Accessing RPMB key in Android 9 and Android 12

herman_lin · ‎09-04-2024

Hi NXP,

Based on the information I have, Widevine DRM is based on different TEEs depending on the Android version in NXP i.MX8MQ solution: Android 9 uses OPTEE, while Android 12 uses Trusty.

In our tests, we found that an RPMB key written under the "Android 9 + OPTEE" architecture fails verification when used under the "Android 12 + Trusty" architecture. After tracing the relevant code, it appears that OPTEE and Trusty use different algorithms to generate the RPMB key.

We would like to know whether Widevine DRM feature can work well while upgrading from "Android 9 + OPTEE" to "Android 12 + Trusty"?
If the differences between OPTEE and Trusty are causing Widevine DRM to malfunction after the upgrade to Android 12, is there a patch from NXP that supports Android 12 with OPTEE?

Thanks!

Bio_TICFSL · ‎09-10-2024

Hello,

You have to change all "setUserAuthenticationRequired(true)" by "setUserAuthenticationRequired(false)"

Regards

herman_lin · ‎09-11-2024

Hi BIO,

Let's first clarify one thing: Is it possible to use Widevine DRM with an Android 12 + Trusty environment, even if the RPMB key was originally written in an Android 9 + OP-TEE environment?

Thanks!

Accessing RPMB key in Android 9 and Android 12

Accessing RPMB key in Android 9 and Android 12

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano