TrustZone has been successfully securing media pipelines on Arm-based devices for over a decade. During this time the requirements of these devices have grown significantly with bit rates, resolution, frame rates, picture quality, and user interface innovation. All of which are pushing against the original design constraints.
At the same time, many consumer devices have experienced a significant transformation in recent years. They are moving from closed devices that are dedicated to a single service to open devices that are compatible with multiple services. For example, TVs are no longer used solely for watching broadcast TV channels. Installable applications now provide multiple streaming services, browsers, gaming, video calling and more.
Meeting these use cases increases the complexity of the compute workloads and the system security requirements. Looking at security, we see that multiple Digital Rights Management (DRM) schemes are active concurrently, and that there is a healthy distrust between them as they handle protected content from different sources with different levels of security requirements. This need for extra flexibility is driving the design of software-managed media pipelines.Meanwhile, content providers are driving up the performance requirements with increased picture quality. This increases the number of processing steps within the pipeline and greatly increases the memory consumption on devices. The need for efficient memory use is driving the design of a mechanism for the dynamic allocation of protected memory.
This is why Arm is introducing dynamic TrustZone, an innovative new design pattern, which is the next step on the evolutionary path for TrustZone systems. This technology uses the Realm Management Extension (RME) to provide an architected mechanism to assign pages of memory between the Non-Secure and Secure address spaces, at run time.
When applied to protected media pipelines, dynamic TrustZone enables the move from the fixed function video pipelines of today to the software configured dynamic media pipelines of tomorrow. A system with dynamic TrustZone combined with Secure virtualization will support software configured pipelines, with multiple distrusting DRMs, optional machine learning (ML) accelerators and dynamic resource allocation.
However, the actual design and implementation of these future media pipelines requires support and engagement across the entire ecosystem. This goes beyond the hardware, with the engagement of the wider ecosystem vital to the acceptance and successful development of all the software components and services required to support these demanding new user experiences.
Before delving into dynamic TrustZone, we need to first reflect on the media pipeline that is common today. Protected media pipelines as implemented in Arm systems tend to follow the pattern defined by TrustZone Media Protection (TZMP), as shown in the following diagram in a simplified form:
These systems share some common features and limitations:
To move past these limitations, we established that future protected media systems need to be able to:
Arm has been making regular enhancements to TrustZone throughout the past decade to meet evolving security requirements. Prior to announcing the Armv9 architecture (Armv9-A), we enhanced TrustZone systems with the addition of Secure virtualization. With Armv9-A, we introduced Realm Management Extension (RME) as part of the Arm Confidential Compute architecture.
With the addition of these new security features, there is now a complete set that enables a system designer to implement protected media pipelines of the future. Let us delve a bit deeper into these enhanced features.
First, let us look at secure virtualization. This was introduced to further partition the Secure world to allow for multiple Trusted Operating Systems (TOSs) to exist, isolation of secure firmware and additionally to provide for limits on TOS access to Non-secure memory.
Secure virtualization works through the creation of secure virtual machines within the TrustZone environment. These instances of virtual machines in the Secure world, often called “Secure Partitions”, are isolated from each other using stage 2 memory translations and protections. Of course, they are fully isolated from the Non-secure world by virtue of being in the Secure world. Secure virtualization is implemented with the following architectural features:
We should note that, in practice, the assignment of secure devices to Secure Partitions requires more than just the mapping of memory with the SMMU and interrupts with the GIC. Each device must be well behaved with regard to its operational state and support a standard management interfaces so that it can be managed securely and correctly within the system.
Part of Arm’s Confidential Compute architecture, the RME in Armv9-A enables pages of memory to be dynamically transitioned from the Non-secure world to the Secure world and back again. This is what puts the “dynamic” into dynamic TrustZone.
A component of the RME called the “Granule Protection Check” (GPC) provides the mechanism for dynamic assignment of memory between the Non-secure and Secure worlds. The Granule Protection Table (GPT) records the world assignment of every 4K byte page of DRAM. This table is owned and updated by EL3 firmware. At runtime, every memory access is validated by the GPC against the GPT, ensuring that the Non-secure state can only access Non-secure memory and that the Secure state can only access Secure and Non-secure memory. This check is in addition to the stage-1 and stage-2 translations and permission checks already made by the MMU.
Then, building on top of RME, the Confidential Compute architecture provides the following additional features that can enhance a dynamic TrustZone solution:
The architectural features previously outlined allow system designers to migrate to a dynamic TrustZone technology solution with multiple software defined protected media pipelines. It looks something like this:
What is going on here?
Secure virtualization, as depicted by the green boxes, is used to create the protected memory space for each pipeline. Device assignment brings system devices, blue boxes, into the pipelines, and memory buffers, black boxes, are assigned to the Secure world via the GPT mechanism. All decrypted media content remains in the Secure world during use.
This contains the media players and the user interface for the applications. This software is responsible for constructing a manifest for each media pipeline on demand and allocating resources to them, such as memory and system devices, prior to their transition to the Secure world.
Pipeline 1 in this example is processing protected audio. The processing steps may be performed by hardware devices or software codecs. An example would be an advanced surround sound stream that uses proprietary codecs for high value object-based audio content.
Pipeline 2 could be an 8K premium content movie, with strict DRM requirements and robustness rules that ensure the video and the audio streams are isolated from any other agents on the system. Since 8K resolution video has very high memory requirements for its buffers, and this may be the primary use case for a device such as a TV. The Non-secure host OS may aggressively reclaim memory from other applications, so that these protected buffers may be dynamically allocated when playback is initialized.
The decrypt step would make use of dedicated crypto accelerator, and the decode a dedicated video engine. By way of an example, the picture quality step could be executed by a high-performance ML engine, assigned to this pipeline.
Pipeline 3 could a be a picture-in-picture news report, possibly with a different DRM system to that of pipeline 2. Memory can be dynamically allocated for the protected buffers of this pipeline when the stream is enabled, without disrupting pipeline 2.
Finally, the fully rendered protected content is output to a display panel or a secure HDMI link.
Dynamic TrustZone is a great tool for delivering a multi-tenant secure media pipeline. A pipeline that is entirely protected from the OS, hypervisor and any installable applications in the normal world. This solution also allows standard hypervisors to be deployed in the normal world, without the need to change them to support DRM.
But, designing multi-tenant secure media pipelines requires support and engagement from across the entire ecosystem. This goes beyond the hardware alone, as multi-tenant secure media pipelines can create policy challenges, particularly when two different streaming video providers have different demands on how policies are enforced. Therefore, the flexibility of protected media pipelines provides an opportunity for the fine-grained signaling and checking of security policy such as watermarking, the transfer of meta data, and content recognition, to name just a few.
Engagement with the ecosystem can be achieved through industry organizations such as the Content Delivery and Security Association (CDSA), silicon vendors, OEMs, OTT service providers, content creators, and many more. All of them bring unique perspectives and expertise to the conversation, with this collaborative effort bringing richer media experiences to millions of users worldwide.
At Arm we want to collaborate with our great ecosystem to address the many security challenges on the devices we build together. The work using dynamic TrustZone is a great example of the sort of collaborations on security that can take place within the Arm ecosystem.
We need to architect software defined multi-tenant protected media pipelines at every layer. This all starts with a design pattern built upon new Arm architecture features. Look out for a whitepaper on media pipelines with more details and implementation recommendations soon. In the meantime, check out more information on Arm Confidential Compute Architecture on Arm.com and the Arm Developer website.
Thanks, this has now been updated
It should be Decrypted stream not Encrypted Stream in Protected Media Pipeline in the first picture