diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
index 9fe77a7b..df5579b7 100644
--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -193,6 +193,7 @@ typedef OEMCryptoResult (*L1_GetUsageEntryInfo_t)(
     int64_t* seconds_since_license_received,
     int64_t* seconds_since_first_decrypt);
 typedef OEMCrypto_ProvisioningMethod (*L1_GetProvisioningMethod_t)();
+typedef OEMCryptoResult (*L1_GetBCCType_t)(OEMCrypto_BCCType* bcc_type);
 typedef OEMCryptoResult (*L1_GetOEMPublicCertificate_t)(
     uint8_t* public_cert, size_t* public_cert_length);
 typedef OEMCryptoResult (*L1_LoadOEMPrivateKey_t)(OEMCrypto_SESSION session);
@@ -398,6 +399,7 @@ struct FunctionPointers {
   L1_ReportUsage_t ReportUsage;
   L1_GetUsageEntryInfo_t GetUsageEntryInfo;
   L1_GetProvisioningMethod_t GetProvisioningMethod;
+  L1_GetBCCType_t GetBCCType;
   L1_GetOEMPublicCertificate_t GetOEMPublicCertificate;
   L1_LoadOEMPrivateKey_t LoadOEMPrivateKey;
   L1_SupportedCertificates_t SupportedCertificates;
@@ -1004,6 +1006,7 @@ class Adapter {
     LOOKUP_ALL(16, GetOEMPublicCertificate,    OEMCrypto_GetOEMPublicCertificate);
     LOOKUP_ALL(16, LoadOEMPrivateKey,          OEMCrypto_LoadOEMPrivateKey);
     LOOKUP_ALL(12, GetProvisioningMethod,      OEMCrypto_GetProvisioningMethod);
+    LOOKUP_ALL(19, GetBCCType,                 OEMCrypto_GetBCCType);
     LOOKUP_ALL( 8, GetRandom,                  OEMCrypto_GetRandom);
     LOOKUP_ALL( 8, InstallKeyboxOrOEMCert,     OEMCrypto_InstallKeyboxOrOEMCert);
     LOOKUP_ALL(18, FactoryInstallBCCSignature, OEMCrypto_FactoryInstallBCCSignature);
@@ -1558,6 +1561,14 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
   return fcn->GetProvisioningMethod();
 }
 
+OEMCryptoResult OEMCrypto_GetBCCType(OEMCrypto_GetBCCType* bcc_type) {
+  if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
+  const FunctionPointers* fcn = gAdapter->GetFunctionPointers(kLevelDefault);
+  if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
+  if (fcn->GetBCCType == nullptr) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+  return fcn->GetBCCType(bcc_type);
+}
+
 OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
                                       wvcdm::RequestedSecurityLevel level) {
   if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
index 0f086693..4ffcdab6 100644
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -513,9 +513,19 @@ typedef enum OEMCrypto_ProvisioningMethod {
   // Device has factory installed OEM certificate.
   OEMCrypto_OEMCertificate = 3,
   // Device has Boot Certificate Chain (BCC).
-  OEMCrypto_BootCertificateChain = 4
+  OEMCrypto_BootCertificateChain = 4,
 } OEMCrypto_ProvisioningMethod;
 
+/**
+   Return value for OEMCrypto_GetBCCType().
+ */
+typedef enum OEMCrypto_BCCType {
+  // Boot certificate chain in CBOR format.
+  OEMCrypto_CBOR = 0,
+  // Boot certificate chain in X509 format.
+  OEMCrypto_X509 = 1,
+} OEMCrypto_BCCType;
+
 /**
    Return value for OEMCrypto_GetWatermarkingSupport().
  */
@@ -721,6 +731,7 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_LoadProvisioningCast        _oecc146
 #define OEMCrypto_PrepAndSignLicenseRelease   _oecc147
 #define OEMCrypto_GetUsageEntryInfo           _oecc148
+#define OEMCrypto_GetBCCType                  _oecc149
 // clang-format on
 
 /// @addtogroup initcontrol
@@ -2996,6 +3007,37 @@ OEMCryptoResult OEMCrypto_FactoryInstallBCCSignature(const uint8_t* signature,
  */
 OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(void);
 
+/**
+ * This function is for OEMCrypto to tell the layer above what type of Boot
+ * Certificate Chain it uses. This is for devices that use Provisioning 4.0.
+ *
+ * Valid values for OEMCrypto_BCCType are:
+ *
+ * OEMCrypto_CBOR means the device has a boot certificate chain of CBOR type,
+ * which shall follow the IETF CBOR Web Token (CWT) specification, and the CBOR
+ * Object Signing and Encryption (COSE) specification. Android requires CBOR.
+ * OEMCrypto_X509 means the device has a boot certificate chain of X509 type.
+ * Please work with your Widevine Partner Engineer if you plan to support X509.
+ *
+ * @param[out] bcc_type: the type of the boot certificate chain.
+ *
+ * @retval OEMCrypto_SUCCESS
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT if any pointer is NULL.
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED: this function is for
+ *         Provisioning 4.0 only.
+ * @retval OEMCrypto_ERROR_UNKNOWN_FAILURE any other failure.
+ *
+ * @threading
+ *   This is a "Property Function" and may be called simultaneously with any
+ *   other property function or session function, but not any initialization or
+ *   usage table function, as if the CDM holds a read lock on the OEMCrypto
+ *   system.
+ *
+ * @version
+ *   This method is new API version 19.
+ */
+OEMCryptoResult OEMCrypto_GetBCCType(OEMCrypto_BCCType* bcc_type);
+
 /**
  * If the device has a keybox, this validates the Widevine Keybox loaded into
  * the security processor device. This method verifies two fields in the
@@ -3987,7 +4029,6 @@ OEMCryptoResult OEMCrypto_LoadProvisioning(
     size_t signature_length, uint8_t* wrapped_private_key,
     size_t* wrapped_private_key_length);
 
-
 /**
  * Load and parse a provisioning response, and then rewrap the private key. We
  * recommend that the OEM use a strong encryption key and signing key algorithm.