HKG15-407: EME implementation in Chromium: Linaro Clear Key
---------------------------------------------------
Speaker: Matt Snoby
Date: February 12, 2015
---------------------------------------------------
★ Session Summary ★
An example of a key system from a Clear Key point of view. Linaro implemented a sample CDM plugin for Chromium capable to exercise the EME implementation of the browser. The presentation gives an insight to the EME/CDM implementation in Chromium and the guidelines to integrating various DRM systems. We will present call flows with example classes, experiences learned, and example of things to watch out for.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250835
Video: https://www.youtube.com/watch?v=dJqCbTfKrMk
Etherpad: http://pad.linaro.org/p/hkg15-407
Also see: http://www.slideshare.net/linaroorg/hkg15407-eme-implementation-in-chromium-linaro-clear-key
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
2. Who is this guy?
Matt Snoby
Cisco Technical Leader
Linaro assignee
15 years of STB experience
Conditional Access
Nagravision, PowerKey,
Digital Rights Management
Intertrust, Verimatrix, VideoGuard, PlayReady
Media,
Apple HLS, Gstreamer plugins and pipelines
matt.snoby@linaro.org
snobym@cisco.com
https://www.linkedin.com/in/mattsnoby
3. Introduction
● What is EME
● What is a CDM
● Why use the Chromium browser
● CDM & DRM
● PC CDM’s on embedded targets
● Linaro Clear Key CDM
● How to start development on your own CDM
● Creating test encrypted content
● Undocumented “features”
● What’s Next for Linaro Clear Key CDM?
4. EME Terminology
● EME - Encrypted Media Extensions
● DRM – Digital Rights Management
● Key Systems
● CDM – Content Decryption Module
5. What is a CDM?
● Provides the functionality on the target
hardware to implement a key system.
● Key Systems can be (but are not limited to) a
commercial DRM system or even a clear key
6. What is a CDM continued?
● Developed and customized for the platform.
● Does not have to be delivered with the
browser.
● Runs out of the browser process space.
8. How is a CDM different than traditional DRMs?
CDM Traditional DRM
Authorization / pairing Done through the user
agent (app)
Factory or proprietary out of
band methods
Data Communication All traffic goes through the
user agent (https)
typically out of band direct
from the DRM process to a
secure server
API’s Session based API’s proprietary
Pairing reset user can delete and reset
pairing data ( like resetting a
cookie)
user typically can not do
this.
9. CrossCompiled PC CDM’s
● Why not use existing CDM’s for PC’s?
o Embedded CPU power
o No SOC accelerated decrypt
§ HW Block Decrypt
o No SOC Buffer protection after decrypt
§ TrustZone
10. Linaro Clear Key CDM
● Why implement a Clear Key CDM
● Future development work
11. How to Start Development?
• Pull tip of chromium
• http://dev.chromium.org/developers/how-tos/get-the-code
• Now build chrome
• “ninja –C out/Debug chrome
• Next build the external clear key
• Remember to link in the cdmadapter code to your
CDM code
• “ninja –C out/Debug clearkeycdmadapter
12. How to Start Development cont
• Javascript / HTML 5 app is located at:
media/test/data/*
Specifically eme_player.html and all the files
under eme_player_js directory,
• cp this whole directory to your webserver
• cp media/test/data/* /var/www/chrome
14. 1.) URL of encrypted video
2.)Select External Clearkey
3.)Use the Prefixed EME API’s
4.) Play
15. Creating Content
Convert an MP4 file to a webm file
ffmpeg
–v
infile.mp4
–vcodec
libvpx
–acodec
libvorbis
–aq
5
–ac
2
–qmax
1
output.webm
16. Creating Content – now encryption
Webm_crypt is the prgm to encrypt video
stream:
https://code.google.com/p/webm/
Now encrypt the video
./webm_crypt
-‐i
/home/snoby/out_3.webm
-‐o
/home/snoby/out_enc_3.webm
base_secret.key
base_secret.key is a binary 16byte file that holds the key you are
encrypting with
17. Undocumented “features”
• There is Decrypt method and DecryptandDecodeFrame
method.
• In the videoDecoderInitialize call return “kSessionError” to set
CDM into Decrypt only mode.
• When linking your CDM you MUST link in the cdmadapter
code in the gypi files.
18. What’s next?
● Member board implementation
o Hardware Block decryptor
o Secure buffers with TrustZone
o Send buffers to Gstreamer for decode