Multimedia content must be protected against unauthorized access and distribution and thus needs protection. Qualcomm provides a comprehensive content security through its hardware and firmware which allows users to seamlessly enjoy the latest premium content, at up to 4K Ultra HD resolution.
The Content Protection feature on Qualcomm chipsets protects premium HD content based on the Qualcomm’s TrustZone (TZ) solution. TrustZone is a hardware based security system built into Qualcomm chipsets to provide secure end points and roots of trust. The different components involved in content protection are shown below. If there is encrypted content, a Secure Session is enabled at the Android multimedia framework after parsing at the DRM extractor. The data is decrypted in the hardware at TZ. The Android multimedia framework initiates/terminates a secure playback session with ION and video drivers. The video driver is responsible for communicating with the Android multimedia framework and hardware video decoder. The video driver is also responsible for loading and authenticating the firmware. ION is a memory management framework available in the Linux kernel. The ION framework is responsible for allocating and managing all the memory required for multimedia use cases. ION reduces Content Protection-specific changes in multimedia drivers by encapsulating the TZ interaction.
Initialization and encrypted content parsing occurs in steps 1 and 2. Steps 3 through 5 initializes the secure session and carves out secured multimedia memory. Input/output buffer allocations happen from steps 6 through 13. The content is decrypted and stored to a secured input buffer by TZ in steps 14 and 15. The content is then decoded and the data stored in output buffers in step 16. The display from secured output buffers happen from steps 17 through 20. The secure sessions of video driver and TZ are closed in steps 21 through 24.
Digital rights management (DRM) is a systematic approach to content protection for digital media. The purpose of DRM is to prevent unauthorized redistribution of digital media and restrict the ways consumers can copy content they’ve purchased. Qualcomm supports popular industry DRM solutions like PlayReady from Microsoft, HDCP from Intel and Google’s Widevine using hardware based access control.
We explore the Widevine implementation on Inforce platforms in the next section.
Google’s Widevine DRM solution provides the capability to license, securely distribute and protect playback of content on consumer devices. Widevine is a combination of DASH – an open-source adaptive bitrate algorithm for streaming high quality media content across the internet, CENC – enables decryption using multiple DRM schemes and EME – allows content providers to design a single application solution for all devices.
Widevine DRM Security is not implemented in a single place in the stack, but instead relies on the integration of hardware, software, and services. The combination of hardware security functions, a trusted boot mechanism, and an isolated secure OS for handling security functions is critical to provide a secure device. The Widevine DRM plugin integrates with Qualcomm’s (and many others’) hardware platform to leverage the available security capabilities. The level of security offered is determined by a combination of the security capabilities of the hardware platform and the integration with Android and the Widevine DRM plugin. The different levels are shown below.
|Security Level||Secure Bootloader||Widevine Key Provisioning||Security Hardware or ARM Trust Zone||Widevine Key-box and Video Key Processing||Hardware Video Path|
|Level 1||Yes||Factory provisioned Widevine Keys||Yes||Keys never exposed in clear to host CPU||Hardware protected video path|
|Level 2||Yes||Factory provisioned Widevine Keys||Yes||Keys never exposed in clear to host CPU||Clear Video streams delivered to decoder via an unprotected video path|
|Level 3||Yes*||Factory provisioned Widevine Keys||No||Clear keys exposed to host CPU||Clear Video streams delivered to decoder via an unprotected video path|
*Device implementations may use a trusted bootloader, where in the bootloader is authenticated via an OEM key stored on a system partition.
Customers who want Widevine DRM security should have the required Widevine DASH DRM level 1 license from Google, and would help to be a Certified Widevine Implementation Partner (CWIP). Level 1 Security implementation is possible for such customers. In this implementation, only security hardware or a protected security co-processor uses the clear key values and the media content is decrypted by the secure hardware. The keys for Widevine DASH must be obtained from Google and stored securely on the device in the factory.
The Widevine DRM also requires a secure boot mechanism. A secure system foundation consists of the hardware platform and the critical code that executes on that platform. This foundation is built with an on-chip, tamper-resistant, ROM-based boot-up process that verifies the authenticity and integrity of critical code and data that controls the overall system operation. The customer must also ensure that the Linux kernel is signed. This is required to enable the detection of a tampered device. A device is considered tampered with if the Linux kernel is not signed. If a device has been tampered with, the Widevine APIs will not be functional. Inforce is capable of enabling Widevine Dash on all its platforms.