High-bandwidth Digital Content Protection (HDCP)

High-bandwidth Digital Content Protection (HDCP) is a link protection scheme introduced by Digital Content Protection LLC (DCP), designed to prevent unauthorized copying of high definition digital entertainment as it is being transmitted across digital devices. The HDCP specification provides a robust, cost-effective and transparent method of protecting content, which allows the transmitting device (source) to authenticate and authorize the receiving device (sink), and ensures that digital audio and video cannot be intercepted by a malicious attacker.

The use of HDCP 2.x is led by Miracast, which is the certification program for the Wi-Fi Alliance's WFD technology. Although Miracast does not mandate content protection, it has set HDCP 2.x as the only scheme to use when such protection is required. Other wireless standards such as DiiVA, WHDI and WirelessHD, have also adopted HDCP 2.x for the protection of premium content. Additionally, HDCP 2.2 replaces previous standard HDCP 1.x for the protection of Ultra High Definition (UHD) content, 4K and 8K, over wired interfaces like HDMI, DVI, HDBASE-T and DisplayPort. 

Overall, HDCP 2.x is now being adopted by a variety of consumer electronics devices such as smartphones and tablets (typically acting as transmitters), digital displays and set-top boxes (typically acting as receivers). It is a key component in the abovementioned communication standards, as it allows valuable content, such as new movie releases and TV shows, to be displayed on external devices (e.g. big screen TVs or projectors).

Arm TrustZone Protected HDCP

Arm's HDCP 2.2 solution is carefully constructed to uphold the DCP's strict compliance and robustness requirements, while meeting the power and performance attributes of embedded environments.

Designed specifically for open environments based on Android or Windows Phone, Arm's HDCP 2.2 implementation is partitioned between the Trusted Execution Environment (TEE) and the Rich Execution Environment (REE). This unique architecture provides a runtime hardware isolation of sensitive modules from the vulnerable high-level operating system, thus maintaining the secrecy of the protocol's confidential keys and assets. Additionally, the Arm TrustZone protected HDCP 2.2 solution utilizes other platforms' available security peripherals, such as secure storage, cryptographic engines, secure boot and secure media pipeline, to provide end-to-end link protection.

Arm's HDCP 2.2 solution was designed by state-of-the-art security expertise. By utilizing Arm's seamless communications mechanism and HDCP interfaces, users are free to practice intuitive application development in REE user-space without compromising robustness requirements and avoiding any possible security breaches. It also handles key production-level use cases to ensure hassle-free deployment and fast time to market.

 

High-Level Architecture

HDCP Diagram

 

Core Components of the HDCP Solution

The HDCP link protection system is comprised of three elements:

  • The authentication protocol, through which the HDCP transmitter verifies that a given HDCP device is authorized to receive HDCP content.
  • The encryption scheme, whereby encrypted HDCP content is transmitted between the two devices, based on shared secrets established during the authentication protocol. This prevents eavesdropping mechanisms from utilizing the content.
  • The renewability mechanism, which enables the HDCP transmitter to identify compromised devices and to prevent the transmission of HDCP content if necessary.

Arm TrustZone protected HDCP Key Features

  • Supports latest HDCP 2.2 revision, including the December 2014 Errata changes
  • Supports all HDCP modes Transmitter, Receiver and Repeater
  • Designed and optimized specifically to fit wireless Miracast scenarios
  • Protects sensitive assets and processes within the TrustZone environment
  • Utilizes HW encryption for enhanced performance
  • Ported onto multiple SoCs and different TrustZone Operating Systems
  • Includes full documentation and test application

Arm TrustZone protected HDCP Key Benefits

  • Wide commercial deployment, with over 250M devices shipped to-date
  • Addresses all HDCP 2.2 compliance and robustness rules
  • Verified by both in-house and 3rd party security professionals
  • Successfully tested for Miracast interoperability in a series of plug fest events
  • Proven track record and ability to deliver a mature and tested solution
  • Guaranteed professional support for short time to market