widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b8bdfccebe1adee3cf4270ef5066b302ad493990
ce_cdm/README.md
Matt Feddersen b8bdfccebe Source release 19.1.0
2024-03-29 10:49:35 -07:00

122 lines
6.0 KiB
Markdown
Raw Blame History

# Widevine CE CDM 19.1.0
Released 2024-03-28
## Getting Started
This project contains the sources for building a Widevine CDM module. Read the
following to learn more about the contents of this project and how to use them:
The [Widevine Developer Site][wv-devsite] documents the CDM API and describes
how to integrate the CDM into a system.
## New in v19.1.0
Note: Release v19.0 was skipped so that this release's version number matches
the OEMCrypto version.
## Features
- Supports up to OEMCrypto v19.1, including new OEMCrypto tests introduced
since OEMCrypto v18.
- Added support for License Protocol v2.2, which uses SHA256-signed license
requests.
- Raised the minimum required version of C++ to C++17.
- Added a new error code, `kDeviceRevoked`, which requires special handling.
- `kDeviceRevoked` may be returned from any method that processes a service
response. It indicates that the device's root of trust has been revoked
and is no longer trusted.
- All service interactions will fail after this, even after a device reboot
or factory reset. Apps may want to handle this error by using a different
DRM system, if supported.
- Devices that support renewal can escape this condition by renewing their
root of trust. Root of trust renewal is outside the scope of CE CDM.
You'll need to work directly with your Widevine contact.
- Added additional logging when license request fails, to help diagnose what
went wrong.
- Improved support for HDCP v1.0-1.4 version.
- `Cdm::getStatusForHdcpVersion()` can now accept a specific HDCP 1.x minor
version (specifically 1.0, 1.1, 1.2, 1.3, or 1.4) when checking if
content can be decrypted.
- The legacy behavior is still available via `Cdm::HdcpVersion::kHdcp1_x`.
- See _Bug Fixes_ note about related bug in previous versions.
- Added support for Cast provisioning 4.0
- Cast uses a slightly different provisioning 4.0 protocol compared
to non-Cast cases. The additions to the protocol are internal
to the library, and do not require API changes for CE CDM users
- Additional tests are included, these tests will automatically
skip for device which do not use provisioning 4.0.
- Improved performance for unencrypted data provided via `Cdm::decrypt()`.
- Some apps are known to always use decrypt calls, even if parts of the
data are completely unencrypted. The CDM will now check if samples/
sub-samples of decryption batch data can skip the decryption stage
and instead directly copied to the secure output.
- Various minor performance improvements
- Reduced internal data copying.
- Test runtime improvements:
- Skipped set up for unsupported features.
- Improved test data storage management.
- Removed unused internal testing fixtures.
- Compile time improvements by better dependency checks for third-party
libraries.
- CE CDM now compiles clean with `-Wunused-parameter`.
- Added support for new provisioning flow for baked-in certificates
on devices using Widevine's embedded device certificate.
- Affected partners should check the L3 OEMCrypto documentation for
details.
- Added new tests for CE CDM and OEMCrypto v18.5 features.
- Improved code performance slightly by reducing copy operations.
- Added additional tests to check for problems when moving usage entries.
### Bug Fixes
- Fixed major issue with loss of offline licenses when stored license count
exceeds OEMCrypto's usage table size limit.
- Issue only affects users with 300 or more downloaded offline licenses
across all apps.
- Fixed major issue with memory corruption when apps misuse the API by making
certain key operations before license is loaded.
- Specifically, if an app generates a license request via
`Cdm::generateRequest()`, then calls `Cdm::remove()` before
`Cdm::update()` with the license response it can cause the CDM to crash.
- Fixed mistaken test failures when the CE CDM and OEMCrypto versions were not
identical.
- Fixed an issue with DRM certificate serial number stability for
provisioning 4.0 devices.
- This only affected very specific devices when going through their
specific factory reset process.
- Added additional tests to catch future, similar errors.
- Fixed an issue with `Cdm::getKeyStatuses()` reporting error for certain
licenses which use specific HDCP v1.x minor versions.
- Fixed an issue with URL parsing in test code for renewal requests
- Certain tests used special URL parameters which were not properly
accounted for in the CE CDM's test utility code; this caused tests
to fail on otherwise working devices.
- Fixed the CAS tests sometimes not being skipped on non-CAS-supporting
devices.
- Removed tests that explicitly tested against Widevine's staging
provisioning servers.
- Fixed minor issue with tests which were generating many warnings from
expected behavior.
- These warning did not cause the tests to fail, but created a lot of noise
when trying to diagnose other failures
- Fixed a potential out-of-bounds read in the logging code for certain
invalid severity level values.
- Fixed many minor issues identified via static analysis.
[CHANGELOG.md](./CHANGELOG.md) lists the major changes for each past release.
## Contains No OEMCrypto
The CE CDM requires an implementation of OEMCrypto, our hardware abstraction
layer, in order to compile and run successfully. If you are an OEMCrypto
implementer, you should have access to the
[OEMCrypto partner repository][oec-repo], which contains additional source code
and information about implementing OEMCrypto, including the Widevine-written
OEMCrypto implementation, the OEMCrypto Porting Kit. (OPK) If you are not an
OEMCrypto implementer, then you will need to get an OEMCrypto implementation
from your SoC manufacturer before you can use the CE CDM.
[wv-devsite]: https://developers.google.com/widevine/drm/client/ce-cdm
[oec-repo]: https://widevine-partner.googlesource.com/oemcrypto/
Reference in New Issue View Git Blame Copy Permalink