基于trustonic tee使能MTK Widevine L1(SVP)

本文记录MTK芯片在Android S（Android 12）大版本上基于trustonic tee方案来开启Widevine L1方案整个移植过程。

MTK平台支持Widevine L1情况

G系列中高端平台，G70/G80/G85/G88对应mt6769平台，G90/G95对应mt6785平台，G96对应mt6781平台

软件宏设置情况

"preloader":[["MTK_TEE_SUPPORT", "yes"],["MICROTRUST_TEE_SUPPORT", "no"],["MTK_SEC_VIDEO_PATH_SUPPORT", "yes"],["TRUSTONIC_TEE_SUPPORT", "yes"],["MTK_NEBULA_VM_SUPPORT", "no"],["MTK_GOOGLE_TRUSTY_SUPPORT", "no"]
],"trustzone":[["MTK_ATF_SUPPORT", "yes"],["MTK_TEE_SUPPORT", "yes"],["MICROTRUST_TEE_SUPPORT", "no"],["TRUSTONIC_TEE_SUPPORT", "yes"],["MTK_TEE_DRAM_SIZE", "0x6000000"]
],"project":[["MTK_ATF_SUPPORT", "yes"],["MTK_TEE_SUPPORT", "yes"],["MICROTRUST_TEE_SUPPORT", "no"],["TRUSTONIC_TEE_SUPPORT", "yes"],["MTK_TEE_GP_SUPPORT", "yes"],["MTK_DRM_KEY_MNG_SUPPORT", "yes"],["MTK_NEBULA_VM_SUPPORT", "no"],["MTK_SEC_VIDEO_PATH_SUPPORT", "yes"],["MTK_WVDRM_SUPPORT", "yes"],["MTK_WVDRM_L1_SUPPORT", "yes"],["MTK_WMA_PLAYBACK_SUPPORT", "no"],["MTK_PERSIST_PARTITION_SUPPORT", "yes"]
],"kernel":[["CONFIG_MICROTRUST_TEE_SUPPORT", "n"],["CONFIG_TRUSTONIC_TEE_SUPPORT", "y"],["CONFIG_MTK_TEE_GP_SUPPORT", "y"],["CONFIG_MTK_SEC_VIDEO_PATH_SUPPORT", "y"],["CONFIG_MTK_DRM_KEY_MNG_SUPPORT", "y"],["CONFIG_MTK_NEBULA_VM_SUPPORT", "n"],["CONFIG_TEE", "y"]
]

Widevine L1 Key安装

向Google申请Widevine keybox

提供机器的设备信息（品牌名/项目名/市场名/TAC等信息），如果申请test key务必不要用项目真实信息去申请Widevine keybox。

切割Widevine keybox

在Linux系统下执行gen_key.sh脚本（如下），将会同级目录下生成Kkb、Kkb_pri、Kkb_pub和Pkb四个文件

#!/bin/bashfunction format_file()
{local filename=$1local tmp="temp"mv $filename $tmplen=$(ls -l $tmp | awk '{print $5}')let len-=1dd if=$tmp of=$filename bs=1 count=$lenrm $tmp
}openssl genrsa -out Kkb_pri.pem 2048
openssl rsa -inform PEM -in Kkb_pri.pem -outform DER -out Kkb_pri
openssl rsa -text -in Kkb_pri.pem -pubout | head -n 20 | tail -n18 > tempfile
rm Kkb_pri.pemfor (( i=0;i<10;i++ ))
dosed 's/ //' -i tempfile
donedd if=tempfile of=Kkb_pub skip=3 bs=1 &&  rm tempfile
format_file Kkb_pubopenssl rand -hex 32 > Kkb
format_file Kkbecho "00" > tempfile
format_file tempfileopenssl rand -hex 128 > tempfile2
format_file tempfile2cat tempfile tempfile2 > Pkbrm tempfile tempfile2

在win7系统下打开EncSW.exe程序（MTK工具）

通过上述操作将在EncSW.exe同级目录/encsw/生成array.c文件，将array.c文件中的两把密钥替换掉软件代码vendor/mediatek/proprietary/trustzone/trustonic/source/trustlets/keyinstall/common/TlKeyInstall/drm/common/key.c中两把密钥（一一对应）

在win7系统下打开KeySplitter.exe程序（MTK工具）

Key File为Google申请的drm key（2020-04-27_01-30-23.396_UTC.1587951023985.output，目前只申请一个DeviceID对应的drm key，内容如下）

<?xml version="1.0"?>
<Widevine>
<NumberOfKeyboxes>1</NumberOfKeyboxes>
<Keybox DeviceID="356317110000005"><Key>1d2d12b4233a571bdaba91993e7f7cae</Key><ID>00000002000046f75aa37d0374c35f39f4c8d9bba69b46cf6a6c885a6bc543886b91b0faca4e686157bed0c343f5fed85b7a8581ec808db4679ebb964e6bd36d943350a16854e97b</ID><Magic>6b626f78</Magic><CRC>0f4822d9</CRC></Keybox>
</Widevine>

点击【Split】之后将生成splitter/widevine/2020-04-27_01-30-23.396_UTC.1587951023985_0000000000.bin，接下来可以进一步操作

其中WideVine Key设置中的First Key为splitter/widevine/2020-04-27_01-30-23.396_UTC.1587951023985_0000000000.bin，设置好后，点击【Compose】之后将生成composer/kb_0000000000.bin（Widevine L1 Key）

安装Widevine L1 Key

1、打开SP META

2、SP META设置为“DRM Key Install Tool”

3、点击【Reconnect按钮】，插入手机（手机为关机状态）

4、等待进入meta mode，并弹出如下窗口，并按如下进行安装（参考MTK文档：DRM_Key_Install_Introduction.pdf）

对应的kernel log如下：

[KI_TA] INFO:TA_CreateEntry Point
[KI_TA] INFO:TA_OpenSessionEntryPoint
[KI_TA] INFO:allocated session at 0x0018b018
[KI_TA] INFO:TA_InvokeCommandEntryPoint, commandID: 0x6
[KI_TA] INFO:TZCMD_DRMKEY_INSTALL start
[KI_TA] INFO:Input buffer        = 0x00200960
[KI_TA] INFO:Inputbuffersize     = 1056
[KI_TA] INFO:Output buffer       = 0x00300020
[KI_TA] INFO:Outputbuffersize    = 16384
[KI_TA] INFO:keypair_index \x09\x09= 0
[KI_TA] INFO:[KI] 2
[KI_TA] INFO:get_keypair_index, 0
[KI_TA] INFO:[KI] 3
[KI_TA] INFO:cal_SEJ_seed 1
[KI_TA] INFO:Clear text in(addr)=0x180401, inLen=128
[KI_TA] INFO:cal_SEJ_seed 2
[KI_TA] INFO:l_Ekkb_pub=0x180484, l_PublicKeyOut=0x184df0
[KI_TA] INFO:l_Cpre=0x180584
[KI_TA] INFO:l_Pkb=0x180400, l_Pkb[0]=0x0
[KI_TA] INFO:[KI] 4
[KI_TA] INFO:l_Ekkb_pub=0x180484, l_PublicKeyOut=0x184df0
[KI_TA] INFO:l_Cpre=0x180584
[KI_TA] INFO:l_Pkb[0]=0x0
[KI_TA] INFO:Clear text in(addr)=0x180401, inLen=128
[KI_TA] INFO:shaResult=0x184b00, l_Cpre=0x180584, aesKey=0x184ae0, aesIV=0x184af0
[KI_TA] INFO:l_Ekkb_pub=0x180484, l_PublicKeyOut=0x184df0
[KI_TA] INFO:aes128_cbc_decrypt: Ciphertext length = 256
[KI_TA] INFO:plaintext length: 256
[KI_TA] INFO:[KI] 5
[KI_TA] INFO:212hasEkkb=0x1
[KI_TA] INFO:hLen=0x14, modulus_len=0x100
[KI_TA] INFO:msglen=0x100, modulus_bitlen=0x800
[KI_TA] INFO:OAEP_1
[KI_TA] INFO:OAEP_2
[KI_TA] INFO:OAEP_3
[KI_TA] INFO:OAEP_4
[KI_TA] INFO:OAEP_5
[KI_TA] INFO:OAEP_6
[KI_TA] INFO:OAEP_7
[KI_TA] INFO:OAEP_8
[KI_TA] INFO:OAEP_9
[KI_TA] INFO:OAEP_A
[KI_TA] INFO:OAEP_B
[KI_TA] INFO:[KI] 6
[KI_TA] INFO:-------------4
[KI_TA] INFO:shaLen=0x20
[KI_TA] INFO:Clear text in(addr)=0x18b028, inLen=800
[KI_TA] INFO:shaLen=0x20
[KI_TA] INFO:signLen=0x100
[KI_TA] INFO:-------------5
[KI_TA] INFO:pkcs_1_pss_decode_sha1 start
[KI_TA] INFO:PSS Sig verify pass
[KI_TA] INFO:pkcs_1_pss_decode_sha1 verify pass
[KI_TA] INFO:[KI] 7
[KI_TA] INFO:[KI] 8
[KI_TA] INFO:[KI] DecMaxKeySize=0x80, DecTotalKeySize=0x80
[KI_TA] INFO:[KI] EncMaxKeySize=0x80, EncTotalKeySize=0x80
[KI_TA] INFO:[KI] MaxKeySize=0x80, TotalKeySize=0x80
[KI_TA] INFO:[KI] keycount: 1
[KI_TA] INFO:[KI] ALIGN_16_BYTES(MaxKeySize + SZ_DRMKEY_ID + SZ_DRMKEY_SIZE): 144
[KI_TA] INFO:[KI] ALIGN_16_BYTES(keycount * sizeof(ENCRYPT_DRM_KEY_T)): 96
[KI_TA] INFO:[KI] ALIGN_16_BYTES(keycount * SZ_DRMKEY_SIG): 16
[KI_TA] INFO:[KI] ALIGN_16_BYTES(TotalKeySize): 128
[KI_TA] INFO:[KI] 8
[KI_TA] INFO:[KI] 81
[KI_TA] INFO:[KI] 9, i=0
[KI_TA] INFO:[KI] A
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:[KI] B
[KI_TA] INFO:aes128_cbc_decrypt: Ciphertext length = 128
[KI_TA] INFO:plaintext length: 128
[KI_TA] INFO:[KI] C
[KI_TA] INFO:[KI] D
[KI_TA] INFO:[KI] E1
[KI_TA] INFO:[KI] E2,drmKeyID=0x0 inputSize=0x88, drmKeySize=0x80, total=0x88
[KI_TA] INFO:[KI] E3,TempBuf=0x18f458
[KI_TA] INFO:[KI] E02
[KI_TA] INFO:[KI] E03
[KI_TA] INFO:[KI] E04
[KI_TA] INFO:Clear text in(addr)=0x18f458, inLen=136
[KI_TA] INFO:[KI] F
[KI_TA] INFO:cal_SEJ_seed 1
[KI_TA] INFO:Clear text in(addr)=0x184ae8, inLen=12
[KI_TA] INFO:cal_SEJ_seed 2
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 128
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 128
[KI_TA] INFO:[KI] J
[KI_TA] INFO:cal_SEJ_seed 1
[KI_TA] INFO:Clear text in(addr)=0x184ae8, inLen=12
[KI_TA] INFO:cal_SEJ_seed 2
[KI_TA] INFO:aes128_ecb_decrypt: Ciphertext length = 128
[KI_TA] INFO:aes128_ecb_decrypt: plaintext length = 128
[KI_TA] INFO:OK! Encrypt & Decrypt check OK!
[KI_TA] INFO:[KI] K
[KI_TA] INFO:[KI] L
[KI_TA] INFO:cal_SEJ_seed 1
[KI_TA] INFO:Clear text in(addr)=0x180401, inLen=128
[KI_TA] INFO:cal_SEJ_seed 2
[KI_TA] INFO:[KI] sizeof(TempBuf) = 0x4
[KI_TA] INFO:cal_SEJ_seed 1
[KI_TA] INFO:Clear text in(addr)=0x184aa8, inLen=12
[KI_TA] INFO:cal_SEJ_seed 2
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_cmac: enter inputLen =0x90
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: plaintext length = 16
[KI_TA] INFO:aes128_ecb_encrypt: Ciphertext length = 16
[KI_TA] INFO:[KI] M
[KI_TA] INFO:[KI] N
[KI_TA] INFO:[KI] N1
[KI_TA] INFO:[KI] N111
[KI_TA] INFO:[KI] N2
[KI_TA] INFO:[KI] N3
[KI_TA] INFO:[KI] N4
[KI_TA] INFO:[KI] O, i = 0
[KI_TA] INFO:[KI] p1
[KI_TA] INFO:[KI] p2
[KI_TA] INFO:[KI] p3
[KI_TA] INFO:[KI] p4
[KI_TA] INFO:[KI] p5
[KI_TA] INFO:[KI] p6
[KI_TA] INFO:TZCMD_DRMKEY_INSTALL end, nOutputSize: 296
[KI_TA] INFO:TA_CloseSessionEntryPoint
[KI_TA] INFO:client called 1 times, encoded 0 bytes.
[KI_TA] INFO:TA_DestroyEntryPoint
[KI_TA] INFO:TA_CreateEntry Point
[KI_TA] INFO:TA_OpenSessionEntryPoint
[KI_TA] INFO:allocated session at 0x000b5018
[KI_TA] INFO:TA_InvokeCommandEntryPoint, commandID: 0xD
[KI_TA] INFO:TZCMD_DRMKEY_STORE_KB start
[KI_TA] INFO:pInput        = 0x00100350
[KI_TA] INFO:nInputSize    = 296
[KI_TA] INFO:[KI] tl_keyblock_write_to_RPMB starts, encKeyBlock = 0x000b5028, length = 296
[KI_TA] INFO:[KI] TEE_RpmbOpenSession() done!
[KI_TA] ERROR:[KI] TEE_RpmbWriteData(8) fails: teeResult = -65536, result = 1
[KI_TA] INFO:[KI] tl_keyblock_write_to_RPMB ends
[KI_TA] INFO:TZCMD_DRMKEY_STORE_KB end, nOutputSize: 0
[KI_TA] INFO:TA_CloseSessionEntryPoint
[KI_TA] INFO:client called 1 times, encoded 0 bytes.
[KI_TA] INFO:TA_DestroyEntryPoint
[KI_TA] INFO:TA_CreateEntry Point
[KI_TA] INFO:TA_OpenSessionEntryPoint
[KI_TA] INFO:allocated session at 0x00047018
[KI_TA] INFO:TA_InvokeCommandEntryPoint, commandID: 0x1
[KI_TA] INFO:TZCMD_DRMKEY_QUERY start
[KI_TA] INFO:Input           = 0x00100840
[KI_TA] INFO:Inputbuffersize = 16384
[KI_TA] INFO:Keytype buffer  = 0x00200318
[KI_TA] INFO:=== query_drmkey_impl start ===
[KI_TA] INFO:query_1, keyblock=0x00047028
[KI_TA] INFO:query_2, keycount=1
[KI_TA] INFO:query_8, i=0, size=88
[KI_TA] INFO:query_9, i=0
[KI_TA] INFO:query_A, SZ_DRMKEY_HEADER_SIZE=80, encryptDrmHeader.encDrmKeySize=128, SZ_DRMKEY_SIG=16,
[KI_TA] INFO:query_A, i=0, keytype=0x4b030, keyid=0x0, keyblockLeng=224, encryptDrmHeader.encDrmKeySize=128
[KI_TA] INFO:=== query_drmkey_impl end ===
[KI_TA] INFO:TZCMD_DRMKEY_QUERY end, count: 1
[KI_TA] INFO:TA_CloseSessionEntryPoint
[KI_TA] INFO:client called 1 times, encoded 0 bytes.
[KI_TA] INFO:TA_DestroyEntryPoint

在软件开启Widevine L1和烧录Widevine L1 Key之后，则可使用drminfo APK查看到Security Level为L1