Hardware video decoding of encrypted h.264 video media (widevine)

[Markus Pfau]

looking through the chromium code, h.264 decoding of encrypted content will never be done h/w accelerated.

It seems that h.264 parser only calls DecryptAndDecodeFrame (and never Decrypt) wich leads to software decoding inside libwidevine.

Can this be confirmed / are there plans to solve this issue?

[PhistucK]

I am not sure this is correct (but I do not know the internals at all). You expect H.264 to call decrypt and then what? Get the decrypted content and send it to the hardware decoder?

But then the decrypted data will be available outside of Widevine, which defeats the purpose of the protection.

My non-educated guess is that Widevine sends the decoded data directly to the hardware decoder.

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Chromium HTML5" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-html5+unsubscribe@chromium.org.
To post to this group, send email to chromiu...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-html5/.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.

[Markus Pfau]

Thanks for feedback!

- right, this is what I expect encrypted -> Decrypt -> hw/ decoder -> renderer.

- regarding security: IMO there is no big difference if you get decrypted+encoded instead decrypted+decoded.

 In both ways you'll get the video frame wich could be recorded theoretically.

Simply looking at the dependencies of libwidevine, it doesn't seem to have anything h/w accelerated in it.

There is no d3d / amcodec or whatever in it, and there is no interface to external (secure???) h/w decoders.

On Android devices there is a possibility to select secure decoders (also h/w), but this part is missing IMO completely in libwidevine.

Means, that Chrome / Chromium dont support h/w decoding of e.g. Amazon Prime/ Netflix on all platforms (including chromeos) except android

This is what I have read from the sources - hopefully it is not true.

Edit: Chromium has build in h/w decoders, but there is no back link from widevine to them.

Maybe I have overseen something, but the ppapi cdm implementation does not include this feature.

Am Dienstag, 20. September 2016 12:48:04 UTC+2 schrieb PhistucK:

I am not sure this is correct (but I do not know the internals at all). You expect H.264 to call decrypt and then what? Get the decrypted content and send it to the hardware decoder?

But then the decrypted data will be available outside of Widevine, which defeats the purpose of the protection.

My non-educated guess is that Widevine sends the decoded data directly to the hardware decoder.

☆PhistucK

On Tue, Sep 20, 2016 at 1:27 PM, Markus Pfau <mpf...@gmail.com> wrote:

looking through the chromium code, h.264 decoding of encrypted content will never be done h/w accelerated.

It seems that h.264 parser only calls DecryptAndDecodeFrame (and never Decrypt) wich leads to software decoding inside libwidevine.

Can this be confirmed / are there plans to solve this issue?

--
You received this message because you are subscribed to the Google Groups "Chromium HTML5" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-html...@chromium.org.