BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
-
Upload
linaro -
Category
Technology
-
view
1.182 -
download
11
Transcript of BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
![Page 1: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/1.jpg)
Presented by
Date
Event
BKK16-201 - PlayReady OPTEE Integration with Secure Video Path
Zoltan Kuscsik, PhD
BKK16-201 March 8, 2016
Linaro Connect BKK16
![Page 2: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/2.jpg)
OverviewThe solution presented here integrates the following key components:
● W3C EME Working Draft● Microsoft® PlayReady® DRM Porting Kit v3.0● OP-TEE OS● OpenCDM/OpenCDMI● Chromium v45
![Page 3: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/3.jpg)
Updates since SFO15 ● Secure Data Path with OP TEE/Playready proof of
concept on STM B2120 in progress.● Secure Memory Allocator Framework (SMAF)
integration - work in progress.● EME with OP TEE on Hikey. We got
Wayland/Chromium finally working!● Moving to 4.5 Kernel and OP TEE master.● AES OCDMI publicly available.● Complete Playready TA implementation. We now
support the Playready Interface For TEE (PRiTEE).
![Page 4: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/4.jpg)
Supported boardsSTM B2120
96boards - HiKey
![Page 5: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/5.jpg)
Encrypted Media Extensions - Buffer decrypt
Browser CDMLoad TA / Init SessionNew session request
Send License Request
Update License Key
Update available keys
Allocate and Secure buffer using SMAF
Secure Buffer
DecryptDecrypt Buffer Encrypted Buf
PlayReadyTA
![Page 6: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/6.jpg)
EME SW stack - what can be open?
Chromium Android Framework
DRM HALOCDM Widevine PPAPI CDM
PlayReady CDMI
SMAF
OPTEE Kernel Driver
Linux Kernel
ClearKey CDMI
Closed Source
Open Source
Playready TA
SMAF TA
HDCP TA
Policy Manager (?)
ClearKey TA
TEE
OP TEE OS
![Page 7: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/7.jpg)
Secure Memory Allocation Framework - CMA Allocator
![Page 8: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/8.jpg)
Secure Memory Allocation Framework
![Page 9: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/9.jpg)
Secure Data Path
![Page 10: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/10.jpg)
Playready integration
PlayReady has a CDMi interface as part of the PlayReady’s DRM Licensed product. This CDMi component provided is very close to the one that is required by the open source OpenCDMi project.
The Linaro secure media solution is an end-to-end DRM solution with a PlayReady license server. The client receives PlayReady encrypted content and communicates with a PlayReady server to request and receive a license and keys required to decrypt the content. The licence request is generated by PlayReady encapsulated by the CDMi, passed up to the to HTML5 application which initiates the the licence acquisition from the Playready license servers.
![Page 11: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/11.jpg)
Open CDMBrowser
OCDM
CDMI Service
cdmi.h Interface for various key.
mock.drm ClearKey/OpenSSL CDM
PlayReady CDMI
RPC
ClearKeyOP TEE
The OpenCDM uses the platform’s native RPC system to separate the CDM from the browser. The project has two main components:
1) A browser specific CDM integration layer and the communication interfaces for the CDM.
2) A CDMi service implementation.
![Page 12: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/12.jpg)
Implementation overviewChromium External Clear Key
Linaro Clear Key CDM with SSL
Linaro Clear Key CDM with OPTEE
Linaro CDM with TEE
Linaro CDM with software Playready
Linaro CDM with HW Playready
PPAPI CDM Yes Yes Yes Yes Yes Yes
OpenCDM No Yes Yes Yes Yes Yes
OP TEE and TrustZone®
No No Yes Yes No Yes
PlayReady, other DRM support
No No No Yes Yes Yes
Compatibility ARMv7, ARMv8, x86
ARMv7, ARMv8, x86
ARMv7, ARMv8 ARMv7, ARMv8
ARMv7, ARMV8 ARMv7, ARMV8
HiKey Yes Yes Yes Yes Yes Yes (in development)
Dragonboard Yes Yes No No Yes No
![Page 13: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/13.jpg)
OpenSSL ClearKey CDM
● Works both on X86 and ARM Linux.
● Allows the testing and exercising the Open CDM implementation:
https://github.com/linaro-home/open-content-decryption-module-cdmi
● Upstreamed to OpenCDM project
![Page 14: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/14.jpg)
OP TEE ClearKey CDMI
● Needs OPTEE enabled HW with Chromium running
● ClearKey AES128 decryption in OP TEE:
https://github.com/kuscsik/optee-clearkey-cdmi
● Works with upstream OCDM
![Page 15: BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1](https://reader031.fdocuments.net/reader031/viewer/2022012404/587757991a28ab4e4f8b45a5/html5/thumbnails/15.jpg)
Links
● Playready: https://msdn.microsoft.com/en-us/library/windows/apps/mt429380.aspx
● OP TEE https://github.com/OP-TEE/optee_os
● Linaro OpenCDMhttps://github.com/kuscsik/linaro-cdmi