Hello *.*! I apologize upfront, if this is the wrong place or way to ask... but is anyone here interested in a CI+ handshake code donation? The market we commercially served&supported over many many years (independent smaller STB builders) is completely suffocated/gone and I consider making parts of the stack open source, if only it would help to set a few things right and drain a few ugly swamps. For obvious legal reasons, I have no intention to provide actual key material or the few final bits of information that the CI+ extortion regime puts into the "Licensee specification" under NDAs/SLAs. Motivation ------------ I am eternally disgusted by - the entire rotten CI+ ecosystem - the main cryptography part probably sold by the mafia to a few grey market overpriced STB vendors who then redistribute this as questionable closed-source plugins to endusers, relying on leaked keys - disfunctional revocation of these keys (proving the argument to regulators wrong, that all this is "for security" - of course it always only was about market control and extortion) - poisoned pseudo open source offers for CI+ (a.k.a. "sign this NDA and you get access to our DVB codebase with CI+ for our R&D platform that only we can support you on [for money]"... ... and you still pay 100.000? for nonsense certifications to the CI+ mafia in the end) Offer ------- If anyone is interested in taking, integrating and maintaining the cryptography logic and APDU parsers/generators from our CI+ Contentcontrol as open source project, please get in contact (not a fan of mailing lists). What you should (not) expect ------------------------------ The CI core that this CI+ is based on predates the Linux CI stack (at least to my knowledge). So absolutely no part of this is a drop-in replacement for existing Linux code. On Linux-based proprietary SoCs, our customers usually executed all of this in user land. In most cases, CI & CI+ were completely bypassing dvb apis and instead used simple ioctl APIs to read/write PCMCIA memory on the external bus. Vendor-proprietary on-chip security was used to protect the keys. The code depends on a couple of 3rd party crypography components in the public domain or under BSD/MPL like licenses for hashes,AES,RSA,DH... obviously nothing under GPL (yet). But: I can guarantee that the handshake state handling and interfacing with the cryptography work 100%. This is compiling&working on x86,SH4,MIPS,ARM, certified and deployed on countless real devices, so maybe this is of some value for you and the general public. How the package I am willing to re-license can be turned into a useful open source contribution without violating any laws or SLAs, how you can install/manage/use/protect keys in a somehow generic Linux official way or with a standardized TEE interface, which parts exactly we provide, that would all have to be discussed in detail. Way too much for this email, so I end at this point. If no hands are raised and everyone here considers CI+ dead as television in general or as poisoned fruit not worth supporting in any way... even better and sorry for disturbing you. Regards, Gero
