When you decode media with hardware decoding, you're depending on the security of the media decoding firmware / hardware and again IOMMU isolation to provide any kind of sandbox. You depend on the security of the CPU. When you go browse the web, running untrusted JavaScript code,
Conversation
Replying to
you are assuming that the CPU is actually capable of safely running that code without it gaining control over everything else. You're relying on the firmware / microcode / hardware security. A best case scenario is they designed it to update as much as possible after the fact.
1
5
Otherwise, a hardware vulnerability is found, and they are often found, and you're just screwed. We live in an time where serious game over bugs exploitable by JavaScript code are being published and fixed via microcode / firmware updates for CPUs and GPUs on a regular basis.
2
5
By the way, meant to attach this to an existing thread but I guess it's not all that bad as a standalone thread. Missing the context and points that I was making though about the attack surface exposed by GPUs, radios, etc. and the capabilities even without escaping isolation.
3
Replying to
Very true. All good points and most people have no idea, “hardware is hardware” seems to be the general approach
Replying to
Does that mean that hardware decoding should be disabled by default, or would that make for an unusable experience given the power consumption requirements?