Quote:Original post by Yann L
The system I propose would entirely function in HW. In order to extract the decryption keys, one would have to RE the GPU itself, which is insanely expensive and complicated (or you need an insider at the GPU manufacturer, or hack the central registry servers, etc). Certainly not uncrackable, but much better than sending plain text high level shader code to the driver, which is an invitation to copy'n'paste.
Indeed. This is a couple orders of magnitude harder than the current situation, but I can imagine a sufficiently motivated hacker writing a simple kernel module to dump the decrypted executable from VRAM. Executable formats are well-documented and relatively easy to disassemble, so your code is still exposed.
Now, there are ways to stop this attack vector but it's a tradeoff between performance and complexity. Plain binary shaders would get you the most of the benefits for the least hassle.
I find it rather interesting that no IHV has managed to create a "binary shader" extension for general use, even though this is one of the most-requested features since 2003! There must be significant technical hurdles blocking binary shaders - I distinctly recall Ati bashing the D3D shader compiler and actually *undoing* its optimizations before passing it through its own optimizer. On the Khronos' side, the most recent attempt was in OpenGL ES 2.0 and is basically dead in the water (no driver I know of implements this).
There seems to be more to this than typical ARB incompetence.