Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module)...
Transcript of Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module)...
![Page 1: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/1.jpg)
Android Widevine on OP-TEEDavid Brown
![Page 2: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/2.jpg)
ENGINEERS AND DEVICES
WORKING TOGETHER
Agenda● Motivations
● How not to do it
● OP-TEE
● General solutions
● Overview of Widevine
![Page 3: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/3.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Motivation
![Page 4: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/4.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Motivation
● Software playback● Red arrow, bad!● Creators sad, no HD
![Page 5: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/5.jpg)
ENGINEERS AND DEVICES
WORKING TOGETHER
Agenda● Motivations
● How not to do it
● OP-TEE
● General solutions
● Overview of Widevine
![Page 6: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/6.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
How not to do it?● Plaintext video passes through userspace
● Find exploit in player, or many other things
● Root makes it trivial to get
● Notice the key is also in userspace
● This is bad
![Page 7: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/7.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Can we do better?
![Page 8: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/8.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
● Less is accessible
● Plaintext still in userspace
● Creators still sad
Can we do better?
![Page 9: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/9.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
All plaintext in kernel?
![Page 10: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/10.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
All plaintext in kernel?● Better, no plaintext in userspace
● Key still there
● Kernel is vulnerable
![Page 11: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/11.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Key in kernel
![Page 12: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/12.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Key in kernel● All key/plaintext now in kernel
● Content protected from userspace
● Kernel exploits possible
● Creators still sad
![Page 13: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/13.jpg)
ENGINEERS AND DEVICES
WORKING TOGETHER
OP-TEE● ARM® TrustZone®
○ Trustable through boot into secure OS○ Runs alongside Kernel
● GlobalPlatform TEE Specification○ OP-TEE is our implementation○ Allows trusted apps, and clients
![Page 14: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/14.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
OP-TEE
![Page 15: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/15.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
DRM in TEE
![Page 16: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/16.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
DRM in TEE● Almost there, key is in TEE
● Plaintext video still available at end
● Providers still sad
![Page 17: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/17.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
One more thing● We need a weird buffer
○ Accessible to secure side○ Not readable by unsecure (even kernel)○ Accessible by HW decoder
● SMAF○ Secure memory allocator○ TEE can decode into this memory○ HW can play it back
● It’s tricky to get right, only certain HW should have access
![Page 18: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/18.jpg)
ENGINEERS AND DEVICES
WORKING TOGETHER
Agenda● Motivations
● How not to do it
● OP-TEE
● General solution
● Overview of Widevine
![Page 19: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/19.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Keybox
![Page 20: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/20.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Keybox
![Page 21: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/21.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Content Key
![Page 22: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/22.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Content Key
![Page 23: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/23.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Content Key
![Page 24: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/24.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Content Key
![Page 25: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/25.jpg)
ENGINEERS AND DEVICES
WORKING TOGETHER
Agenda● Motivations
● How not to do it
● OP-TEE
● General solution
● Overview of Widevine
![Page 26: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/26.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Widevine● CDM (content decryption module) for Android
● Specifics are for partners only
● Plugin based, we implement oemcrypto.so using our client lib and TA
![Page 27: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/27.jpg)
ENGINEERS AND DEVICESWORKING TOGETHER
Status● Working on HiKey board
● OP-TEE available for Android AOSP
● We have a liboemcrypto.so and TA for Widevine CDM
● Several security things missing○ No trusted boot chain, TEE could be modified (HiKey issue)
○ SMAF not yet supported (patches in progress)https://lkml.org/lkml/2016/9/7/133
○ No HW video playback, buffers still need to be visible to software (HiKey work in progress)
![Page 28: Android Widevine on OP-TEE - Linaro · 2020. 9. 24. · Widevine CDM (content decryption module) for Android Specifics are for partners only Plugin based, we implement oemcrypto.so](https://reader036.fdocuments.net/reader036/viewer/2022062610/6110ce4e1c2a493cd2683d22/html5/thumbnails/28.jpg)
Thank You
#LAS16For further information: www.linaro.org
LAS16 keynotes and videos on: connect.linaro.org