| HN Mirror

Sorry if I worded it badly, I didn't mean to imply that all Widewine content is decoded in software on all platforms, just that's the way its handled on Kodi running on a Raspberry Pi.

Now i'm not a widevine "Partner" just a person with too much time on my hands and an interest in DRM. So for anyone who works on kodi or who is reading who is a widevine partner who's NDA's prevent you from correcting please forgive any mistakes. This is just my understanding of Widevine.

As I understand it on Android/ChromeOS widevine can decrypt and decode in hardware but I believe its done via a HAL.

As far as I understand it there are 3 security levels to widevine Level1 being the highest and 3 being the lowest.

Level 1 is where the decrypt and decode are all done within a trusted execution environment (As far as I understand it Google work with chipset vendors such as broadcom, qualcomm, etc to implement this) and then sent directly to the screen.

Level 2 is where widevine decrypts the content within the TEE and passes the content back to the application for decoding which could then be decoded with hardware or software.

Level 3 (I believe) is where widevine decrypts and decodes the content within the lib itself (it can use a hardware cryptographic engine but the rpi doesn't have one).

Android/ChromeOS support either Level1 or Level3 depending on the hardware and Chrome on desktops only seems to support Level 3. Kodi is using the browser implementation (at least when kodi is not running on Android) of widevine which seems to only support Level 3 (So decrypt & decode in software) and therefore can not support hardware decoding. But that doesn't mean that hardware decoding of widevine protected content can not be supported on any mobile SoC. Sorry if I gave that impression.

When a license for media is requested the security level it will be decrypted/decoded with is also sent and the returned license will restrict the widevine CDM to that security level.

I believe NetFlix only support Level 1 and Level 3, which is why for a while the max resolution you could get watching NetFlix on chrome in a desktop browser was 720p as I believe that was the max resolution NetFlix offered at Level 3 and we had to use Edge/IE(iirc) to watch at 1080p as it used a different DRM system (PlayReady) and why atm Desktop 4k Netflix is only currently supported on Edge using (iirc) Intel gen7+ processors and NVidia Pascal GPUs (I don't know if AMD support PlayReady 3.0 on their GPUs as I don't have one so not really had the desire to investigate, I'm guessing that current Ryzen CPUs do not as they currently don't have integrated GPUs).

On Android where Netflix's app believed Level 1 was supported it would request a Level 1 license and then Widevine would then pass the content off to the TEE for decryption and decode which would then use hardware for decoding. If it didn't believe that Level 1 was supported it would fallback to Level 3 which is why some Android tablets had to run a modified NetFlix app to force Level 1 requests because the official app wasn't tested on that device and was put on the supported devices list even though it did support Level 1 (running the modified app on a device that didn't support Level 1 wouldn't result in playback).