LAS16-406: Android Widevine on OP-TEE

6 likes•2,041 views

The document discusses the integration of Widevine DRM with OP-TEE for secure media playback on Android devices. It highlights the challenges of managing plaintext video data and key security within user and kernel spaces, and introduces OP-TEE as a solution to secure content. The presentation outlines the current status of implementing this technology, including necessary improvements and ongoing efforts to enhance security features.

Technology

More Related Content

PDF

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro

ODP

Introduction to Optee (26 may 2016)Yannick Gicquel

PDF

HKG18-203 - Overview of Linaro DRMLinaro

PDF

BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1Linaro

PDF

Lcu14 107- op-tee on ar mv8Linaro

PDF

LCU14 302- How to port OP-TEE to another platformLinaro

PDF

TEE - kernel support is now upstream. What this means for open source securityLinaro

PDF

LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro

Introduction to Optee (26 may 2016)Yannick Gicquel

HKG18-203 - Overview of Linaro DRMLinaro

BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1Linaro

Lcu14 107- op-tee on ar mv8Linaro

LCU14 302- How to port OP-TEE to another platformLinaro

TEE - kernel support is now upstream. What this means for open source securityLinaro

LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro

What's hot (20)

PDF

HKG18-113- Secure Data Path work with i.MX8MLinaro

PDF

LCU14-103: How to create and run Trusted Applications on OP-TEELinaro

PDF

SFO15-503: Secure storage in OP-TEELinaro

PDF

HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro

PDF

HKG18-402 - Build secure key management services in OP-TEELinaro

PDF

Embedded Android : System Development - Part IVEmertxe Information Technologies Pvt Ltd

PDF

Lcu14 306 - OP-TEE Future EnhancementsLinaro

PDF

Embedded Linux Kernel - Build your custom kernelEmertxe Information Technologies Pvt Ltd

PDF

Embedded Android : System Development - Part II (Linux device drivers)Emertxe Information Technologies Pvt Ltd

PDF

U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd

PDF

Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro

PDF

LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro

PDF

U boot-boot-flowBabuSubashChandar Chandra Mohan

ODP

Q4.11: Porting Android to new PlatformsLinaro

PDF

SFO15-200: Linux kernel generic TEE driverLinaro

PDF

LCA14: LCA14-418: Testing a secure frameworkLinaro

PDF

BUD17-416: Benchmark and profiling in OP-TEE Linaro

PDF

SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMLinaro

PDF

Secure storage updates - SFO17-309Linaro

PDF

LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro

HKG18-113- Secure Data Path work with i.MX8MLinaro

LCU14-103: How to create and run Trusted Applications on OP-TEELinaro

SFO15-503: Secure storage in OP-TEELinaro

HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro

HKG18-402 - Build secure key management services in OP-TEELinaro

Embedded Android : System Development - Part IVEmertxe Information Technologies Pvt Ltd

Lcu14 306 - OP-TEE Future EnhancementsLinaro

Embedded Linux Kernel - Build your custom kernelEmertxe Information Technologies Pvt Ltd

Embedded Android : System Development - Part II (Linux device drivers)Emertxe Information Technologies Pvt Ltd

U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd

Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro

LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro

U boot-boot-flowBabuSubashChandar Chandra Mohan

Q4.11: Porting Android to new PlatformsLinaro

SFO15-200: Linux kernel generic TEE driverLinaro

LCA14: LCA14-418: Testing a secure frameworkLinaro

BUD17-416: Benchmark and profiling in OP-TEE Linaro

SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMLinaro

Secure storage updates - SFO17-309Linaro

LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro

Viewers also liked (19)

PDF

LAS16-504: Secure Storage updates in OP-TEELinaro

PDF

[Nemus]All About ChromecastNemus

PDF

Q4.11: Using GCC Auto-VectorizerLinaro

PDF

Q4.11: NEON IntrinsicsLinaro

PDF

Moving NEON to 64 bitsChiou-Nan Chen

PDF

64-bit AndroidChiou-Nan Chen

PPTX

GCC for ARMv8 Aarch64Yi-Hsiu Hsu

PDF

Software, Over the Air (SOTA) for Automotive Grade Linux (AGL)Leon Anavi

PPTX

Introduction to armv8 aarch64Yi-Hsiu Hsu

PDF

LAS16-407: Internet of Tiny Linux (IoTL): the sequel.Linaro

PDF

LAS16-TR04: Using tracing to tune and optimize EAS (English)Linaro

PDF

LAS16-306: Exploring the Open Trusted ProtocolLinaro

PPTX

Arm v8 instruction overview android 64 bit briefingMerck Hung

PDF

LAS16-307: Benchmarking Schedutil in AndroidLinaro

PDF

HKG15-409: ARM Hibernation enablement on SoCs - a case studyLinaro

PDF

BUD17-DF15 - Optimized Android N MR1 + 4.9 KernelLinaro

PDF

XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMThe Linux Foundation

PDF

LAS16-403: GDB Linux Kernel AwarenessLinaro

PDF

LAS16-500: The Rise and Fall of Assembler and the VGIC from HellLinaro

LAS16-504: Secure Storage updates in OP-TEELinaro

[Nemus]All About ChromecastNemus

Q4.11: Using GCC Auto-VectorizerLinaro

Q4.11: NEON IntrinsicsLinaro

Moving NEON to 64 bitsChiou-Nan Chen

64-bit AndroidChiou-Nan Chen

GCC for ARMv8 Aarch64Yi-Hsiu Hsu

Software, Over the Air (SOTA) for Automotive Grade Linux (AGL)Leon Anavi

Introduction to armv8 aarch64Yi-Hsiu Hsu

LAS16-407: Internet of Tiny Linux (IoTL): the sequel.Linaro

LAS16-TR04: Using tracing to tune and optimize EAS (English)Linaro

LAS16-306: Exploring the Open Trusted ProtocolLinaro

Arm v8 instruction overview android 64 bit briefingMerck Hung

LAS16-307: Benchmarking Schedutil in AndroidLinaro

HKG15-409: ARM Hibernation enablement on SoCs - a case studyLinaro

BUD17-DF15 - Optimized Android N MR1 + 4.9 KernelLinaro

XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMThe Linux Foundation

LAS16-403: GDB Linux Kernel AwarenessLinaro

LAS16-500: The Rise and Fall of Assembler and the VGIC from HellLinaro

More from Linaro (20)

PDF

Deep Learning Neural Network Acceleration at the Edge - Andrea GalloLinaro

PDF

Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaLinaro

PDF

Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraLinaro

PDF

Bud17 113: distribution ci using qemu and open qaLinaro

PDF

OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018Linaro

PDF

HPC network stack on ARM - Linaro HPC Workshop 2018Linaro

PDF

It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...Linaro

PDF

Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro

PDF

Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Linaro

PDF

Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Linaro

PDF

HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro

PDF

HKG18-100K1 - George Grey: Opening KeynoteLinaro

PDF

HKG18-318 - OpenAMP WorkshopLinaro

PDF

HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro

PDF

HKG18-315 - Why the ecosystem is a wonderful thing, warts and allLinaro

PDF

HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro

PDF

HKG18-TR08 - Upstreaming SVE in QEMULinaro

PPTX

HKG18-120 - Devicetree Schema Documentation and Validation Linaro

PPTX

HKG18-223 - Trusted FirmwareM: Trusted bootLinaro

PDF

HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea GalloLinaro

Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaLinaro

Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraLinaro

Bud17 113: distribution ci using qemu and open qaLinaro

OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018Linaro

HPC network stack on ARM - Linaro HPC Workshop 2018Linaro

It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...Linaro

Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro

Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Linaro

Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Linaro

HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro

HKG18-100K1 - George Grey: Opening KeynoteLinaro

HKG18-318 - OpenAMP WorkshopLinaro

HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro

HKG18-315 - Why the ecosystem is a wonderful thing, warts and allLinaro

HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro

HKG18-TR08 - Upstreaming SVE in QEMULinaro

HKG18-120 - Devicetree Schema Documentation and Validation Linaro

HKG18-223 - Trusted FirmwareM: Trusted bootLinaro

HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...Linaro

Recently uploaded (20)

PDF

Economic Impact of Data Centres to the Malaysian Economyflintglobalapac

PDF

Software Development Methodologies in 2025KodekX

PDF

Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...Sandesh Rao

PPTX

Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...AndreeaTom

PDF

Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...Sandesh Rao

PDF

CIFDAQ's Market Wrap : Bears Back in Control?CIFDAQ

PPTX

AI in Daily Life: How Artificial Intelligence Helps Us Every Dayvanshrpatil7

PDF

Orbitly Pitch Deck｜A Mission-Driven Platform for Side Project Collaboration (...zz41354899

PDF

The Future of Artificial Intelligence (AI)Mukul

PDF

Structs to JSON: How Go Powers REST APIsEmily Achieng

PDF

Presentation about Hardware and Software in Computersnehamodhawadiya

PDF

Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdfPrecisely

PDF

The Future of Mobile Is Context-Aware—Are You Ready?iProgrammer Solutions Private Limited

PDF

A Strategic Analysis of the MVNO Wave in Emerging Markets.pdfIPLOOK Networks

PDF

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

PDF

Automating ArcGIS Content Discovery with FME: A Real World Use CaseSafe Software

PDF

Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGISSafe Software

PDF

Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdfCA Suvidha Chaplot

PDF

Trying to figure out MCP by actually building an app from scratch with open s...Julien SIMON

PDF

AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdfArtjoker Software Development Company

Economic Impact of Data Centres to the Malaysian Economyflintglobalapac

Software Development Methodologies in 2025KodekX

Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...Sandesh Rao

Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...AndreeaTom

Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...Sandesh Rao

CIFDAQ's Market Wrap : Bears Back in Control?CIFDAQ

AI in Daily Life: How Artificial Intelligence Helps Us Every Dayvanshrpatil7

Orbitly Pitch Deck｜A Mission-Driven Platform for Side Project Collaboration (...zz41354899

The Future of Artificial Intelligence (AI)Mukul

Structs to JSON: How Go Powers REST APIsEmily Achieng

Presentation about Hardware and Software in Computersnehamodhawadiya

Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdfPrecisely

The Future of Mobile Is Context-Aware—Are You Ready?iProgrammer Solutions Private Limited

A Strategic Analysis of the MVNO Wave in Emerging Markets.pdfIPLOOK Networks

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

Automating ArcGIS Content Discovery with FME: A Real World Use CaseSafe Software

Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGISSafe Software

Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdfCA Suvidha Chaplot

Trying to figure out MCP by actually building an app from scratch with open s...Julien SIMON

AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdfArtjoker Software Development Company

LAS16-406: Android Widevine on OP-TEE

1. Android Widevine on OP-TEE David Brown

2. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solutions ● Overview of Widevine

3. ENGINEERS AND DEVICES WORKING TOGETHER Motivation

4. ENGINEERS AND DEVICES WORKING TOGETHER Motivation ● Software playback ● Red arrow, bad! ● Creators sad, no HD

5. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solutions ● Overview of Widevine

6. ENGINEERS AND DEVICES WORKING TOGETHER How not to do it? ● Plaintext video passes through userspace ● Find exploit in player, or many other things ● Root makes it trivial to get ● Notice the key is also in userspace ● This is bad

7. ENGINEERS AND DEVICES WORKING TOGETHER Can we do better?

8. ENGINEERS AND DEVICES WORKING TOGETHER ● Less is accessible ● Plaintext still in userspace ● Creators still sad Can we do better?

9. ENGINEERS AND DEVICES WORKING TOGETHER All plaintext in kernel?

10. ENGINEERS AND DEVICES WORKING TOGETHER All plaintext in kernel? ● Better, no plaintext in userspace ● Key still there ● Kernel is vulnerable

11. ENGINEERS AND DEVICES WORKING TOGETHER Key in kernel

12. ENGINEERS AND DEVICES WORKING TOGETHER Key in kernel ● All key/plaintext now in kernel ● Content protected from userspace ● Kernel exploits possible ● Creators still sad

13. ENGINEERS AND DEVICES WORKING TOGETHER OP-TEE ● ARM® TrustZone® ○ Trustable through boot into secure OS ○ Runs alongside Kernel ● GlobalPlatform TEE Specification ○ OP-TEE is our implementation ○ Allows trusted apps, and clients

14. ENGINEERS AND DEVICES WORKING TOGETHER OP-TEE

15. ENGINEERS AND DEVICES WORKING TOGETHER DRM in TEE

16. ENGINEERS AND DEVICES WORKING TOGETHER DRM in TEE ● Almost there, key is in TEE ● Plaintext video still available at end ● Providers still sad

17. ENGINEERS AND DEVICES WORKING TOGETHER One more thing ● We need a weird buffer ○ Accessible to secure side ○ Not readable by unsecure (even kernel) ○ Accessible by HW decoder ● SMAF ○ Secure memory allocator ○ TEE can decode into this memory ○ HW can play it back ● It’s tricky to get right, only certain HW should have access

18. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solution ● Overview of Widevine

19. ENGINEERS AND DEVICES WORKING TOGETHER Keybox

20. ENGINEERS AND DEVICES WORKING TOGETHER Keybox

21. ENGINEERS AND DEVICES WORKING TOGETHER Content Key

22. ENGINEERS AND DEVICES WORKING TOGETHER Content Key

23. ENGINEERS AND DEVICES WORKING TOGETHER Content Key

24. ENGINEERS AND DEVICES WORKING TOGETHER Content Key

25. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Motivations ● How not to do it ● OP-TEE ● General solution ● Overview of Widevine

26. ENGINEERS AND DEVICES WORKING TOGETHER Widevine ● CDM (content decryption module) for Android ● Specifics are for partners only ● Plugin based, we implement oemcrypto.so using our client lib and TA

27. ENGINEERS AND DEVICES WORKING TOGETHER Status ● Working on HiKey board ● OP-TEE available for Android AOSP ● We have a liboemcrypto.so and TA for Widevine CDM ● Several security things missing ○ No trusted boot chain, TEE could be modified (HiKey issue) ○ SMAF not yet supported (patches in progress) https://lkml.org/lkml/2016/9/7/133 ○ No HW video playback, buffers still need to be visible to software (HiKey work in progress)

28. Thank You #LAS16 For further information: www.linaro.org LAS16 keynotes and videos on: connect.linaro.org