Linaro, profile picture
Uploaded byLinaro
PDF, PPTX2,948 views

BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1

The document presents the integration of various components for secure video delivery, focusing on Microsoft® PlayReady® DRM and OP-TEE as part of the Linaro secure media solution. It details progress in implementation, including support for encrypted media extensions and interaction with license servers. Key features include a secure memory allocation framework, compatibility with various hardware platforms, and open-source initiatives related to content decryption modules.

Embed presentation

Download as PDF, PPTX
Presented by Date Event BKK16-201 - PlayReady OPTEE Integration with Secure Video Path Zoltan Kuscsik, PhD BKK16-201 March 8, 2016 Linaro Connect BKK16
Overview The solution presented here integrates the following key components: ● W3C EME Working Draft ● Microsoft® PlayReady® DRM Porting Kit v3.0 ● OP-TEE OS ● OpenCDM/OpenCDMI ● Chromium v45
Updates since SFO15 ● Secure Data Path with OP TEE/Playready proof of concept on STM B2120 in progress. ● Secure Memory Allocator Framework (SMAF) integration - work in progress. ● EME with OP TEE on Hikey. We got Wayland/Chromium finally working! ● Moving to 4.5 Kernel and OP TEE master. ● AES OCDMI publicly available. ● Complete Playready TA implementation. We now support the Playready Interface For TEE (PRiTEE).
Supported boards STM B2120 96boards - HiKey
Encrypted Media Extensions - Buffer decrypt Browser CDM Load TA / Init SessionNew session request Send License Request Update License Key Update available keys Allocate and Secure buffer using SMAF Secure Buffer Decrypt Decrypt Buffer Encrypted Buf PlayReadyTA
EME SW stack - what can be open? Chromium Android Framework DRM HALOCDM Widevine PPAPI CDM PlayReady CDMI SMAF OPTEE Kernel Driver Linux Kernel ClearKey CDMI Closed Source Open Source Playready TA SMAF TA HDCP TA Policy Manager (?) ClearKey TA TEE OP TEE OS
Secure Memory Allocation Framework - CMA Allocator
Secure Memory Allocation Framework
Secure Data Path
Playready integration PlayReady has a CDMi interface as part of the PlayReady’ s DRM Licensed product. This CDMi component provided is very close to the one that is required by the open source OpenCDMi project. The Linaro secure media solution is an end-to-end DRM solution with a PlayReady license server. The client receives PlayReady encrypted content and communicates with a PlayReady server to request and receive a license and keys required to decrypt the content. The licence request is generated by PlayReady encapsulated by the CDMi, passed up to the to HTML5 application which initiates the the licence acquisition from the Playready license servers.
Open CDM Browser OCDM CDMI Service cdmi.h Interface for various key. mock.drm ClearKey/OpenSSL CDM PlayReady CDMI RPC ClearKey OP TEE The OpenCDM uses the platform’s native RPC system to separate the CDM from the browser. The project has two main components: 1) A browser specific CDM integration layer and the communication interfaces for the CDM. 2) A CDMi service implementation.
Implementation overview Chromium External Clear Key Linaro Clear Key CDM with SSL Linaro Clear Key CDM with OPTEE Linaro CDM with TEE Linaro CDM with software Playready Linaro CDM with HW Playready PPAPI CDM Yes Yes Yes Yes Yes Yes OpenCDM No Yes Yes Yes Yes Yes OP TEE and TrustZone® No No Yes Yes No Yes PlayReady, other DRM support No No No Yes Yes Yes Compatibility ARMv7, ARMv8, x86 ARMv7, ARMv8, x86 ARMv7, ARMv8 ARMv7, ARMv8 ARMv7, ARMV8 ARMv7, ARMV8 HiKey Yes Yes Yes Yes Yes Yes (in development) Dragonboard Yes Yes No No Yes No
OpenSSL ClearKey CDM ● Works both on X86 and ARM Linux. ● Allows the testing and exercising the Open CDM implementation: https://github.com/linaro-home/open-content-decryption-module-cdmi ● Upstreamed to OpenCDM project
OP TEE ClearKey CDMI ● Needs OPTEE enabled HW with Chromium running ● ClearKey AES128 decryption in OP TEE: https://github.com/kuscsik/optee-clearkey-cdmi ● Works with upstream OCDM
Links ● Playready: https://msdn.microsoft.com/en- us/library/windows/apps/mt429380.aspx ● OP TEE https://github.com/OP-TEE/optee_os ● Linaro OpenCDM https://github.com/kuscsik/linaro-cdmi

More Related Content

PDF
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
byLinaro
 
PDF
HKG15-311: OP-TEE for Beginners and Porting Review
byLinaro
 
PDF
BUD17-400: Secure Data Path with OPTEE
byLinaro
 
PDF
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
byLinaro
 
PDF
Lcu14 107- op-tee on ar mv8
byLinaro
 
PDF
SFO15-503: Secure storage in OP-TEE
byLinaro
 
PDF
LCU14 302- How to port OP-TEE to another platform
byLinaro
 
PDF
Secure storage updates - SFO17-309
byLinaro
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
byLinaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
byLinaro
 
BUD17-400: Secure Data Path with OPTEE
byLinaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
byLinaro
 
Lcu14 107- op-tee on ar mv8
byLinaro
 
SFO15-503: Secure storage in OP-TEE
byLinaro
 
LCU14 302- How to port OP-TEE to another platform
byLinaro
 
Secure storage updates - SFO17-309
byLinaro
 

What's hot

PDF
HKG18-203 - Overview of Linaro DRM
byLinaro
 
PDF
HKG18-402 - Build secure key management services in OP-TEE
byLinaro
 
PDF
HKG18-113- Secure Data Path work with i.MX8M
byLinaro
 
PDF
LCA14: LCA14-502: The way to a generic TrustZone® solution
byLinaro
 
PDF
LCU14-103: How to create and run Trusted Applications on OP-TEE
byLinaro
 
PDF
TEE - kernel support is now upstream. What this means for open source security
byLinaro
 
PDF
Lcu14 306 - OP-TEE Future Enhancements
byLinaro
 
PDF
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
byAnne Nicolas
 
PDF
SFO15-200: Linux kernel generic TEE driver
byLinaro
 
PDF
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
byStefano Stabellini
 
PDF
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
byLinaro
 
PDF
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
byLinaro
 
ODP
Introduction to Optee (26 may 2016)
byYannick Gicquel
 
PDF
LCU14 500 ARM Trusted Firmware
byLinaro
 
PDF
Jagan Teki - U-boot from scratch
bylinuxlab_conf
 
PDF
from Binary to Binary: How Qemu Works
byZhen Wei
 
TXT
OPTEE on QEMU - Build Tutorial
byDalton Valadares
 
PDF
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
byStefano Stabellini
 
PDF
Linux Networking Explained
byThomas Graf
 
PDF
Arm device tree and linux device drivers
byHoucheng Lin
 
HKG18-203 - Overview of Linaro DRM
byLinaro
 
HKG18-402 - Build secure key management services in OP-TEE
byLinaro
 
HKG18-113- Secure Data Path work with i.MX8M
byLinaro
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
byLinaro
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
byLinaro
 
TEE - kernel support is now upstream. What this means for open source security
byLinaro
 
Lcu14 306 - OP-TEE Future Enhancements
byLinaro
 
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
byAnne Nicolas
 
SFO15-200: Linux kernel generic TEE driver
byLinaro
 
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
byStefano Stabellini
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
byLinaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
byLinaro
 
Introduction to Optee (26 may 2016)
byYannick Gicquel
 
LCU14 500 ARM Trusted Firmware
byLinaro
 
Jagan Teki - U-boot from scratch
bylinuxlab_conf
 
from Binary to Binary: How Qemu Works
byZhen Wei
 
OPTEE on QEMU - Build Tutorial
byDalton Valadares
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
byStefano Stabellini
 
Linux Networking Explained
byThomas Graf
 
Arm device tree and linux device drivers
byHoucheng Lin
 

Viewers also liked

PDF
LAS16-504: Secure Storage updates in OP-TEE
byLinaro
 
PDF
LAS16-406: Android Widevine on OP-TEE
byLinaro
 
PDF
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
byLinaro
 
PDF
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
byLinaro
 
PDF
BKK16-309A Open Platform support in UEFI
byLinaro
 
PDF
LAS16-306: Exploring the Open Trusted Protocol
byLinaro
 
PPTX
LAS16-203: Platform security architecture for embedded devices
byLinaro
 
PDF
BKK16-200 Designing Security into low cost IO T Systems
byLinaro
 
PDF
BKK16-505 Kernel and Bootloader Consolidation and Upstreaming
byLinaro
 
PDF
API World 2013 - Transforming the Netflix API
byBenjamin Schmaus
 
PDF
BKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
byLinaro
 
PDF
[Nemus]All About Chromecast
byNemus
 
LAS16-504: Secure Storage updates in OP-TEE
byLinaro
 
LAS16-406: Android Widevine on OP-TEE
byLinaro
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
byLinaro
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
byLinaro
 
BKK16-309A Open Platform support in UEFI
byLinaro
 
LAS16-306: Exploring the Open Trusted Protocol
byLinaro
 
LAS16-203: Platform security architecture for embedded devices
byLinaro
 
BKK16-200 Designing Security into low cost IO T Systems
byLinaro
 
BKK16-505 Kernel and Bootloader Consolidation and Upstreaming
byLinaro
 
API World 2013 - Transforming the Netflix API
byBenjamin Schmaus
 
BKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
byLinaro
 
[Nemus]All About Chromecast
byNemus
 

More from Linaro

PPTX
HKG18-223 - Trusted FirmwareM: Trusted boot
byLinaro
 
PDF
HKG18-318 - OpenAMP Workshop
byLinaro
 
PDF
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
byLinaro
 
PPTX
HKG18-120 - Devicetree Schema Documentation and Validation
byLinaro
 
PDF
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
byLinaro
 
PDF
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
byLinaro
 
PDF
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
byLinaro
 
PDF
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
byLinaro
 
PDF
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
byLinaro
 
PDF
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
byLinaro
 
PDF
HKG18-TR08 - Upstreaming SVE in QEMU
byLinaro
 
PDF
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
byLinaro
 
PDF
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
byLinaro
 
PDF
HKG18-100K1 - George Grey: Opening Keynote
byLinaro
 
PDF
HPC network stack on ARM - Linaro HPC Workshop 2018
byLinaro
 
PDF
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
byLinaro
 
PDF
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
byLinaro
 
PDF
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
byLinaro
 
PDF
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
byLinaro
 
PDF
Bud17 113: distribution ci using qemu and open qa
byLinaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
byLinaro
 
HKG18-318 - OpenAMP Workshop
byLinaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
byLinaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
byLinaro
 
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
byLinaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
byLinaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
byLinaro
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
byLinaro
 
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
byLinaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
byLinaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
byLinaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
byLinaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
byLinaro
 
HKG18-100K1 - George Grey: Opening Keynote
byLinaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
byLinaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
byLinaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
byLinaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
byLinaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
byLinaro
 
Bud17 113: distribution ci using qemu and open qa
byLinaro
 

Recently uploaded

PDF
December Patch Tuesday
byIvanti
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
December Patch Tuesday
byIvanti
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
The year in review - MarvelClient in 2025
bypanagenda
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
AI Technology important knowledge ......
byutkarshj2007
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
In this document
Powered by AI

Introduction to the presentation by Zoltan Kuscsik, PhD on PlayReady OPTEE integration for secure video path.

Integration of key components including W3C EME, Microsoft PlayReady, OP-TEE OS, and others.

Updates on the development progress, including OP-TEE PlayReady proof-of-concept and PlayReady TA implementation.

Information about supported hardware boards: STM B2120 and 96boards - HiKey.

Outline of the Encrypted Media Extensions (EME) functionalities including license requests and buffer decryption.

Discussion on the open and closed source components involved in the EME software stack.

Details about the Secure Memory Allocation Framework (SMAF) and its implementation.

Overview of the secure data path concept which is critical for secure content handling.

Description of PlayReady integration with end-to-end DRM solution and license management.

Explanation of OpenCDM architecture which includes RPC system for CDM separation from the browser.

Summary of the implementation details of various Linaro CDM setups with compatibility information.

Details on the OpenSSL ClearKey CDM implementation suitable for X86 and ARM Linux, with a GitHub resource.

Information on OP TEE ClearKey CDMI requirements and capabilities for AES128 decryption.

Links to resources for PlayReady, OP TEE, and Linaro OpenCDM for further reading.

BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1

  • 1.
    Presented by Date Event BKK16-201 -PlayReady OPTEE Integration with Secure Video Path Zoltan Kuscsik, PhD BKK16-201 March 8, 2016 Linaro Connect BKK16
  • 2.
    Overview The solution presentedhere integrates the following key components: ● W3C EME Working Draft ● Microsoft® PlayReady® DRM Porting Kit v3.0 ● OP-TEE OS ● OpenCDM/OpenCDMI ● Chromium v45
  • 3.
    Updates since SFO15 ●Secure Data Path with OP TEE/Playready proof of concept on STM B2120 in progress. ● Secure Memory Allocator Framework (SMAF) integration - work in progress. ● EME with OP TEE on Hikey. We got Wayland/Chromium finally working! ● Moving to 4.5 Kernel and OP TEE master. ● AES OCDMI publicly available. ● Complete Playready TA implementation. We now support the Playready Interface For TEE (PRiTEE).
  • 4.
  • 5.
    Encrypted Media Extensions- Buffer decrypt Browser CDM Load TA / Init SessionNew session request Send License Request Update License Key Update available keys Allocate and Secure buffer using SMAF Secure Buffer Decrypt Decrypt Buffer Encrypted Buf PlayReadyTA
  • 6.
    EME SW stack- what can be open? Chromium Android Framework DRM HALOCDM Widevine PPAPI CDM PlayReady CDMI SMAF OPTEE Kernel Driver Linux Kernel ClearKey CDMI Closed Source Open Source Playready TA SMAF TA HDCP TA Policy Manager (?) ClearKey TA TEE OP TEE OS
  • 7.
    Secure Memory AllocationFramework - CMA Allocator
  • 8.
  • 9.
  • 10.
    Playready integration PlayReady hasa CDMi interface as part of the PlayReady’ s DRM Licensed product. This CDMi component provided is very close to the one that is required by the open source OpenCDMi project. The Linaro secure media solution is an end-to-end DRM solution with a PlayReady license server. The client receives PlayReady encrypted content and communicates with a PlayReady server to request and receive a license and keys required to decrypt the content. The licence request is generated by PlayReady encapsulated by the CDMi, passed up to the to HTML5 application which initiates the the licence acquisition from the Playready license servers.
  • 11.
    Open CDM Browser OCDM CDMI Service cdmi.h Interfacefor various key. mock.drm ClearKey/OpenSSL CDM PlayReady CDMI RPC ClearKey OP TEE The OpenCDM uses the platform’s native RPC system to separate the CDM from the browser. The project has two main components: 1) A browser specific CDM integration layer and the communication interfaces for the CDM. 2) A CDMi service implementation.
  • 12.
    Implementation overview Chromium External Clear Key LinaroClear Key CDM with SSL Linaro Clear Key CDM with OPTEE Linaro CDM with TEE Linaro CDM with software Playready Linaro CDM with HW Playready PPAPI CDM Yes Yes Yes Yes Yes Yes OpenCDM No Yes Yes Yes Yes Yes OP TEE and TrustZone® No No Yes Yes No Yes PlayReady, other DRM support No No No Yes Yes Yes Compatibility ARMv7, ARMv8, x86 ARMv7, ARMv8, x86 ARMv7, ARMv8 ARMv7, ARMv8 ARMv7, ARMV8 ARMv7, ARMV8 HiKey Yes Yes Yes Yes Yes Yes (in development) Dragonboard Yes Yes No No Yes No
  • 13.
    OpenSSL ClearKey CDM ●Works both on X86 and ARM Linux. ● Allows the testing and exercising the Open CDM implementation: https://github.com/linaro-home/open-content-decryption-module-cdmi ● Upstreamed to OpenCDM project
  • 14.
    OP TEE ClearKeyCDMI ● Needs OPTEE enabled HW with Chromium running ● ClearKey AES128 decryption in OP TEE: https://github.com/kuscsik/optee-clearkey-cdmi ● Works with upstream OCDM
  • 15.
    Links ● Playready: https://msdn.microsoft.com/en- us/library/windows/apps/mt429380.aspx ●OP TEE https://github.com/OP-TEE/optee_os ● Linaro OpenCDM https://github.com/kuscsik/linaro-cdmi