Enabling Robust Security for High-DPI Displays


Displays, monitors and touchscreens are the interface of our digital lives everywhere, at home, at work and in the car. Display designers are continually improving their products with higher bandwidth, new technologies and innovative features. The new modular products incorporate micro-LEDs to enable new form factors, such as the design of screens as thin as a canvas, which can be rolled up or seamlessly assembled into screens as large as 300 inches. Additionally, higher variable refresh rates move 4K resolutions to a wider range of interfaces, including gaming applications.

To meet new product and consumer demands, designers incorporate the latest DisplayPort, HDMI and USB standards. The DisplayPort 2.0 standard offers consumers up to 80 Gbps of bandwidth, and HDMI 2.1 offers 48 Gbps. A plethora of devices that use HDMI, DisplayPort and USB Type-C interfaces that support large screens with higher resolutions enrich our connected lives, from digital TVs, smartphones, tablets, monitors, audio/video bridges, converters , projectors, dongles, game consoles, streaming boxes, docking stations and set-top boxes. These devices transmit or receive high-value premium content that is necessary to have robust security protection against malicious attacks.

What is HDCP 2.3?

High-Bandwidth Digital Content Protection (HDCP) is a widely adopted link security specification developed by Intel and licensed from Digital Content Protection LLC (DCP). HDCP is intended to protect copyrighted digital audio and video content as it travels through connections. Connections can be made between source devices such as set-top boxes or dongles, to synchronize devices, such as digital televisions or other display devices (Figure 1).

Fig. 1: HDCP 2.3 protects data traveling over connections between devices such as set-top boxes and televisions.

The latest HDCP specification, HDCP version 2.3, was released in 2018 for HDMI interfaces and in 2019 for DisplayPort interfaces (which are used in USB Type-C) to increase the level of security protection. Compared to the previous revision, HDCP 2.3 requires more stringent security mechanisms, including hardware root of trust, hardened execution environment, runtime integrity checking, and post-execution integrity checking. unauthorized modification.

The HDCP 2.3 specification involves two components:

  • Authentication and key exchange, leveraging cryptographic algorithms such as RSA-3072 verification, RSA-2048 encryption/decryption, HMAC-SHA256, and AES-CTR-128
  • Encryption/decryption of audio/video content, using AES-CTR-128 cryptographic algorithms

The specification should continue to change as interface technologies and threat types evolve. For example, in July 2021, DCP LLC released an errata that requires updates for transmitter-related applications to upgrade the locality verification protocol. Solution providers have up to 18 months to comply with the latest updates. Meanwhile, older implementations can be tested and certified according to pre-errata rules.

Find a scalable HDMI/DisplayPort/USB Type-C security solution

Chip developers who plan to support the latest multimedia requirements for large, high-resolution displays need to bring products to market that not only support the latest security specifications, but are also proven to meet ruggedness requirements. strict, certified, highly interoperable in the field, and offer optimal surface, performance and power.

Good solutions even go beyond current specifications and mandates. Planning for future threats and specification updates is even more difficult but imperative to consider. Being able to upgrade devices safely in the field via software/firmware without having to re-spin the silicon can be a competitive advantage.

To beat the competition, chip developers rely on proven third-party security solutions that are readily available, certified, and future-proof. Integration of third-party HDMI, DisplayPort, and USB-C IP allows design teams to innovate and focus on their core competencies while reducing risk and accelerating time to market in today’s competitive markets. ‘display.

IP Security Solutions Supporting HDCP 2.3 Specification

Synopsys DesignWare HDCP 2.3 IP Embedded Security Modules (ESMs) support the latest HDCP standards, including errata changes released in July 2021 that affect the locality verification protocol responsible for validating the distance between receivers and devices. transmitters.

With DesignWare HDCP 2.3 IP, customers can choose whether to enable changes as defined by errata, or keep the pre-errata version to be compatible with existing field deployments.

As specifications evolve, users of ESM DesignWare HDCP 2.3 can upgrade easily, via firmware and potentially without the need for RTL modifications. Synopsys’ flexible architecture enables a less invasive upgrade that avoids silicon re-spins.

DesignWare HDCP 2.3 Security IP

Synopsys HDCP 2.3 ESMs are comprehensive security solutions that provide designers with a robust, standards-compliant implementation of HDCP content protection technology over HDMI 2.0/2.1, DisplayPort 1.4/2.0, and USB Type-C interfaces.

HDCP ESMs include an authentication engine and a content encryption/decryption engine, as shown in Figure 2. The robust security architecture provides hardware root of trust, secure boot, and tamper protection. execution for HDCP ESM firmware, DCP key management and system renewal. The firmware is located on the host, however, it is fully encrypted and access to it is through secure instruction memory controller buffers which are not addressable from the host infrastructure. The host is located outside the secure perimeter and only minimal interaction is required from the host processor to control an ESM.

HDCP ESMs are compact, processor-based security modules that support encryption and decryption of high-resolution content streams, such as HD and Ultra HD for a variety of use cases. The product family includes single, 2-port and 4-port solutions. Each port type can be configured individually, as Receiver (Rx), Transmitter (Tx), DisplayPort 1.4 or 2.0 Single/Multi-Stream (SST/MST), HDMI 2.0 or 2.1. Multiport ESMs also support repeater use cases. For example, a 2-port ESM can be configured to support a 1-to-1 repeater, DisplayPort input to DisplayPort output, HDMI input to HDMI output, or combinations of HDMI input to DisplayPort output, a DisplayPort input to an HDMI output.

Fig. 2: DesignWare HDCP 2.3 Embedded Security Module block diagram.

When configured for multi-port use cases, HDCP ESMs include a single sign-on engine that serves multiple ports in the content encryption/decryption engine to minimize area. Crypto cores are instantiated independently per content port to support the maximum transmission rates of HDMI 2.0, HDMI 2.1, DisplayPort 1.4, and DisplayPort 2.0.

The HDCP ESMs have been pre-integrated and pre-verified with Synopsys’s HDMI 2.0/2.1 receiver and transmitter controller and PHY IP (Figure 3), as well as the DisplayPort 1.4 controller IP of the Synopsys transmitter and USB PHY IP to provide complete and compliant information. HDCP 2.3 solutions. Various configurations have received HDMI and VESA certifications, with extensive interoperability testing conducted in the lab and at plug fests.

Fig. 3: HDCP 2.3 embedded security modules built into controllers.


Digital media and display technologies are undergoing significant transformations. As increasingly valuable video/audio content is streamed between a wide and growing range of large, high-resolution devices, system designers and content creators demand that it be properly secured. The HDCP 2.3 security protocol is widely adopted in the industry for various interfaces including HDMI, DisplayPort, USB Type-C, and it evolves with technology. Security solutions are required for interfaces, not only to comply with the latest specifications, but also to disarm malicious attacks. In the long term, HDCP solutions must be flexible and scalable, able to quickly adapt and protect against new threats, and ready to align as much as possible with new specification updates without the need for a new rotation of silicon.

Synopsys is uniquely positioned in the IP market with comprehensive HDCP 2.3 ESMs that comply with the latest standards and revisions, including the latest errata, are fully integrated with controllers, align with the latest technology requirements, and enable SoC designers to quickly implement required security with low risk and fast time to market.

In addition to DesignWare HDCP 2.3 Security ModulesSynopsys provides a broad portfolio of highly integrated solutions security IP solutions which use a common set of building blocks and standards-based security concepts to enable efficient silicon design and high levels of security for a range of products in the mobile, automotive, digital home, IoT and cloud computing.


Comments are closed.