1. Field of the Invention
Embodiments of the present invention relate generally to memory management techniques and more specifically to a method and system for protecting content in graphics memory.
2. Description of the Related Art
Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Digitization of content not only provides new ways to distribute and commercialize content, but it also enables new and easier ways to violate copyright or to steal or misuse premium content such as feature films. To combat rampant piracy of digital content, some content providers have developed advanced content protection schemes in digital medium such as laser disks and cable/satellite TV, and impose strict requirements on the licensees of such conveyance schemes in order to safeguard their premium content. For example, the content protection licenses for popular content formats and mediums, such as Digital Versatile Disc (“DVD”), Blu-ray, High Definition (“HD”) DVD, Fairplay, and OpenCable, include requirements of safeguarding the handling and protection of content during the decode process to prevent unintended interception and copying.
However, conventional computer systems fail to cost effectively provide the end-of-end content protection as required in the aforementioned licenses. To illustrate, FIG. 1 is a simplified block diagram of such a conventional computer system 100 handing content with two main processing units, a central processing unit (“CPU”) 102 and a graphics processing unit (“GPU”) 114 that operates in a GPU front-end domain 108. To play back content, the CPU 102 executes the instructions of a content player, such as the Windows Media Player, and interacts with the GPU front-end domain 108 via a Peripheral Component Interface Express (“PCIe”) interface 106. Typically, this content is partially decoded by the content player and also partially decoded by the GPU 114. The scheme of distributing these decoding tasks is commonly referred to as the distributed decode model. After the content player hands over the partially decoded content to the GPU 114 for the final decoding and rendering, the content briefly resides in the physical memory space 112. Depending on the configuration of the computer system 100, the physical memory space 112 here may include system memory, memory local to the GPU 114, or a combination of these two different memory systems. Since the PCIe interface 106 is a public and unsecured interface, whenever the CPU 102 and the GPU front-end domain 108 pass information such as the memory pointers to this temporarily stored content in the physical memory space 112 between one another through this interface, the information is susceptible to eavesdropping and interception. Once intercepted, a rogue agent can proceed to acquire the location of the content, retrieve the content out of the physical memory space 112 as it is being played, and copy the content into off-line storage. Similarly, after the GPU 114 finishes decoding and rendering and presents the content to backend connections 118, such as High-Definition Multimedia Interface (“HDMI”), for display on a display device 120, the content may also be intercepted midstream.
One conventional approach to counter the unwanted interception and copying of content as it travels from one component of the computer system 100 to another is to encrypt the content in transit. For example, in the GPU front-end domain 108, the GPU 114 needs to encrypt any part of the content to be stored in the physical memory space 112. Also, in the backend connections 118, a stream cipher is needed to encrypt the content before it reaches HDMI. However, whenever the content is encrypted, it needs to be decrypted before it can be processed further. Therefore, rendering a pixel in the encrypted content necessarily requires the additional steps of decrypting data, processing data, and re-encrypting data for storage in a frame buffer before scanning out the entire frame. Not only does repeatedly performing these steps negatively impact the overall performance of the computer system 100, but it also increases the cost of the computer system 100 because of the need for additional resources, such as processing and storage capacity, to perform the steps. Further complicating the matter, this conventional approach lacks any intelligence to discern protected content from unprotected content and thus needs to encrypt both types of content even when it is not necessary to do so. For instance, suppose a content player is playing protected content, such as a movie clip, in a content player window on a Windows desktop. Suppose further that other than this content player window, the Windows desktop itself only contains unprotected content, such as icons. The conventional approach here still encrypts not only the movie clip in the content player window, but also encrypts the entire Windows desktop. The significant overhead associated with encrypting and decrypting unprotected content leads to further deterioration of the performance of the computer system 100.
As the foregoing illustrates, what is needed in the art is a method and system for protecting content in graphics memory without having to rely on encryption and decryption mechanisms and addressing at least the shortcomings of the prior art approaches set forth above.