TZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12

Transcription

1 TZMP-1 Software Reference Implementation Ken Liu 2018-Mar Arm Limited

2 Content DRM Applications and Secure Video Path Regular Secure Video Path Design with Trustzone TZMP1 Design Concepts Reference Implementation Details Arm Limited

3 General Process of DRM DRM Protocols Authorizing Key Exchange Encoded Content Encrypted Content Casting Video Path + - Encode/Encrypt Networking Decrypt/Decode Arm Limited

4 Ideal Model of Secure Video Path Encrypted Content - Decry pt Secured Environment Decod e + Composit e Encoded Content Decoded Frame Arm Limited

5 Content DRM Applications and Secure Video Path Regular Secure Video Path Design with Trustzone TZMP1 Design Concepts Reference Implementation Details Arm Limited

6 Arm Trustzone Non-Trusted Apps Tursted OS Non-Secure World Secure World Hardware isolated Execution Environment Trused OS Trusted Application Arm Limited

7 Regular Design with TrustZone Receiv e Non-Secure World - Decryp t Secure World Decode + Composit e Arm Limited

8 Issues of Regular Design Non-Secure OS Mature multimedia frameworks in Non-Secure OS Secure OS Video Driver Video Component Video Driver Graphics GPU Driver Display Driver Graphics Component Compositor Media Framework Porting? Video Component Graphics Driver Graphics Component Display Driver Compositor Arm Limited Non-Secure World Lack of API Runtime more attack interfaces Secure World

9 Protect Content in Non-Secure World Non-Secure Memory + Composite - Secure Memory Decry pt Protecte d Memory Decod e Protect ed Memor y Restrict accessing into single direction Could we protect content in non-secure world to avoid much changes? Arm Limited

10 Content DRM Applications and Secure Video Path Regular Secure Video Path Design with Trustzone TZMP1 Design Concepts Reference Implementation Details Arm Limited

11 Protected Memory and Secured Playback Protected Memory WO Decryptor Non-Secure CPU Non-Secure VPU Secure Bitstream RW Protected VPU Non-Secure GPU RW Protected GPU RO Display Controller RO RW RW RO Non-Secure Memory Non-Secured Bitstream Secure Bitstream could only be accessed by Protected hardware components Non-Secure Bitstream could only be accessed by Non-Secure hardware components Display controller could read both types of bitstreams Mention the word Protected leads to Protected Memory and Protected Mode of HW Arm Limited

12 Hardware Architecture of TZMP1 Cortex A Cortex A Cortex A Cortex A GPU NSAID _CPU CCI 5xx Interconnect NSAID _GPU _PROT ECTED NSAID _REE NSAID NSAID _VIDE O_PRI VPUVATE NSAID _VIDE O_PR OTECT ED NSAID _VIDE O_OU NIC-400 Interconnect TBUF NSAID TZC-400 _REE NSAID Display NSAID _DP_P ROTEC TED Memory Arm Limited

13 Firewall of Accessing - Arm Trustzone Controller 400 Region Ranges NSAID 1 NSAID 2 NSAID 16 Secure Access 0 All Memory RW Configurable RW Configurable RW Configurable RW Configurable 1 Configurable RW Configurable RW Configurable RW Configurable RW Configurable 2 Configurable RW Configurable RW Configurable RW Configurable RW Configurable 3 Configurable RW Configurable RW Configurable RW Configurable RW Configurable 4 Configurable RW Configurable RW Configurable RW Configurable RW Configurable 5 Configurable RW Configurable RW Configurable RW Configurable RW Configurable 6 Configurable RW Configurable RW Configurable RW Configurable RW Configurable Comp NSAID TZC-400 Memory 7 Configurable RW Configurable RW Configurable RW Configurable RW Configurable Each non-secure memory accessing hardware is assigned with a Non-Secure Access ID (NSAID) TZC-400 checks NSAID and region permissions to decide access availability Total 8 regions and 16 NSAIDs are supported in TZC-400 Secure accessing is also checked by TZC Arm Limited

14 Content DRM Applications and Secure Video Path Regular Secure Video Path Design with Trustzone TZMP1 Design Concepts Reference Implementation Details Arm Limited

15 Platform and Software Components Component Board Non-Secure OS Secure OS Boot Media IP DRM Description Juno-r2 + 2 x Logictile Android lsk-4.4-armlt Kernel OPTEE OS Arm-tf Arm Mali V550 G71 DP650 Clearkey / Widevine Arm Limited

16 Overall Reference Implementation ExoPlayer Media Framework SurfaceFlinger DRM Plugin Crypto CA OMX.decoder.secu re OMX.decoder Protected Surface Surface Encrypted Clear Bitstream OP-TEE OS (TEE) Crypto TA Protected Memory Non-Secure Memory Decrypted NSAID PROT VPU Decode d Clear Bitstream Drivers Hardware NSAID_PUB TZC-400 Decode d Decode d NSAID_PR OT GPU Decode d NSAID_PU B Decoded Deco ded DPU NSAI D Arm Limited

17 Required Software Modifications ExoPlayer Media Framework SurfaceFlinger DRM Plugin Crypto CA OMX.decoder.secu re OMX.decoder Protected Surface Surface SGL CA Gralloc ION OP-TEE OS (TEE) Drivers Crypto TA SGL TA Hardware TZC400 Setup NSAID PROT VPU NSAID_PUB TZC-400 NSAID_PR OT GPU NSAID_PU B DPU NSAI D Arm Limited

18 Memory Regions Android (Linux) Kernel Managed ION::UNMAPPED HEAP ION::CARVEOUT TEE PARAM X Memory Regions Non-Secure Memory SECURE FIRMWARE SECURE BITSTREAM SECURE FRAME TEE PARAM Secure Memory OPTEE OS X Secure Data Path X TEE PARAM Runtime Arm Limited

19 Secure VPU Firmware Loading Secure Gadget Library (SGL CA) OP-TEE OS SGL TA Hardware VPU NSAID_PRIV NSAID_PUB Firmware Secure Firmware Mandatory for firmware based decoder Unnecessary for non-firmware based decoder SDP Usage Non-Secure Memory SECURE FIRMWARE SECURE BITSTREAM Arm Limited

20 Adopt DRM Crypto DRM Plugin OP-TEE OS Crypto TA Decrypted Non-Secure Memory SECURE FIRMWARE SECURE BITSTREAM Encrypted Bitstream Decrypt in OPTEE OS Put result into protected memory Take advantage SDP of OPTEE OS SDP Arm Limited

21 Adopt Secure Decoder OMX.decoder.secu re Android ExoPlayer Media Framework OMX.decoder Secure Video Path in Android Is DRM required Secure Codec? Is Secure Codec available? Setup Secure Video Path Choose Secure Codec component Apply Protected Surface for output Drivers Hardware VPU NSAID_PROT NSAID_PUB Decrypted Decode d SECURE FIRMWARE SECURE BITSTREAM SECURE FRAME Arm Limited

22 Graphics and Display SurfaceFlinger Protected Surface Surface GPU and Display calls gralloc for surface buffers Gralloc allocates memory from specified buffer due to flags Call ION APIs for protected buffer Drivers Decode d NSAID_PR OT GPU Hardware NSAID_PU B Decoded DPU NSAI D SECURE FRAME Arm Limited

23 References Components Repository 1 Workspace To be upstreamed in April 2 Arm-tf (Upstreaming) 3 OPTEE OS (Done) 4 Android manifest To be upstreamed in April 5 Secure Gadget Library Upstreaming in linaro private repository 6 Gralloc 7 Multimedia IP Contact Arm support 8 Linux and DTS (Upstreaming) 9 Arm Connected Community Page Planed to be done by ~April Arm Limited

24 Thank You Danke Merci 谢谢ありがとう Gracias Kiitos 감사합니다 ध यव द תודה Arm Limited