SlideShare a Scribd company logo

LAS16-406: Android Widevine on OP-TEE

Linaro, profile picture
Linaro

The document discusses the integration of Widevine DRM with OP-TEE for secure media playback on Android devices. It highlights the challenges of managing plaintext video data and key security within user and kernel spaces, and introduces OP-TEE as a solution to secure content. The presentation outlines the current status of implementing this technology, including necessary improvements and ongoing efforts to enhance security features.

Technology
1 of 28
Downloaded 78 times
1
2
3
4
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Android Widevine on OP-TEE David Brown
ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solutions ● Overview of Widevine
ENGINEERS AND DEVICES WORKING TOGETHER Motivation
ENGINEERS AND DEVICES WORKING TOGETHER Motivation ● Software playback ● Red arrow, bad! ● Creators sad, no HD
ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solutions ● Overview of Widevine
ENGINEERS AND DEVICES WORKING TOGETHER How not to do it? ● Plaintext video passes through userspace ● Find exploit in player, or many other things ● Root makes it trivial to get ● Notice the key is also in userspace ● This is bad
ENGINEERS AND DEVICES WORKING TOGETHER Can we do better?
ENGINEERS AND DEVICES WORKING TOGETHER ● Less is accessible ● Plaintext still in userspace ● Creators still sad Can we do better?
ENGINEERS AND DEVICES WORKING TOGETHER All plaintext in kernel?
ENGINEERS AND DEVICES WORKING TOGETHER All plaintext in kernel? ● Better, no plaintext in userspace ● Key still there ● Kernel is vulnerable
ENGINEERS AND DEVICES WORKING TOGETHER Key in kernel
ENGINEERS AND DEVICES WORKING TOGETHER Key in kernel ● All key/plaintext now in kernel ● Content protected from userspace ● Kernel exploits possible ● Creators still sad
ENGINEERS AND DEVICES WORKING TOGETHER OP-TEE ● ARM® TrustZone® ○ Trustable through boot into secure OS ○ Runs alongside Kernel ● GlobalPlatform TEE Specification ○ OP-TEE is our implementation ○ Allows trusted apps, and clients
ENGINEERS AND DEVICES WORKING TOGETHER OP-TEE
ENGINEERS AND DEVICES WORKING TOGETHER DRM in TEE
ENGINEERS AND DEVICES WORKING TOGETHER DRM in TEE ● Almost there, key is in TEE ● Plaintext video still available at end ● Providers still sad
ENGINEERS AND DEVICES WORKING TOGETHER One more thing ● We need a weird buffer ○ Accessible to secure side ○ Not readable by unsecure (even kernel) ○ Accessible by HW decoder ● SMAF ○ Secure memory allocator ○ TEE can decode into this memory ○ HW can play it back ● It’s tricky to get right, only certain HW should have access
ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solution ● Overview of Widevine
ENGINEERS AND DEVICES WORKING TOGETHER Keybox
ENGINEERS AND DEVICES WORKING TOGETHER Keybox
ENGINEERS AND DEVICES WORKING TOGETHER Content Key
ENGINEERS AND DEVICES WORKING TOGETHER Content Key
ENGINEERS AND DEVICES WORKING TOGETHER Content Key
ENGINEERS AND DEVICES WORKING TOGETHER Content Key
ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solution ● Overview of Widevine
ENGINEERS AND DEVICES WORKING TOGETHER Widevine ● CDM (content decryption module) for Android ● Specifics are for partners only ● Plugin based, we implement oemcrypto.so using our client lib and TA
ENGINEERS AND DEVICES WORKING TOGETHER Status ● Working on HiKey board ● OP-TEE available for Android AOSP ● We have a liboemcrypto.so and TA for Widevine CDM ● Several security things missing ○ No trusted boot chain, TEE could be modified (HiKey issue) ○ SMAF not yet supported (patches in progress) https://lkml.org/lkml/2016/9/7/133 ○ No HW video playback, buffers still need to be visible to software (HiKey work in progress)
Thank You #LAS16 For further information: www.linaro.org LAS16 keynotes and videos on: connect.linaro.org

More Related Content

PDF
HKG18-203 - Overview of Linaro DRM
Linaro
 
PDF
SFO15-503: Secure storage in OP-TEE
Linaro
 
PDF
Lcu14 107- op-tee on ar mv8
Linaro
 
PDF
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
PDF
Secure storage updates - SFO17-309
Linaro
 
PDF
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
PDF
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
PDF
SFO15-200: Linux kernel generic TEE driver
Linaro
 
HKG18-203 - Overview of Linaro DRM
Linaro
 
SFO15-503: Secure storage in OP-TEE
Linaro
 
Lcu14 107- op-tee on ar mv8
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Secure storage updates - SFO17-309
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
SFO15-200: Linux kernel generic TEE driver
Linaro
 

What's hot (20)

PDF
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
Linaro
 
PDF
LCA14: LCA14-502: The way to a generic TrustZone® solution
Linaro
 
PDF
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
PDF
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
PDF
LCU14 500 ARM Trusted Firmware
Linaro
 
PDF
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
PDF
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
The Linux Foundation
 
PDF
Trusted firmware deep_dive_v1.0_
Linaro
 
PDF
OpenWrt From Top to Bottom
Kernel TLV
 
PPT
U Boot or Universal Bootloader
Satpal Parmar
 
PDF
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 
PDF
BUD17-400: Secure Data Path with OPTEE
Linaro
 
ODP
Embedded Android : System Development - Part III
Emertxe Information Technologies Pvt Ltd
 
PDF
Linux device drivers
Emertxe Information Technologies Pvt Ltd
 
PDF
LCU13: An Introduction to ARM Trusted Firmware
Linaro
 
PDF
Linux kernel
Mahmoud Shiri Varamini
 
PDF
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
96Boards
 
PDF
A Journey to Boot Linux on Raspberry Pi
Jian-Hong Pan
 
PDF
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
PDF
Linux Internals - Interview essentials 4.0
Emertxe Information Technologies Pvt Ltd
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
Linaro
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
LCU14 500 ARM Trusted Firmware
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
The Linux Foundation
 
Trusted firmware deep_dive_v1.0_
Linaro
 
OpenWrt From Top to Bottom
Kernel TLV
 
U Boot or Universal Bootloader
Satpal Parmar
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 
BUD17-400: Secure Data Path with OPTEE
Linaro
 
Embedded Android : System Development - Part III
Emertxe Information Technologies Pvt Ltd
 
Linux device drivers
Emertxe Information Technologies Pvt Ltd
 
LCU13: An Introduction to ARM Trusted Firmware
Linaro
 
Linux kernel
Mahmoud Shiri Varamini
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
96Boards
 
A Journey to Boot Linux on Raspberry Pi
Jian-Hong Pan
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
Linux Internals - Interview essentials 4.0
Emertxe Information Technologies Pvt Ltd
 
Ad

Viewers also liked (20)

PDF
LAS16-504: Secure Storage updates in OP-TEE
Linaro
 
PDF
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
ODP
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
PDF
[Nemus]All About Chromecast
Nemus
 
PDF
Q4.11: Using GCC Auto-Vectorizer
Linaro
 
PDF
Q4.11: NEON Intrinsics
Linaro
 
PDF
Moving NEON to 64 bits
Chiou-Nan Chen
 
PDF
64-bit Android
Chiou-Nan Chen
 
PPTX
GCC for ARMv8 Aarch64
Yi-Hsiu Hsu
 
PDF
Software, Over the Air (SOTA) for Automotive Grade Linux (AGL)
Leon Anavi
 
PPTX
Introduction to armv8 aarch64
Yi-Hsiu Hsu
 
PDF
LAS16-407: Internet of Tiny Linux (IoTL): the sequel.
Linaro
 
PDF
LAS16-TR04: Using tracing to tune and optimize EAS (English)
Linaro
 
PDF
LAS16-306: Exploring the Open Trusted Protocol
Linaro
 
PPTX
Arm v8 instruction overview android 64 bit briefing
Merck Hung
 
PDF
LAS16-307: Benchmarking Schedutil in Android
Linaro
 
PDF
HKG15-409: ARM Hibernation enablement on SoCs - a case study
Linaro
 
PDF
BUD17-DF15 - Optimized Android N MR1 + 4.9 Kernel
Linaro
 
PDF
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
The Linux Foundation
 
PDF
LAS16-403: GDB Linux Kernel Awareness
Linaro
 
LAS16-504: Secure Storage updates in OP-TEE
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
[Nemus]All About Chromecast
Nemus
 
Q4.11: Using GCC Auto-Vectorizer
Linaro
 
Q4.11: NEON Intrinsics
Linaro
 
Moving NEON to 64 bits
Chiou-Nan Chen
 
64-bit Android
Chiou-Nan Chen
 
GCC for ARMv8 Aarch64
Yi-Hsiu Hsu
 
Software, Over the Air (SOTA) for Automotive Grade Linux (AGL)
Leon Anavi
 
Introduction to armv8 aarch64
Yi-Hsiu Hsu
 
LAS16-407: Internet of Tiny Linux (IoTL): the sequel.
Linaro
 
LAS16-TR04: Using tracing to tune and optimize EAS (English)
Linaro
 
LAS16-306: Exploring the Open Trusted Protocol
Linaro
 
Arm v8 instruction overview android 64 bit briefing
Merck Hung
 
LAS16-307: Benchmarking Schedutil in Android
Linaro
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
Linaro
 
BUD17-DF15 - Optimized Android N MR1 + 4.9 Kernel
Linaro
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
The Linux Foundation
 
LAS16-403: GDB Linux Kernel Awareness
Linaro
 
Ad

More from Linaro (20)

PDF
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
PDF
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Linaro
 
PDF
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
PDF
Bud17 113: distribution ci using qemu and open qa
Linaro
 
PDF
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
PDF
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
PDF
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
PDF
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
PDF
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
PDF
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
PDF
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
PDF
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
PDF
HKG18-318 - OpenAMP Workshop
Linaro
 
PDF
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
PDF
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
PDF
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
PDF
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
PPTX
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
PPTX
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 
PDF
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
Linaro
 
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Linaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
Bud17 113: distribution ci using qemu and open qa
Linaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
HKG18-318 - OpenAMP Workshop
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
Linaro
 

Recently uploaded (20)

PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
August Patch Tuesday
Ivanti
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
August Patch Tuesday
Ivanti
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
What is a Computer? Input Devices /output devices
GulJan8
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 

LAS16-406: Android Widevine on OP-TEE