Accessing RPMB key in Android 9 and Android 12

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Accessing RPMB key in Android 9 and Android 12

558 Views
herman_lin
Contributor II

Hi NXP,

Based on the information I have, Widevine DRM is based on different TEEs depending on the Android version in NXP i.MX8MQ solution: Android 9 uses OPTEE, while Android 12 uses Trusty.

In our tests, we found that an RPMB key written under the "Android 9 + OPTEE" architecture fails verification when used under the "Android 12 + Trusty" architecture. After tracing the relevant code, it appears that OPTEE and Trusty use different algorithms to generate the RPMB key.

We would like to know whether Widevine DRM feature can work well while upgrading from "Android 9 + OPTEE" to "Android 12 + Trusty"?
If the differences between OPTEE and Trusty are causing Widevine DRM to malfunction after the upgrade to Android 12, is there a patch from NXP that supports Android 12 with OPTEE?

Thanks!

Labels (1)
0 Kudos
Reply
2 Replies

509 Views
Bio_TICFSL
NXP TechSupport
NXP TechSupport

Hello,

You have to change all "setUserAuthenticationRequired(true)" by "setUserAuthenticationRequired(false)" 

 

Regards

0 Kudos
Reply

477 Views
herman_lin
Contributor II

Hi BIO,

Let's first clarify one thing: Is it possible to use Widevine DRM with an Android 12 + Trusty environment, even if the RPMB key was originally written in an Android 9 + OP-TEE environment?

Thanks!

0 Kudos
Reply