With evolution of video encoding and decoding technologies and people's constant pursuits of higher-quality visual images, 4000 (4K) ultra-high-definition (UHD) resolution videos have gradually come out and are rapidly popularized. Because costs for producing high-quality videos are high, copy-protection has become the industry consensus and is continuously enhanced. In the UHD age, organizations represented by the MOVIELABS have formulated corresponding security specifications. In the security specifications, it is especially emphasized that an output video is protected using a high-bandwidth digital content protection (HDCP), and security and robustness of a video play execution environment are emphasized.
The GLOBALPLATFORM standard association has defined two execution environments, a trusted execution environment (TEE) and a rich execution environment (REE). The TEE is a relatively simple secure execution environment, and software and hardware resources running in the TEE are secure and trusted. The REE is a rich and open execution environment, and there are many software and hardware resources running in the REE and the REE is open to software. Consequently, the REE lacks security.
FIG. 1 is an architectural diagram of implementing video output in a system formed by a set top box and a display device. On a side of the set top box, a decryption module at a software layer is located in a TEE, a video play module and a video driving module at the software layer are located in an REE, and a video display controller and a high-definition multimedia interface (HDMI) at a hardware layer are located in the REE. On a side of the display device, the display device also includes an HDMI.
When the set top box is started or insertion or removal occurs on either one of the HDMIs of the set top box and the display device, the video driving module queries extended display identification data (EDID) information of the display device using the HDMI of the set top box to obtain a resolution supported by the display device, whether the HDCP protocol is supported, and an HDCP protocol version supported when the HDCP protocol is supported.
The video driving module sets an output resolution of the video display controller, and the output resolution configured in the video display controller is used to control a resolution displayed during video output. Further, the video driving module sets an initial output resolution of the video display controller to the resolution supported by the display device.
The video driving module further sets an HDCP encryption status of the HDMI of the set top box. Further, when the display device does not support the HDCP protocol, the video driving module sets the HDCP encryption status of the HDMI of the set top box to HDCP encryption disabled. When the display device supports the HDCP protocol, the video driving module performs HDCP handshake negotiation according to the obtained HDCP protocol version supported by the display device and the HDMI of the display device. When the negotiation succeeds, the HDCP encryption status of the HDMI of the set top box is configured to HDCP protocol version encryption enabled. When the negotiation fails, the HDCP encryption status of the HDMI of the set top box is configured to HDCP encryption disabled.
For example, if HDCP2.2 negotiation succeeds, the HDCP encryption status of the HDMI of the set top box is configured to HDCP2.2 encryption enabled. If HDCP1.4 negotiation succeeds, the HDCP encryption status of the HDMI of the set top box is configured to HDCP1.4 encryption enabled. If HDCP2.2 negotiation and HDCP1.4 negotiation fail, the HDCP encryption status of the HDMI of the set top box is configured to HDCP encryption disabled.
The HDMI includes an HDMI controller, and the HDMI of the set top box is configured using the HDMI controller.
When a user requests to play a secure video, the video play module receives a play request of the user and stores the obtained video and license information of the video into a memory, and then triggers the decryption module in the TEE to decrypt the license information of the video, to obtain an HDCP requirement of the video.
After the decryption module obtains the HDCP requirement of the video, the video driving module sets the output resolution of the video display controller according to the HDCP requirement and the HDCP encryption status configured in the HDMI of the set top box. For example, the HDCP requirement requires to use the HDCP2.2. If the HDCP encryption status configured in the HDMI of the set top box is HDCP2.2 encryption enabled, the video driving module sets the output resolution of the video display controller to 4K UHD supported by the HDCP2.2. If the HDCP encryption status of the HDMI of the set top box is HDCP1.4 encryption enabled, the video driving module sets the output resolution of the video display controller to full high-definition (FHD) supported by the HDCP1.4.
In the other approaches, after the video driving module sets the HDCP encryption status of the HDMI of the set top box and the output resolution of the video display controller, because the video driving module is located in the REE, the video driving module is easily attacked, resulting in tampering with the HDCP encryption status of the HDMI of the set top box or the configuration of the output resolution of the video display controller. Consequently, security of the video that is output from the video display controller cannot be ensured.