widevine: Enable support for persistent licenses (VMP)

[magreenblatt]

Original report by me.

---

Support for persistent licenses (VMP) requires CDM host verification and CDM storage ID (related GN config). Persistent license requirements can be seen in the CanSupportPersistentLicense function. CDM host verification requires the existence of sig files (example) and the implementation of AddContentDecryptionModules.

Not all CEF clients will provide sig files (which require a signing certificate from Google). Chromium (here) will selectively enable CDM host verification at runtime if valid sig files exist.

[magreenblatt]

CDM host verification is only available on Windows and MacOS.

To enable CDM host verification:

• On Windows, “.exe.sig” and “libcef.dll.sig” files must exist in the same directory as the named binary. If using a separate sub-process executable then the .sig should be for that executable instead of the main executable.
• On MacOS, “/Contents/Frameworks/Chromium Embedded Framework.framework/Resources/Chromium Embedded Framework.sig” and “/Contents/Resources/ Helper.sig“ files must exist, both relative to the top-level app bundle.

‌

[magreenblatt]

To test widevine playback and see related log messages, run on Windows:

cefclient.exe --enable-logging=stderr --vmodule=cdm_host_file_path=2 --url="https://shaka-player-demo.appspot.com/demo/#audiolang=en-US;textlang=en-US;uilang=en-US;asset=https://storage.googleapis.com/shaka-demo-assets/sintel-widevine/dash.mpd;adTagUri=https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/124319096/external/ad_rule_samples&ciu_szs=300x250&ad_rule=1&impl=s&gdfp_req=1&env=vp&output=vmap&unviewed_position_start=1&cust_params=deployment%3Ddevsite%26sample_ar%3Dpremidpostpod&cmsid=496&vid=short_onecue&correlator=;panel=HOME;build=uncompiled" > log.txt 2>&1

Or on MacOS:

./cefclient.app/Contents/MacOS/cefclient --enable-logging=stderr --vmodule=cdm_host_file_path=2 --url="https://shaka-player-demo.appspot.com/demo/#audiolang=en-US;textlang=en-US;uilang=en-US;asset=https://storage.googleapis.com/shaka-demo-assets/sintel-widevine/dash.mpd;adTagUri=https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/124319096/external/ad_rule_samples&ciu_szs=300x250&ad_rule=1&impl=s&gdfp_req=1&env=vp&output=vmap&unviewed_position_start=1&cust_params=deployment%3Ddevsite%26sample_ar%3Dpremidpostpod&cmsid=496&vid=short_onecue&correlator=;panel=HOME;build=uncompiled" > log.txt 2>&1

Note that the URL can be any widevine DRM video from the demo player. General details about Chromium logging are here.

Example logging output on Windows:

[1004/135748.789:VERBOSE1:cdm_host_file_path.cc(44)] AddCdmHostFilePaths
[1004/135748.791:VERBOSE2:cdm_host_file_path.cc(54)] AddCdmHostFilePaths: exe_path=C:\code\chromium_git\chromium\src\out\Debug_GN_x86\cefclient.exe, signature_path=C:\code\chromium_git\chromium\src\out\Debug_GN_x86\cefclient.exe.sig
[1004/135748.793:VERBOSE2:cdm_host_file_path.cc(66)] AddCdmHostFilePaths: module_path=C:\code\chromium_git\chromium\src\out\Debug_GN_x86\libcef.dll, signature_path=C:\code\chromium_git\chromium\src\out\Debug_GN_x86\libcef.dll.sig

Example logging output on MacOS:

[1004/180949.195311:VERBOSE1:cdm_host_file_path.cc(44)] AddCdmHostFilePaths
[1004/180949.195820:VERBOSE2:cdm_host_file_path.cc(89)] AddCdmHostFilePaths: exe_path=/Users/marshall/code/chromium_git/chromium/src/out/Debug_GN_x64/cefclient.app/Contents/Frameworks/cefclient Helper.app/Contents/MacOS/cefclient Helper, signature_path=/Users/marshall/code/chromium_git/chromium/src/out/Debug_GN_x64/cefclient.app/Contents/Resources/cefclient Helper.sig
[1004/180949.195995:VERBOSE2:cdm_host_file_path.cc(108)] AddCdmHostFilePaths: framework_path=/Users/marshall/code/chromium_git/chromium/src/out/Debug_GN_x64/cefclient.app/Contents/Frameworks/Chromium Embedded Framework.framework/Chromium Embedded Framework, signature_path=/Users/marshall/code/chromium_git/chromium/src/out/Debug_GN_x64/cefclient.app/Contents/Frameworks/Chromium Embedded Framework.framework/Resources/Chromium Embedded Framework.sig

‌

[magreenblatt]

Support GN configuration of enable_rlz (see issue #3404)

→ <<cset 497e0d2d9817 (bb)>>

[magreenblatt]

widevine: Support CDM host verification and storage ID (fixes issue #3404)

This functionality will be enabled if .sig files exist in the required
locations. See the issue for details.

→ <<cset fce5af14a8df (bb)>>

[magreenblatt]

• changed state from "new" to "resolved"

[magreenblatt]

Support GN configuration of enable_rlz (see issue #3404)

→ <<cset 9e207ab857dc (bb)>>

[magreenblatt]

widevine: Support CDM host verification and storage ID (fixes issue #3404)

This functionality will be enabled if .sig files exist in the required
locations. See the issue for details.

→ <<cset 92f0b8a971a0 (bb)>>

[magreenblatt]

• edited description

[magreenblatt]

• edited description

[magreenblatt]

More about the Widevine limitations on Linux due to missing VMP support (from here):

1. Persistent licenses are not supported, only streaming licenses. This means implementing true offline support is not possible since you would always need to get a license from the cloud.
2. The service you are targeting needs to have an exception for Linux clients that allows them to get a license without a VMP signature (i.e. PLATFORM_UNVERIFIED status). Most large services seem to have this exception in place, but I don't have a complete picture to share. If you are building a service of your own you'd typically be able to adjust the Widevine proxy configuration to support this.

‌