HKG15-407: EME implementation in Chromium: Linaro Clear Key
5 likes4,603 views
The document provides an introduction to Encrypted Media Extensions (EME) and Content Decryption Modules (CDM), authored by Matt Snoby, a technical leader at Cisco. It discusses the functionalities and differences of CDMs compared to traditional DRM systems, highlights the benefits of using the Chromium browser for development, and offers guidance on starting with Linaro's Clear Key CDM. Additionally, it touches upon the creation of encrypted content and outlines future development directions for the Clear Key CDM.
HKG15-407: EME implementation in Chromium: Linaro Clear Key
- 1. Presented by Date Encrypted Media Extensions & Platform Content Decryption Modules, A quick start primerMatt Snoby Cisco Technical Leader Linaro Home Group February 2015
- 2. Who is this guy? Matt Snoby Cisco Technical Leader Linaro assignee 15 years of STB experience Conditional Access Nagravision, PowerKey, Digital Rights Management Intertrust, Verimatrix, VideoGuard, PlayReady Media, Apple HLS, Gstreamer plugins and pipelines matt.snoby@linaro.org snobym@cisco.com https://www.linkedin.com/in/mattsnoby
- 3. Introduction ● What is EME ● What is a CDM ● Why use the Chromium browser ● CDM & DRM ● PC CDM’s on embedded targets ● Linaro Clear Key CDM ● How to start development on your own CDM ● Creating test encrypted content ● Undocumented “features” ● What’s Next for Linaro Clear Key CDM?
- 4. EME Terminology ● EME - Encrypted Media Extensions ● DRM – Digital Rights Management ● Key Systems ● CDM – Content Decryption Module
- 5. What is a CDM? ● Provides the functionality on the target hardware to implement a key system. ● Key Systems can be (but are not limited to) a commercial DRM system or even a clear key
- 6. What is a CDM continued? ● Developed and customized for the platform. ● Does not have to be delivered with the browser. ● Runs out of the browser process space.
- 7. Why Chromium ● Leader in EME development ● Support ● Open Source
- 8. How is a CDM different than traditional DRMs? CDM Traditional DRM Authorization / pairing Done through the user agent (app) Factory or proprietary out of band methods Data Communication All traffic goes through the user agent (https) typically out of band direct from the DRM process to a secure server API’s Session based API’s proprietary Pairing reset user can delete and reset pairing data ( like resetting a cookie) user typically can not do this.
- 9. CrossCompiled PC CDM’s ● Why not use existing CDM’s for PC’s? o Embedded CPU power o No SOC accelerated decrypt § HW Block Decrypt o No SOC Buffer protection after decrypt § TrustZone
- 10. Linaro Clear Key CDM ● Why implement a Clear Key CDM ● Future development work
- 11. How to Start Development? • Pull tip of chromium • http://dev.chromium.org/developers/how-tos/get-the-code • Now build chrome • “ninja –C out/Debug chrome • Next build the external clear key • Remember to link in the cdmadapter code to your CDM code • “ninja –C out/Debug clearkeycdmadapter
- 12. How to Start Development cont • Javascript / HTML 5 app is located at: media/test/data/* Specifically eme_player.html and all the files under eme_player_js directory, • cp this whole directory to your webserver • cp media/test/data/* /var/www/chrome
- 13. Testing Start up chrome: out/Debug/chrome -‐-‐enable-‐logging=stderr -‐-‐v=1 -‐-‐register-‐pepper-‐plugins="out/Debug/ libclearkeycdmadapter.so#ClearKey CDM#ClearKey CDM0.1.0.0#0.1.0.0;application/x-‐ ppapi-‐clearkey-‐cdm" http://localhost/chrome/eme_player.html
- 14. 1.) URL of encrypted video 2.)Select External Clearkey 3.)Use the Prefixed EME API’s 4.) Play
- 15. Creating Content Convert an MP4 file to a webm file ffmpeg –v infile.mp4 –vcodec libvpx –acodec libvorbis –aq 5 –ac 2 –qmax 1 output.webm
- 16. Creating Content – now encryption Webm_crypt is the prgm to encrypt video stream: https://code.google.com/p/webm/ Now encrypt the video ./webm_crypt -‐i /home/snoby/out_3.webm -‐o /home/snoby/out_enc_3.webm base_secret.key base_secret.key is a binary 16byte file that holds the key you are encrypting with
- 17. Undocumented “features” • There is Decrypt method and DecryptandDecodeFrame method. • In the videoDecoderInitialize call return “kSessionError” to set CDM into Decrypt only mode. • When linking your CDM you MUST link in the cdmadapter code in the gypi files.
- 18. What’s next? ● Member board implementation o Hardware Block decryptor o Secure buffers with TrustZone o Send buffers to Gstreamer for decode
- 19. Questions?