-
Notifications
You must be signed in to change notification settings - Fork 40
VMP
ECS supports Widevine Verified Media Path (VMP). It provides a method to verify the authenticity of a device platform by requiring signatures for binary components taking part in the media pipeline.
All ECS releases are pre-signed for development, i.e. for use with Widevine UAT or servers accepting development clients. For production use you can sign up for our EVS service, to obtain production VMP signing capabilities. Previously a license agreement with Google Widevine was required to get your own VMP signing certificate, but with EVS this is no longer necessary. EVS is the primary way forward, but in case you are already in possession of a valid VMP certificate from the time before EVS, you can still use it to sign your releases until it expires.
Instructions on how to use EVS is available on the EVS wiki page.
We are providing a Python script to make the re-signing process easier. It requires the Python modules cryptography and macholib, both avaliable through the PyPi and easily installed, e.g. using pip. The script vmp-resign.py is available in the repository and is also packaged with every release, i.e. in node_modules/electron/vmp-resign.py. Basic usage looks as follows:
vmp-resign.py [-h] [-v] [-q] [-M MACOS_NAME] [-W WINDOWS_NAME]
[-V VERSION] [-C CERTIFICATE] [-P PASSWORD] [-p] [-K KEY]
[-Y]
dirs [dirs ...]
For full usage information execute vmp-resign.py -h.
If the application has been renamed as part of the packaging process, e.g. to Player, the new names need to be provided for each platform, using the -M and -W options:
vmp-resign.py -C cert.pem -P "pass" -K key.pem -M Player.app -W Player.exe MacPlayer-v1.0/ WinPlayer-v1.0/
To verify that signatures are vaild the -Y option can be used:
vmp-resign.py -M Player.app -W Player.exe -Y MacPlayer-v1.0/ WinPlayer-v1.0/
Keep in mind that this only verifies the integrity of the executable and signature, it does not currently check that the certificate/key used for signing is actually a valid VMP certificate.
If you are code-signing too, you need to take care to execute the VMP-signing at the right time for the platform. On macOS the VMP-signing needs to take place BEFORE the code-signing, whereas on Windows the VMP-signing needs to take place AFTER the code-signing, or things will break.