The hardware capabilities of the device include hardware secure boot to establish a chain of trust of security and protection of cryptographic keys.
Content protection capabilities of the device include protection of decrypted frames in the device and content protection via a trusted output protection mechanism.
The DRM manager service runs in an independent process to ensure isolated execution of DRM plug-ins.
The Android platform provides an extensible DRM framework that lets applications manage rights-protected content according to the license constraints associated with the content.
The DRM framework supports many DRM schemes; which DRM schemes a device supports is up to the device manufacturer.
This document provides an overview of the Android DRM framework, and introduces the interfaces a DRM plug-in must implement.
This document does not describe robustness rules or compliance rules that may be defined by a DRM scheme.
The combination of hardware security functions, a trusted boot mechanism, and an isolated secure OS for handling security functions is critical to providing a secure device.