Multimedia content must be protected against unauthorized access and distribution and thus needs protection. Qualcomm® provides a comprehensive content security through its hardware and firmware which allows users to seamlessly enjoy the latest premium content, at up to 4K Ultra HD resolution. The Content Protection feature on Qualcomm chipsets protects premium HD content based on the Qualcomm’s TrustZone (TZ) solution. TrustZone is a hardware based security system built into Qualcomm chipsets to provide secure end points and roots of trust. The different components involved in content protection are shown below. If there is encrypted content, a Secure Session is enabled at the Android multimedia framework after parsing at the DRM extractor. The data is decrypted in the hardware at TZ. The Android multimedia framework initiates/terminates a secure playback session with ION and video drivers. The video driver is responsible for communicating with the Android multimedia framework and hardware video decoder. The video driver is also responsible for loading and authenticating the firmware. ION is a memory management framework available in the Linux kernel. The ION framework is responsible for allocating and managing all the memory required for multimedia use cases. ION reduces Content Protection-specific changes in multimedia drivers by encapsulatingthe TZ interaction.
Initialization and encrypted content parsing occurs in steps 1 and 2. Steps 3 through 5 initializes the secure session and carves out secured multimedia memory. Input/output buffer allocations happen from steps 6 through 13. The content is decrypted and stored to a secured input buffer by TZ in steps 14 and 15. The content is then decoded and the data stored in output buffers in step 16. The display from secured output buffers happen from steps 17 through 20. The secure sessions of video driver and TZ are closed in steps 21 through 24.
Digital rights management (DRM) is a systematic approach to content protection for digital media. The purpose of DRM is to prevent unauthorized redistribution ofdigital media and restrict the ways consumers can copy content they’ve purchased. Qualcomm supports popular industry DRM solutions like PlayReady™ from Microsoft®, HDCP™ from Intel® and Google®’sWidevine™using hardware based access control.
We explore the Widevine implementation on APQ8084 based Inforce platforms in the next section.
Google’sWidevineDRM solution provides the capability to license, securely distribute and protect playback of content on consumer devices.Widevine is a combination of DASH – an open-source adaptive bitrate algorithm for streaming high quality media contentacross the internet, CENC – enables decryption using multiple DRM schemes and EME –allows content providers to design a single application solution for all devices.
Widevine DRM Security is not implemented in a single place in the stack, but instead relies on the integration of hardware, software, and services. The combination of hardware security functions, a trusted boot mechanism, and an isolated secure OS for handling security functions is critical to provide a secure device.The Widevine DRM plug-in integrates with Qualcomm’s (and many others’) hardware platform to leverage the available security capabilities. The level of security offered is determined by a combination of the security capabilities of the hardware platform and the integration with Android and the Widevine DRM plug-in. The different levels are shown below.
Level 2YesFactory provisioned Widevine KeysYesKeys never exposed in clear to host CPUClear Video streams delivered to decoder via an unprotected video path
|Security Level||Secure Bootloader||Widevine Key Provisioning||Security Hardware or ARM Trust Zone||Widevine Key-box and Video Key Processing||Hardware Video Path|
|Level 1||Yes||Factory provisioned Widevine Keys||Yes||Keys never exposed in clear to host CPU||Hardware protected video path|
|Level 2||Yes||Factory provisioned Widevine Keys||Yes||Keys never exposed in clear to host CPU||Clear Video streams delivered to decoder via an unprotected video path|
|Level 3||Yes*||Factory provisioned Widevine Keys||No||Clear keys exposed to host CPU||Clear Video streams delivered to decoder via an unprotected video path|
*Device implementations may use a trusted bootloader, where in the bootloader is authenticated via an OEM key stored on a system partition.
Customers who wantWidevine DRM security should have the required Widevine DASH DRM level 1 license from Google, and would help to bea Certified Widevine Implementation Partner (CWIP). Level 1 Security implementation is possible for such customers. In this implementation, only security hardware or a protected security co-processor uses the clear key values and the media content is decrypted by the secure hardware. The keys for Widevine DASH must be obtained from Google and stored securely on the device in the factory.
The Widevine DRM also requires a secure boot mechanism. A secure system foundation consists of the hardware platform and the critical code that executes on that platform. This foundation is built with an on-chip, tamper-resistant, ROM-based boot-up process that verifies the authenticity and integrity of critical code and data that controls the overall system operation.The customer must also ensure that the Linux kernel is signed. This is required to enable the detection of a tampered device. A device is considered tampered with if the Linux kernel is not signed. If a device has been tampered with, the Widevine APIs will not be functional. Inforce is capable of enabling Widevine Dash on all its APQ8084 based platforms.