I have been working with Davor for a while now. He is an experienced engineer. He is also a really great guy. He helped me more times than I can count.
Davor is a part of Security Windows Display Driver Team. That’s a mouthful, I know. In short, it has to do with ensuring graphics and media playback are secure from piracy and other prying eyes.
He is a busy guy, so he can be short on words sometimes. Although, when you manage to get him talking on a subject that he really likes, his eyes shine, and he is unstoppable. He takes time after hearing each question, thinks it through and makes sure his answers are precise and on point.
Q: What’s your background, past projects?
My background is versatile, almost 10 years of experience in variety of embedded technologies. The focus was mostly on digital television, but besides that there was a lot of work on operating systems such as Android, Linux…
Q: What type of tasks do you like working on?
I am motivated by large, complex systems, where you need to understand all the components and their relations. I like projects which give me freedom to experiment and implement my own ideas.
Q: And as a team lead, what are your goals?
I try to ensure relaxed atmosphere. If there is a pressure on a project, it should not affect developers. Also, I try to make sure that people get tasks that they enjoy. In return I expect from them to show responsibility in performing them. I was lucky to have a team of engineers that do just that.
Q: How did the change from digital television into security go for you?
In November last year, we started a journey in security with one of the lead GPU card producers. Focus was on security of media content playback. Beginnings were challenging. We had a short deadline, and not much experience in this area. Solid background in embedded was helpful and was a basis on which we built.
Q: Knowledge from which areas helped?
Computer architecture, basics of cryptography. It’s great when you get to apply cryptography theory on a concrete problem. Most of these algorithms are implemented in HW today, and to get to implement symmetrical and asymmetrical decryption schemes in software was a real treat.
Media content playback protection is also called Digital Rights Management, or shorter, DRM. It consists of implementing security protocols and algorithms that ensure media is correctly and safely decrypted. There are two main ways to implement it, in software and in hardware - appropriately called SW DRM and HW DRM.
Q: What was your team’s focus in this project?
The project was very interesting. Co-processor in charge of HW DRM calculations executes its own small OS. Although basic, this operating system contains all the necessary components – a scheduler, bootloader, synchronization… Current implementation of HW DRM was working directly with physical addresses. This hindered security and limited functionality. We were tasked with adding virtualization support to this OS. You don’t get an opportunity to do something like that often!
Q: What was the most interesting detail of the project?
What surprised me, was the speed with which driver code is evolving. Also, its sheer size, few gigabytes today. Its modular architecture and complexity were challenging to grasp. I am not sure I fully understand it even now. It was beneficial for us that media security touches all parts of the system, ensuring we don’t specialize in one area, but must work on the whole system.
Q: And how did it feel when it was done?
Looking back, it was a great learning experience. Working on a same product with thousands of developers, with large number of daily changes, all seeping into a single repository. This is all backed by great organizing skills and strict working protocols and code promotion rules, to ensure things don’t break.
So, you cannot just push your code and hope for the best. We had to do code promotion of new features in phases, which meant splitting the changes into meaningful parts and ensuring we don’t break any existing functionality. After this was done, QA testing showed few bugs. Actually, we fixed the last one on a day before the release, which made us bug-free just in time!
Q: What comes next?
We are starting work on new series of graphic cards. Also, we are tasked with designing and implementing support for another DRM technology from the ground up. This is a big challenge, but I am confident we are up to it.
Q: One of the top three trends in the embedded world this year is security. Would you agree?
I expect for HW components to take precedence in protection. As with DRM, there will be a separate, secure processor, with separate memory region, tasked with key manipulation and ensuring unencrypted data never leaves this region. I expect more media component producers to fulfill requests from big DRM clients – Microsoft, Apple, Google.
Q: Last year was marked by a deficit of security experts on a global level. Do you expect for this trend to continue?
Absolutely. Demands for security are increasing. As systems become more complex, they became more vulnerable. Companies and personal users alike have a high level of requirements for protection and privacy.
Media content protection is specific. Availability of content is large, there is prevalent piracy, but I believe companies like Amazon and Netflix are focusing on ensuring high level of protection on high quality content – 4K and HDR.