Presented by
Date
Encrypted Media Extensions
& Platform Content Decryption Modules,
A quick start primer Matt Snoby Cisco Technical Leader
Linaro Home Group
February 2015
Who is this guy? Matt Snoby Cisco Technical Leader Linaro assignee 15 years of STB experience Conditional Access Nagravision, PowerKey, Digital Rights Management Intertrust, Verimatrix, VideoGuard, PlayReady Media, Apple HLS, Gstreamer plugins and pipelines [email protected] [email protected] https://www.linkedin.com/in/mattsnoby
Introduction ● What is EME ● What is a CDM ● Why use the Chromium browser ● CDM & DRM ● PC CDM’s on embedded targets ● Linaro Clear Key CDM ● How to start development on your own CDM ● Creating test encrypted content ● Undocumented “features” ● What’s Next for Linaro Clear Key CDM?
EME Terminology
● EME - Encrypted Media Extensions ● DRM – Digital Rights Management ● Key Systems ● CDM – Content Decryption Module
What is a CDM?
● Provides the functionality on the target
hardware to implement a key system. ● Key Systems can be (but are not limited to) a
commercial DRM system or even a clear key
What is a CDM continued?
● Developed and customized for the platform. ● Does not have to be delivered with the
browser. ● Runs out of the browser process space.
Why Chromium
● Leader in EME development ● Support ● Open Source
How is a CDM different than traditional DRMs? CDM Traditional DRM
Authorization / pairing Done through the user agent (app)
Factory or proprietary out of band methods
Data Communication All traffic goes through the user agent (https)
typically out of band direct from the DRM process to a secure server
API’s Session based API’s proprietary
Pairing reset user can delete and reset pairing data ( like resetting a cookie)
user typically can not do this.
CrossCompiled PC CDM’s
● Why not use existing CDM’s for PC’s? o Embedded CPU power o No SOC accelerated decrypt
§ HW Block Decrypt o No SOC Buffer protection after decrypt
§ TrustZone
Linaro Clear Key CDM
● Why implement a Clear Key CDM ● Future development work
How to Start Development? • Pull tip of chromium
• http://dev.chromium.org/developers/how-tos/get-the-code • Now build chrome
• “ninja –C out/Debug chrome • Next build the external clear key
• Remember to link in the cdmadapter code to your CDM code
• “ninja –C out/Debug clearkeycdmadapter
How to Start Development cont
• Javascript / HTML 5 app is located at: media/test/data/* Specifically eme_player.html and all the files under eme_player_js directory, • cp this whole directory to your webserver • cp media/test/data/* /var/www/chrome
Testing
Start up chrome: out/Debug/chrome -‐-‐enable-‐logging=stderr -‐-‐v=1 -‐-‐register-‐pepper-‐plugins="out/Debug/libclearkeycdmadapter.so#ClearKey CDM#ClearKey CDM0.1.0.0#0.1.0.0;application/x-‐ppapi-‐clearkey-‐cdm" http://localhost/chrome/eme_player.html
1.) URL of encrypted video 2.)Select External Clearkey 3.)Use the Prefixed EME API’s 4.) Play
Creating Content
Convert an MP4 file to a webm file ffmpeg –v infile.mp4 –vcodec libvpx –acodec libvorbis –aq 5 –ac 2 –qmax 1 output.webm
Creating Content – now encryption
Webm_crypt is the prgm to encrypt video stream: https://code.google.com/p/webm/
Now encrypt the video
./webm_crypt -‐i /home/snoby/out_3.webm -‐o /home/snoby/out_enc_3.webm base_secret.key
base_secret.key is a binary 16byte file that holds the key you are encrypting with
Undocumented “features”
• There is Decrypt method and DecryptandDecodeFrame method. • In the videoDecoderInitialize call return “kSessionError” to set
CDM into Decrypt only mode. • When linking your CDM you MUST link in the cdmadapter
code in the gypi files.
What’s next?
● Member board implementation o Hardware Block decryptor o Secure buffers with TrustZone o Send buffers to Gstreamer for decode
Questions?