just closed source software.
Thank goodness!