Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Using Protected Terminal Display / PAVP

James753
Beginner
398 Views

Hi, I'm developing a secure application in which I'm trying to make use of Protected Terminal Display feature from what I understand uses Protected Audio Video Path under the hood to protect the window / display. I understand that the commercial use of PAVP is to support HDCP but that is for protected content playback and requires a licensing fee for which this application is not suited anyway. The route I understand PTD / PAVP can work together is that the ME could create a key securely and pass it to the GPU where the GPU encrypts the frame data symmetrically for that application in the pipeline.

 

Is there an SDK or Development Kit available which allows developers to protect the windows of applications performing sensitive operations using PTD or PAVP? 

0 Kudos
2 Replies
dusktilldawn
New Contributor I
360 Views

PAVP, as you've mentioned, is typically used for HDCP-protected content and is often tied to licensing fees, which may not be what you're looking for.

 

To directly address your question: there is no standard, publicly available SDK specifically designed for developers to easily integrate PTD or PAVP into their applications for securing windows.

 

These technologies are typically part of the hardware and operating system stack (especially for HDCP and content protection), and are mostly aimed at secure video playback rather than general application window protection.

 

However, there are some potential alternatives:

Intel's SGX (Software Guard Extensions): For securing sensitive data in the application, SGX might help, although it doesn't directly encrypt window displays.


Graphics Driver APIs: Some GPU vendors may offer low-level APIs for securing graphics or handling content protection, though this would likely require a partnership or special access, especially for PTD/PAVP features.


Windows Security Features: On Windows, certain security features like Protected Mode or Windows Information Protection (WIP) may be useful depending on your needs.

0 Kudos
James753
Beginner
355 Views

Thanks for the reply!

 

I understand, I'd read a paper in which an evaluation of the SGX and PAVP was done and the researchers had built an application and configured it to use PAVP without HDCP as it is able to do this. Perhaps it's too complicated to do so.

 

While SGX is a nice idea, it was discontinued on all Core I line processors but kept on Xeon Server processors. It posed a security threat as there were multiple exploits which allowed an attacker to exploit the EPID private key by compromising an SGX Enclave and stealing the wrapped EPID key and the wrapping key. So because of this, it's a route I'd like to avoid if possible.

 

How about using Intel PXP, Protected Xe Path on 12th Generation and newer processors? Are there API's or SDK's which discuss how PXP can be used? It's described as a Protected Path and doesn't reference HDCP. I've seen the i915 Linux Graphics Driver for Intel GPU's and they have support for PXP. Just wondering if you know how to make use of this at all? I have both a Windows and Linux development and deployment environment.

 

James

0 Kudos
Reply