[Cbe-oss-dev] Playstation 3 BD-ROM access and LV1_DENIED_BY_POLICY

Nicholas A. Bellinger nab at kernel.org
Fri Aug 3 02:07:51 EST 2007 

Hi Ranulf,

On Thu, 2007-08-02 at 15:25 +0100, Ranulf Doswell wrote:
> Hi Nicholas,
> 
> I've not tried any of the software you've described, so this is based
> entirely from speculation based on what I've read about AACS
> authentication.
> 
> To me, it sounds most likely that you've inserted a recent disc which
> has updated the drive so that it no longer provides the media ID
> without host authentication. Perhaps even the key in older versions of
> the firmware has been revoked and newer firmwares use a different host
> authentication key? In fact, I'm very much surprised even that you
> were able to obtain the media key in the first place. 
> 

Why is this such a surprise?  The beauty of the block level access model
is that the neither side of the storage nexus knows that their storage
command descriptor blocks are being moved across the network.  This is
what allows a storage area network to function transparently.
Additionally, note that none of the ATAPI requests which are moved
across the network with iSCSI are modified in any way from when they are
generated in userspace on the initiator side, to once they are issued
into the hypervisor on the target.

> Did you try watching a previously unwatched disc when your troubles
> began, perhaps? If the first time this failed was watching something
> you've seen before then you can probably discount my theory, but from
> what I've read every disc contains a host revocation list and a drive
> will always update its revocation list from this before the host even
> knows about the disc insertion. 

These are all discs that I have watched a number of times in both the
PS3 BD-ROM, as well as my standalone Philips SPD7000P.  Additionally, I
have only ever watched these movies over the iSCSI.  Again, keeping in
mind that neither side is aware that the ATAPI packets are being moved
over the network, and all of my previous attempts to issue the ATAPI
CDB:

REPORT_KEY / 0xa4

That is the first READ defined CDB that will kick off the AACS
authentication process.  As previously mentioned, I have been able to
issue this ATAPI command to the PS3 BD-ROM, using the normal interface
happily for a number of months since I was first able to determine that
this model worked.  Surely, if the REPORT_KEY CDB returns back with an
exception from LV1 and hence never makes it to the BD-ROM, that the
software player on the other side will not be able to continue.

--nab

PS: Note that REPORT_KEY is not just used by AACS, but by DVD-CSS as
well.  The bits of interest are the 'Key Class' defined in Byte 7 and
'Key Format' Byte 10.  Please go have a look for yourself in any T10-MMC
standards document from the past few years.





> 
> Cheers,
>     Ralf.
> 
>

More information about the cbe-oss-dev mailing list