Widevine Security Levels in Web Video Playback
Overview
Widevine is a Digital Rights Management (DRM) system developed by Google that secures content playback on various devices. It supports multiple security levels that define how securely media content is processed and rendered. Understanding these levels is key to content protection and ensuring playback compatibility across devices.
This guide explains the different Widevine security levels, how they affect playback, and how to configure them using the videoRobustness
property in your player setup.
Widevine Security Levels (L1, L2, L3)
Widevine classifies devices into three security levels depending on how securely they handle decryption and video processing:
1. L1 (Level 1) - Highest Security
-
Decryption & Processing: Performed entirely within a Trusted Execution Environment (TEE) or secure hardware processor.
-
Use Case: HD (1080p), 4K UHD, and HDR content on most platforms, especially Android.
-
Device Support: Available only on devices with Widevine L1 certification (e.g., flagship Android phones, certified smart TVs).
-
Security Features:
- Secure key storage
- Trusted video path
- Hardware-backed execution
2. L2 (Level 2) - Partial Security
- Decryption: Handled within a TEE.
- Processing: Occurs outside the secure hardware.
- Use Case: Rarely used; offers limited benefit over L1.
- Device Support: Uncommon in consumer devices.
3. L3 (Level 3) - Basic Security
- Decryption & Processing: Performed entirely in software with no hardware protection.
- Use Case: Typically limited to SD (480p or lower) playback.
- Device Support: Supported on all devices that are Widevine-compatible.
- Security Limitations: Minimal protection; vulnerable to software-based attacks and lacks secure key handling.
Additional Notes
- Browsers (e.g., Chrome): Often limited to L3, even on L1-capable systems like Windows or macOS.
- APIs: Providers may query the device’s Widevine level to inform stream selection, but results may not always be reliable.
Understanding Robustness Strings
Widevine playback security can be further refined using robustness strings, which define how securely content is decrypted and rendered via the Encrypted Media Extensions (EME) API.
The following levels are ordered from least secure to most secure:
Robustness Level | Description |
---|---|
SW_SECURE_CRYPTO | Software-based decryption only. |
SW_SECURE_DECODE | Software-based decryption and decoding. |
HW_SECURE_CRYPTO | Hardware-based decryption; decoding may still occur in software. |
HW_SECURE_DECODE | Hardware-based decryption and decoding. |
HW_SECURE_ALL | Full end-to-end hardware-secure pipeline (highest security). |
Note: An empty string
""
is considered the lowest robustness level and imposes no security constraints.
Hardware vs. Software Security (Robustness Context)
-
Software-Based Security (
SW_SECURE_*
):- Widely supported across devices.
- Lower protection; suitable for less sensitive content.
- Playback is typically permitted on mirrored or external displays.
-
Hardware-Based Security (
HW_SECURE_*
):- Decryption and/or decoding handled in secure hardware.
- Stronger protection and may restrict playback on untrusted outputs (e.g., HDMI mirroring).
- Typically required for UHD or HDR playback.
Setting the Security Level with videoRobustness
videoRobustness
The videoRobustness
property lets you configure the desired playback security level via robustness strings in the SourceConfig
object.
Example
const sourceConfig = {
dash: 'https://your.content.url/manifest.mpd',
drm: {
widevine: {
LA_URL: 'https://my-drm-provider.com/key',
videoRobustness: 'HW_SECURE_ALL' // Enforce highest security level
}
}
};
Property Definition
-
videoRobustness?: string
: Sets the robustness level for Widevine playback. Accepted values:""
(empty string) - no security constraintsSW_SECURE_CRYPTO
,SW_SECURE_DECODE
,HW_SECURE_CRYPTO
,HW_SECURE_DECODE
,HW_SECURE_ALL
-
audioRobustness?: string
: Similar tovideoRobustness
, this property allows setting the robustness level for audio. It uses the same set of values.
Refer to the Bitmovin Player API Docs for full reference.
Note: If the selected level is unsupported by the device, playback will fail.
Multi-Rendition Playback & Adaptive Security
Modern manifests (DASH or HLS) often include multiple renditions of the same content at different resolutions and security levels:
- High-resolution renditions (e.g., 4K, HDR) use higher robustness.
- Standard-definition renditions use lower robustness.
This ensures broad compatibility across devices. If a device cannot meet the security requirements for high-quality playback, the player can automatically fallback to a compatible lower-resolution version.
Benefits:
- Ensures playback even on older or less secure devices.
- Helps prevent playback failures while maintaining DRM compliance.
- Allows continued access to content, albeit at lower quality.
Playback Behavior and Fallback Strategy
The player automatically attempts the highest security level first. If unsupported, it falls back to progressively lower levels until a compatible one is found.
Important Note:
While an application can query whether a device will support a particular robustness level, it cannot definitively be determined in advance whether playback will actually succeed with a specific robustness level. This depends on:
- Browser and OS limitations
- Hardware availability
- Runtime conditions and secure pipeline validation
Only during actual playback can the complete DRM security chain be fully validated.
Summary
- Widevine uses device-level tiers (L1 - L3) and robustness strings to enforce playback security.
- The player starts with the highest level and falls back as needed.
- Manifests with multiple renditions support secure playback across a range of devices.
- Use
videoRobustness
in your config to define playback expectations and security policy.
Updated 1 day ago