Overview of COPP
Here are the basic steps that an application must perform to use Certified Output Protection Protocol (COPP).
Get the driver's certificate chain
- Build a DirectShow playback graph that renders video using the Video Mixing Renderer (VMR-7 or VMR-9) or the Enhanced Video Renderer filter (EVR).
- Query the VMR for the IAMCertifiedOutputProtection interface.
- Call IAMCertifiedOutputProtection::KeyExchange. This method returns a 128-bit random number from the driver, along with a certificate chain that contains the driver's 2048-bit RSA public key.
Validate the certificate chain
- Validate the certificate chain. If the certificate chain is not valid, stop.
- Check the certificate revocation list (CRL). If any of the certificates in the certificate chain appears in the revocation list, stop.
- Get the RSA public key from the certificate chain.
Initialize the COPP Session
- Generate a 128-bit AES session key. This key is used to sign data and to verify that signed data has not been tampered with.
- Generate two cryptographically secure 32-bit random numbers. The first is a status sequence number, and the second is a command sequence number. Each time the application sends a command or status request, it increments the corresponding sequence number, and includes this number in the COPP command or request data.
- Concatenate the 128-bit random number from the graphics driver, the AES session key, the status sequence number, and the command sequence number. Encrypt this byte array using the driver's public key and pass the result to IAMCertifiedOutputProtection::SessionSequenceStart.
Send COPP Commands and Status Requests
- Query for the available protection types and other information by calling IAMCertifiedOutputProtection::ProtectionStatus.
- Set the desired protection levels by calling IAMCertifiedOutputProtection::ProtectionCommand.
- Periodically query for the current local protection level. Stop playback if the local protection level changes unexpectedly or if a problem is detected.