commit 6ada9c98751f51f02392ff1d4a209efec5f20d58
Author: qvint <dotqvint(a)gmail.com>
Date: Tue Apr 6 08:54:21 2021 +0300
Add upstream fixes for VA-API
chromium-89-EnumTable-crash.patch | 69 ++++
chromium-89-vaapi-r850949.patch | 547 +++++++++++++++++++++++++++++
chromium-89-vaapi-r851954.patch | 59 ++++
chromium-89-vaapi-r854937.patch | 712 ++++++++++++++++++++++++++++++++++++++
chromium-freeworld.spec | 28 +-
5 files changed, 1406 insertions(+), 9 deletions(-)
---
diff --git a/chromium-89-EnumTable-crash.patch b/chromium-89-EnumTable-crash.patch
new file mode 100644
index 0000000..292cf57
--- /dev/null
+++ b/chromium-89-EnumTable-crash.patch
@@ -0,0 +1,69 @@
+--- a/components/cast_channel/enum_table.h
++++ b/components/cast_channel/enum_table.h
+@@ -212,7 +212,7 @@ class
+
+ template <typename E>
+ friend class EnumTable;
+- DISALLOW_COPY_AND_ASSIGN(GenericEnumTableEntry);
++ DISALLOW_ASSIGN(GenericEnumTableEntry);
+ };
+
+ // Yes, these constructors really needs to be inlined. Even though they look
+@@ -250,8 +250,7 @@ class EnumTable {
+ // Constructor for regular entries.
+ constexpr Entry(E value, base::StringPiece str)
+ : GenericEnumTableEntry(static_cast<int32_t>(value), str) {}
+-
+- DISALLOW_COPY_AND_ASSIGN(Entry);
++ DISALLOW_ASSIGN(Entry);
+ };
+
+ static_assert(sizeof(E) <= sizeof(int32_t),
+@@ -306,15 +305,14 @@ class EnumTable {
+ if (is_sorted_) {
+ const std::size_t index = static_cast<std::size_t>(value);
+ if (ANALYZER_ASSUME_TRUE(index < data_.size())) {
+- const auto& entry = data_.begin()[index];
++ const auto& entry = data_[index];
+ if (ANALYZER_ASSUME_TRUE(entry.has_str()))
+ return entry.str();
+ }
+ return base::nullopt;
+ }
+ return GenericEnumTableEntry::FindByValue(
+- reinterpret_cast<const GenericEnumTableEntry*>(data_.begin()),
+- data_.size(), static_cast<int32_t>(value));
++ &data_[0], data_.size(), static_cast<int32_t>(value));
+ }
+
+ // This overload of GetString is designed for cases where the argument is a
+@@ -342,8 +340,7 @@ class EnumTable {
+ // enum value directly.
+ base::Optional<E> GetEnum(base::StringPiece str) const {
+ auto* entry = GenericEnumTableEntry::FindByString(
+- reinterpret_cast<const GenericEnumTableEntry*>(data_.begin()),
+- data_.size(), str);
++ &data_[0], data_.size(), str);
+ return entry ? static_cast<E>(entry->value) : base::Optional<E>();
+ }
+
+@@ -358,7 +355,7 @@ class EnumTable {
+ // Align the data on a cache line boundary.
+ alignas(64)
+ #endif
+- std::initializer_list<Entry> data_;
++ const std::vector<Entry> data_;
+ bool is_sorted_;
+
+ constexpr EnumTable(std::initializer_list<Entry> data, bool is_sorted)
+@@ -370,8 +367,8 @@ class EnumTable {
+
+ for (std::size_t i = 0; i < data.size(); i++) {
+ for (std::size_t j = i + 1; j < data.size(); j++) {
+- const Entry& ei = data.begin()[i];
+- const Entry& ej = data.begin()[j];
++ const Entry& ei = data[i];
++ const Entry& ej = data[j];
+ DCHECK(ei.value != ej.value)
+ << "Found duplicate enum values at indices " << i
<< " and " << j;
+ DCHECK(!(ei.has_str() && ej.has_str() && ei.str() == ej.str()))
diff --git a/chromium-89-vaapi-r850949.patch b/chromium-89-vaapi-r850949.patch
new file mode 100644
index 0000000..3eb967e
--- /dev/null
+++ b/chromium-89-vaapi-r850949.patch
@@ -0,0 +1,547 @@
+From 7ae60470cdb0bea4548a0f5e8271b359f9450c79 Mon Sep 17 00:00:00 2001
+From: Jeffrey Kardatzke <jkardatzke(a)google.com>
+Date: Fri, 5 Feb 2021 03:33:58 +0000
+Subject: [PATCH] vaapi: Update for libva forwards compatibility
+
+There was a downstream patch applied for protected content for libva.
+This patch is now upstreamed, but is not compatible with the downstream
+version. This change will allow us to update libva in ChromeOS to an
+intermediate version that'll be compatible with both downstream and
+upstream. Then we can shift Chrome to the upstream API, and then remove
+the downstream compatibility layer from ChromeOS after that and be on
+upstream.
+
+BUG=b:174951211
+TEST=Chrome builds, protected content plays back
+
+Change-Id: Id06b21daf19a54b340236b354b5f4a828e2362de
+Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2672690
+Reviewed-by: Andres Calderon Jaramillo <andrescj(a)chromium.org>
+Reviewed-by: J Kardatzke <jkardatzke(a)chromium.org>
+Commit-Queue: J Kardatzke <jkardatzke(a)chromium.org>
+Cr-Commit-Position: refs/heads/master@{#850949}
+---
+ .../h264_vaapi_video_decoder_delegate.cc | 7 +
+ .../vaapi/h265_vaapi_video_decoder_delegate.h | 7 +
+ media/gpu/vaapi/va_prot.sigs | 1 -
+ media/gpu/vaapi/vaapi_utils.h | 7 +
+ .../gpu/vaapi/vaapi_video_decoder_delegate.cc | 11 +-
+ .../gpu/vaapi/vaapi_video_decoder_delegate.h | 7 +
+ media/gpu/vaapi/vaapi_wrapper.cc | 30 +--
+ media/gpu/vaapi/vaapi_wrapper.h | 7 +
+ .../va_protected_content.h | 225 ++----------------
+ tools/metrics/histograms/enums.xml | 2 +-
+ 10 files changed, 75 insertions(+), 229 deletions(-)
+
+--- a/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.cc
++++ b/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.cc
+@@ -4,6 +4,13 @@
+
+ #include "media/gpu/vaapi/h264_vaapi_video_decoder_delegate.h"
+
++// TODO(jkardatzke): Remove this once the transition to the new upstream
++// protected content API is complete. This is used to bridge a transition
++// between the libva pull request we used, and what actually landed upstream.
++#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
++#define LEGACY_UPSTREAM_PROTECTED_LIBVA
++#endif
++
+ #include <va/va.h>
+
+ #include "base/memory/aligned_memory.h"
+--- a/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.h
++++ b/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.h
+@@ -5,6 +5,13 @@
+ #ifndef MEDIA_GPU_VAAPI_H265_VAAPI_VIDEO_DECODER_DELEGATE_H_
+ #define MEDIA_GPU_VAAPI_H265_VAAPI_VIDEO_DECODER_DELEGATE_H_
+
++// TODO(jkardatzke): Remove this once the transition to the new upstream
++// protected content API is complete. This is used to bridge a transition
++// between the libva pull request we used, and what actually landed upstream.
++#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
++#define LEGACY_UPSTREAM_PROTECTED_LIBVA
++#endif
++
+ #include <va/va.h>
+
+ #include "base/memory/scoped_refptr.h"
+--- a/media/gpu/vaapi/va_prot.sigs
++++ b/media/gpu/vaapi/va_prot.sigs
+@@ -9,5 +9,4 @@ VAStatus vaCreateProtectedSession(VADisp
+ VAStatus vaDestroyProtectedSession(VADisplay dpy, VAProtectedSessionID
protected_session);
+ VAStatus vaAttachProtectedSession(VADisplay dpy, VAContextID reserved,
VAProtectedSessionID protected_session);
+ VAStatus vaDetachProtectedSession(VADisplay dpy, VAContextID reserved);
+-VAStatus vaProtectedSessionHwUpdate(VADisplay dpy, VAProtectedSessionID
protected_session, VABufferID buf_id);
+ VAStatus vaProtectedSessionExecute(VADisplay dpy, VAProtectedSessionID
protected_session, VABufferID buf_id);
+\ No newline at end of file
+--- a/media/gpu/vaapi/vaapi_utils.h
++++ b/media/gpu/vaapi/vaapi_utils.h
+@@ -5,6 +5,13 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_UTILS_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_UTILS_H_
+
++// TODO(jkardatzke): Remove this once the transition to the new upstream
++// protected content API is complete. This is used to bridge a transition
++// between the libva pull request we used, and what actually landed upstream.
++#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
++#define LEGACY_UPSTREAM_PROTECTED_LIBVA
++#endif
++
+ #include <va/va.h>
+
+ #include "base/callback_forward.h"
+--- a/media/gpu/vaapi/vaapi_video_decoder_delegate.cc
++++ b/media/gpu/vaapi/vaapi_video_decoder_delegate.cc
+@@ -143,11 +143,13 @@ VaapiVideoDecoderDelegate::SetupDecryptD
+ DCHECK_EQ(protected_session_state_, ProtectedSessionState::kCreated);
+
+ if (encryption_scheme_ == EncryptionScheme::kCenc) {
+- crypto_params->encryption_type =
+- full_sample ? VA_ENCRYPTION_TYPE_CENC_CTR : VA_ENCRYPTION_TYPE_CTR_128;
++ crypto_params->encryption_type = full_sample
++ ? VA_ENCRYPTION_TYPE_FULLSAMPLE_CTR
++ : VA_ENCRYPTION_TYPE_SUBSAMPLE_CTR;
+ } else {
+- crypto_params->encryption_type =
+- full_sample ? VA_ENCRYPTION_TYPE_CENC_CBC : VA_ENCRYPTION_TYPE_CBC;
++ crypto_params->encryption_type = full_sample
++ ? VA_ENCRYPTION_TYPE_FULLSAMPLE_CBC
++ : VA_ENCRYPTION_TYPE_SUBSAMPLE_CBC;
+ }
+
+ // For multi-slice we may already have segment information in here, so
+@@ -253,6 +255,7 @@ VaapiVideoDecoderDelegate::SetupDecryptD
+ memcpy(crypto_params->wrapped_decrypt_blob,
+ hw_key_data_map_[decrypt_config_->key_id()].data(),
+ DecryptConfig::kDecryptionKeySize);
++ crypto_params->key_blob_size = DecryptConfig::kDecryptionKeySize;
+ crypto_params->segment_info = &segments->front();
+ #else // if BUILDFLAG(IS_CHROMEOS_ASH)
+ protected_session_state_ = ProtectedSessionState::kFailed;
+--- a/media/gpu/vaapi/vaapi_video_decoder_delegate.h
++++ b/media/gpu/vaapi/vaapi_video_decoder_delegate.h
+@@ -5,6 +5,13 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_DELEGATE_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_DELEGATE_H_
+
++// TODO(jkardatzke): Remove this once the transition to the new upstream
++// protected content API is complete. This is used to bridge a transition
++// between the libva pull request we used, and what actually landed upstream.
++#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
++#define LEGACY_UPSTREAM_PROTECTED_LIBVA
++#endif
++
+ #include <map>
+ #include <memory>
+ #include <string>
+--- a/media/gpu/vaapi/vaapi_wrapper.cc
++++ b/media/gpu/vaapi/vaapi_wrapper.cc
+@@ -132,7 +132,7 @@ enum class VaapiFunctions {
+ kVADestroyProtectedSession = 26,
+ kVAAttachProtectedSession = 27,
+ kVADetachProtectedSession = 28,
+- kVAProtectedSessionHwUpdate = 29,
++ kVAProtectedSessionHwUpdate_Deprecated = 29,
+ kVAProtectedSessionExecute = 30,
+ // Anything else is captured in this last entry.
+ kOtherVAFunction = 31,
+@@ -175,7 +175,7 @@ constexpr std::array<const char*,
+ "vaDestroyProtectedSession",
+ "vaAttachProtectedSession",
+ "vaDetachProtectedSession",
+- "vaProtectedSessionHwUpdate",
++ "vaProtectedSessionHwUpdate (Deprecated)",
+ "vaProtectedSessionExecute",
+ "Other VA function"};
+
+@@ -780,7 +780,7 @@ bool GetRequiredAttribs(const base::Lock
+ #if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (mode == VaapiWrapper::kDecodeProtected && profile != VAProfileProtected)
{
+ required_attribs->push_back(
+- {VAConfigAttribEncryption, VA_ENCRYPTION_TYPE_CTR_128});
++ {VAConfigAttribEncryption, VA_ENCRYPTION_TYPE_SUBSAMPLE_CTR});
+ required_attribs->push_back(
+ {VAConfigAttribDecProcessing, VA_DEC_PROCESSING});
+ }
+@@ -1789,13 +1789,14 @@ bool VaapiWrapper::CreateProtectedSessio
+ // We have to hold the VABuffer outside of the lock because its destructor
+ // will acquire the lock when it goes out of scope. We also must do this after
+ // we create the protected session.
+- VAProtectedSessionHwUpdateBuffer hw_update_buf;
++ VAProtectedSessionExecuteBuffer hw_update_buf;
+ std::unique_ptr<ScopedVABuffer> hw_update = CreateVABuffer(
+- VAProtectedSessionHwUpdateBufferType, sizeof(hw_update_buf));
++ VAProtectedSessionExecuteBufferType, sizeof(hw_update_buf));
+ {
+ base::AutoLock auto_lock(*va_lock_);
+ constexpr size_t kHwIdentifierMaxSize = 64;
+ memset(&hw_update_buf, 0, sizeof(hw_update_buf));
++ hw_update_buf.function_id = VA_TEE_EXEC_TEE_FUNCID_HW_UPDATE;
+ hw_update_buf.input.data_size = hw_config.size();
+ hw_update_buf.input.data =
+ static_cast<void*>(const_cast<uint8_t*>(hw_config.data()));
+@@ -1805,22 +1806,22 @@ bool VaapiWrapper::CreateProtectedSessio
+ if (!MapAndCopy_Locked(
+ hw_update->id(),
+ {hw_update->type(), hw_update->size(), &hw_update_buf})) {
+- LOG(ERROR) << "Failed mapping HwUpdate buf";
++ LOG(ERROR) << "Failed mapping Execute buf";
+ return false;
+ }
+
+- VAStatus va_res = vaProtectedSessionHwUpdate(
++ VAStatus va_res = vaProtectedSessionExecute(
+ va_display_, va_protected_session_id_, hw_update->id());
+- VA_SUCCESS_OR_RETURN(va_res, VaapiFunctions::kVAProtectedSessionHwUpdate,
++ VA_SUCCESS_OR_RETURN(va_res, VaapiFunctions::kVAProtectedSessionExecute,
+ false);
+
+ ScopedVABufferMapping mapping(va_lock_, va_display_, hw_update->id());
+ if (!mapping.IsValid()) {
+- LOG(ERROR) << "Failed mapping returned HwUpdate buf";
++ LOG(ERROR) << "Failed mapping returned Execute buf";
+ return false;
+ }
+ auto* hw_update_buf_out =
+- reinterpret_cast<VAProtectedSessionHwUpdateBuffer*>(mapping.data());
++ reinterpret_cast<VAProtectedSessionExecuteBuffer*>(mapping.data());
+ if (!hw_update_buf_out->output.data_size) {
+ LOG(ERROR) << "Received empty HW identifier";
+ return false;
+@@ -1901,10 +1902,9 @@ bool VaapiWrapper::IsProtectedSessionDea
+ if (va_protected_session_id_ == VA_INVALID_ID)
+ return false;
+
+- constexpr uint32_t kVaTeeExecGpuFuncIdIsSessionAlive = 0x40000103;
+ uint8_t alive;
+ VAProtectedSessionExecuteBuffer tee_exec_buf = {};
+- tee_exec_buf.function_id = kVaTeeExecGpuFuncIdIsSessionAlive;
++ tee_exec_buf.function_id = VA_TEE_EXEC_TEE_FUNCID_IS_SESSION_ALIVE;
+ tee_exec_buf.input.data_size = 0;
+ tee_exec_buf.input.data = nullptr;
+ tee_exec_buf.output.data_size = sizeof(alive);
+@@ -2421,7 +2421,7 @@ std::unique_ptr<ScopedVABuffer> VaapiWra
+ base::AutoLock auto_lock(*va_lock_);
+ TRACE_EVENT0("media,gpu", "VaapiWrapper::CreateVABufferLocked");
+ #if BUILDFLAG(IS_CHROMEOS_ASH)
+- VAContextID context_id = type == VAProtectedSessionHwUpdateBufferType
++ VAContextID context_id = type == VAProtectedSessionExecuteBufferType
+ ? va_protected_session_id_
+ : va_context_id_;
+ #else
+@@ -2710,8 +2710,8 @@ bool VaapiWrapper::Initialize(CodecMode
+ for (auto& attrib : required_attribs) {
+ if (attrib.type == VAConfigAttribEncryption) {
+ attrib.value = (encryption_scheme == EncryptionScheme::kCbcs)
+- ? VA_ENCRYPTION_TYPE_CBC
+- : VA_ENCRYPTION_TYPE_CTR_128;
++ ? VA_ENCRYPTION_TYPE_SUBSAMPLE_CBC
++ : VA_ENCRYPTION_TYPE_SUBSAMPLE_CTR;
+ }
+ }
+ }
+--- a/media/gpu/vaapi/vaapi_wrapper.h
++++ b/media/gpu/vaapi/vaapi_wrapper.h
+@@ -10,6 +10,13 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_WRAPPER_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_WRAPPER_H_
+
++// TODO(jkardatzke): Remove this once the transition to the new upstream
++// protected content API is complete. This is used to bridge a transition
++// between the libva pull request we used, and what actually landed upstream.
++#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
++#define LEGACY_UPSTREAM_PROTECTED_LIBVA
++#endif
++
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <va/va.h>
+--- a/third_party/libva_protected_content/va_protected_content.h
++++ b/third_party/libva_protected_content/va_protected_content.h
+@@ -46,6 +46,7 @@ extern "C" {
+ * @{
+ */
+
++#ifdef LEGACY_UPSTREAM_PROTECTED_LIBVA
+ /**
+ *
+ * A protected content function for processing cipher protected content.
+@@ -97,16 +98,19 @@ extern "C" {
+ /** \brief Encryption parameters buffer for content protection usage */
+ #define VAEncryptionParameterBufferType ((VABufferType)0x20001)
+
++#endif // LEGACY_UPSTREAM_PROTECTED_LIBVA
++
+ /**\brief CENC status paramter, used for vendor content protection only.
+ * The buffer corresponds to #VACencStatusParameters for va/cp*/
+ #define VACencStatusParameterBufferType ((VABufferType)0x20002)
+
++#ifdef LEGACY_UPSTREAM_PROTECTED_LIBVA
+ /** attribute values for VAConfigAttribEncryption */
+ #define VA_ENCRYPTION_TYPE_NONE 0x00000000
+-#define VA_ENCRYPTION_TYPE_CENC_CBC 0x00000002
+-#define VA_ENCRYPTION_TYPE_CENC_CTR 0x00000008
+-#define VA_ENCRYPTION_TYPE_CTR_128 0x00000010
+-#define VA_ENCRYPTION_TYPE_CBC 0x00000020
++#define VA_ENCRYPTION_TYPE_FULLSAMPLE_CBC 0x00000002
++#define VA_ENCRYPTION_TYPE_FULLSAMPLE_CTR 0x00000008
++#define VA_ENCRYPTION_TYPE_SUBSAMPLE_CTR 0x00000010
++#define VA_ENCRYPTION_TYPE_SUBSAMPLE_CBC 0x00000020
+
+ /** attribute values for VAConfigAttribContentProtectionSessionMode */
+ #define VA_PC_SESSION_MODE_NONE 0x00000000
+@@ -132,18 +136,11 @@ extern "C" {
+ #define VA_PC_SAMPLE_TYPE_FULLSAMPLE 0x00000001
+ #define VA_PC_SAMPLE_TYPE_SUBSAMPLE 0x00000002
+
+-/** \brief TeeExec Function Codes. */
+-typedef enum _VA_TEE_EXEC_FUNCTION_ID {
+- VA_TEE_EXEC_TEE_FUNCID_PASS_THROUGH_NONE = 0x0,
+-
+- // 0x40000000~0x400000FFF reserved for TEE Exec GPU function
+- VA_TEE_EXEC_GPU_FUNCID_ENCRYPTION_BLT = 0x40000000,
+- VA_TEE_EXEC_GPU_FUNCID_DECRYPTION_BLT = 0x40000001,
++#endif // LEGACY_UPSTREAM_PROTECTED_LIBVA
+
+- // 0x40001000~0x400001FFF reserved for TEE Exec TEE function
+- VA_TEE_EXEC_TEE_FUNCID_PASS_THROUGH = 0x40001000,
+-
+-} VA_TEE_EXEC_FUNCTION_ID;
++/** \brief TeeExec Function Codes. */
++#define VA_TEE_EXEC_TEE_FUNCID_HW_UPDATE 0x40000002
++#define VA_TEE_EXEC_TEE_FUNCID_IS_SESSION_ALIVE 0x40000103
+
+ /** \brief values for the encryption return status. */
+ typedef enum {
+@@ -159,6 +156,7 @@ typedef enum {
+ VA_ENCRYPTION_STATUS_UNSUPPORT
+ } VAEncryptionStatus;
+
++#ifdef LEGACY_UPSTREAM_PROTECTED_LIBVA
+ /** \brief structure for encrypted segment info. */
+ typedef struct _VAEncryptionSegmentInfo {
+ /** \brief The offset relative to the start of the bitstream input in
+@@ -212,23 +210,12 @@ typedef struct _VAEncryptionParameters {
+ * encrypted, i.e. the CENC or CBC1 scheme is being used.
+ */
+ uint32_t blocks_stripe_clear;
++ /* Forwards compatibility */
++ uint32_t key_blob_size;
+ /** \brief Reserved bytes for future use, must be zero */
+- uint32_t va_reserved[VA_PADDING_MEDIUM];
++ uint32_t va_reserved[VA_PADDING_MEDIUM - sizeof(uint32_t)];
+ } VAEncryptionParameters;
+-
+-/** \brief structure for VA_TEE_EXEC_GPU_FUNCID_ENCRYPTION_BLT */
+-typedef struct _VA_PROTECTED_BLT_PARAMS {
+- uint8_t* src_resource; // The source resource which contains the clear data.
+- uint8_t*
+- dst_resource; // The Destination resource. This resource will contain the
+- // encrypted data. It should be allocated by the caller.
+- uint32_t width; // The width of the surface in Bytes.
+- uint32_t height; // The height of the surface in Bytes (pay attention that
+- // for NV12 the height(Bytes) = 1.5*height(Pixel)).
+- VAEncryptionParameters*
+- enc_params; // The encryption parameters as defined by application
+- void* reserved_extension; // The reserved extension for future BLT operations
+-} VA_PROTECTED_BLT_PARAMS;
++#endif // LEGACY_UPSTREAM_PROTECTED_LIBVA
+
+ /** \brief cenc status parameters, corresponding to
+ * #VACencStatusParameterBufferType*/
+@@ -311,184 +298,6 @@ typedef struct _VACencSliceParameterBuff
+ uint32_t va_reserved[VA_PADDING_MEDIUM];
+ } VACencSliceParameterBufferH264;
+
+-/**
+- * \brief Slice parameter for HEVC cenc decode in main & main 10 profiles.
+- *
+- * This structure holds information for \c
+- * slice_segment_header() and nal_unit_header() of the slice as
+- * defined by the HEVC specification.
+- *
+- */
+-typedef struct _VACencSliceParameterBufferHEVC {
+- /** \brief Same as the HEVC bitstream syntax element. */
+- uint8_t nal_unit_type;
+- /** \brief Corresponds to the HEVC bitstream syntax element.
+- * Same as nuh_temporal_id_plus1 - 1*/
+- uint8_t nuh_temporal_id;
+- /** \brief Slice type.
+- * Corresponds to HEVC syntax element of the same name. */
+- uint8_t slice_type;
+- /** \brief Same as the HEVC bitstream syntax element. */
+- uint16_t slice_pic_order_cnt_lsb;
+- /** \brief Indicates EOS_NUT or EOB_NUT is detected in picture. */
+- uint16_t has_eos_or_eob;
+-
+- union {
+- struct {
+- /** \brief Same as the HEVC bitstream syntax element */
+- uint32_t no_output_of_prior_pics_flag : 1;
+- /** \brief Same as the HEVC bitstream syntax element */
+- uint32_t pic_output_flag : 1;
+- /** \brief Same as the HEVC bitstream syntax element */
+- uint32_t colour_plane_id : 2;
+- /** \brief Reserved for future use, must be zero */
+- uint32_t reserved : 19;
+- } bits;
+- uint32_t value;
+- } slice_fields;
+-
+- /** \brief Parameters for driver reference frame set */
+- /**@{*/
+-
+- /** \brief number of entries as current before in short-term rps
+- * Corresponds to NumPocStCurrBefore as the HEVC specification. */
+- uint8_t num_of_curr_before;
+- /** \brief number of entries as current after in short-term rps
+- * Corresponds to NumPocStCurrAfter as the HEVC specification. */
+- uint8_t num_of_curr_after;
+- /** \brief number of entries as current total in short-term rps*/
+- uint8_t num_of_curr_total;
+- /** \brief number of entries as foll in short-term rps
+- * Corresponds to NumPocStFoll as the HEVC specification.*/
+- uint8_t num_of_foll_st;
+- /** \brief number of entries as current in long-term rps
+- * Corresponds to NumPocLtCurr as the HEVC specification. */
+- uint8_t num_of_curr_lt;
+- /** \brief number of entries as foll in long-term rps
+- * Corresponds to NumPocLtFoll as the HEVC specification.*/
+- uint8_t num_of_foll_lt;
+- /** \brief delta poc as short-term current before
+- * Corresponds to PocStCurrBefore as the HEVC specification. */
+- int32_t delta_poc_curr_before[8];
+- /** \brief delta poc as short-term current after
+- * Corresponds to PocStCurrAfter, as the HEVC specification.*/
+- int32_t delta_poc_curr_after[8];
+- /** \brief delta poc as short-term current total */
+- int32_t delta_poc_curr_total[8];
+- /** \brief delta poc as short-term foll
+- * Corresponds to PocStFoll as the HEVC specification.*/
+- int32_t delta_poc_foll_st[16];
+- /** \brief delta poc as long-term current
+- * Corresponds to PocLtCurr as the HEVC specification.*/
+- int32_t delta_poc_curr_lt[8];
+- /** \brief delta poc as long-term foll
+- * Corresponds to PocLtFoll, as the HEVC specification.*/
+- int32_t delta_poc_foll_lt[16];
+- /** \brief delta poc msb present flag
+- * Same as the HEVC bitstream syntax element. */
+- uint8_t delta_poc_msb_present_flag[16];
+- /** \brief long-term reference RPS is used for reference by current picture*/
+- uint8_t is_lt_curr_total[8];
+- /** \brief index of reference picture list. [0] is for P and B slice, [1] is
+- * for B slice*/
+- uint8_t ref_list_idx[2][16];
+- /**@}*/
+- /** \brief Pointer to the next #VACencSliceParameterBufferHEVC element,
+- * or \c nullptr if there is none.*/
+- void* next;
+-
+- /** \brief Reserved bytes for future use, must be zero */
+- uint32_t va_reserved[VA_PADDING_MEDIUM];
+-} VACencSliceParameterBufferHEVC;
+-
+-/**
+- * \brief uncompressed header for VP9 cenc decode
+- *
+- * This structure holds information for \c
+- * uncompressed_header() as defined by the VP9 specification.
+- *
+- */
+-typedef struct _VACencSliceParameterBufferVP9 {
+- union {
+- struct {
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t profile : 2;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t show_existing_frame_flag : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t frame_to_show_map_idx : 3;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t frame_type : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t show_frame : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t error_resilient_mode : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t intra_only : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t ten_or_twelve_bit : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t color_space : 3;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t color_range : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t subsampling_x : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t subsampling_y : 1;
+- /** \brief Corresponds to ref_frame_idx[0]
+- * as the VP9 specification */
+- uint32_t ref_frame_idx0 : 3;
+- /** \brief Corresponds to ref_frame_sign_bias[LAST_FRAME]
+- * as the VP9 specification */
+- uint32_t ref_frame_sign_bias0 : 1;
+- /** \brief Corresponds to ref_frame_idx[1]
+- * as the VP9 specification */
+- uint32_t ref_frame_idx1 : 3;
+- /** \brief Corresponds to ref_frame_sign_bias[GOLDEN_FRAME]
+- * as the VP9 specification */
+- uint32_t ref_frame_sign_bias1 : 1;
+- /** \brief Corresponds to ref_frame_idx[2]
+- * as the VP9 specification */
+- uint32_t ref_frame_idx2 : 3;
+- /** \brief Corresponds to ref_frame_sign_bias[ALTREF_FRAME]
+- * as the VP9 specification */
+- uint32_t ref_frame_sign_bias2 : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t frame_parallel_decoding_mode : 1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint32_t render_and_frame_size_different : 1;
+- /** \brief Reserved for future use, must be zero */
+- uint32_t reserved : 1;
+- } bits;
+- uint32_t value;
+- } header_fields;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint16_t frame_width_minus1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint16_t frame_height_minus1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint16_t render_width_minus1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint16_t render_height_minus1;
+- /** \brief Same as the VP9 bitstream syntax element. */
+- uint8_t refresh_frame_flags;
+- /** \brief Parameters for super frame*/
+- /**@{*/
+- /** \brief Superframe index, from 0 to frames_in_superframe_minus_1.
+- * as the VP9 specification */
+- uint8_t sf_index;
+- /** \brief Superframe size, corresponds to frame_sizes[ sf_index ]
+- * as the VP9 specification */
+- uint32_t sf_frame_size;
+- /**@}*/
+- /** \brief Pointer to the next #VACencSliceParameterBufferVP9 element,
+- * or \c nullptr if there is none.*/
+- void* next;
+-
+- /** \brief Reserved bytes for future use, must be zero */
+- uint32_t va_reserved[VA_PADDING_MEDIUM];
+-} VACencSliceParameterBufferVP9;
+-
+ /** \brief Cenc Slice Buffer Type*/
+ typedef enum {
+ /** \brief Parsed slice parameters \c VACencSliceParameterBuffer* */
+--- a/tools/metrics/histograms/enums.xml
++++ b/tools/metrics/histograms/enums.xml
+@@ -76344,7 +76344,7 @@ Full version information for the fingerp
+ <int value="26" label="vaDestroyProtectedSession()"/>
+ <int value="27" label="vaAttachProtectedSession()"/>
+ <int value="28" label="vaDetachProtectedSession()"/>
+- <int value="29" label="vaProtectedSessionHwUpdate()"/>
++ <int value="29" label="vaProtectedSessionHwUpdate()
(deprecated)"/>
+ <int value="30" label="kVAProtectedSessionExecute()"/>
+ <int value="31" label="Other VA functions"/>
+ </enum>
diff --git a/chromium-89-vaapi-r851954.patch b/chromium-89-vaapi-r851954.patch
new file mode 100644
index 0000000..a744c77
--- /dev/null
+++ b/chromium-89-vaapi-r851954.patch
@@ -0,0 +1,59 @@
+From 533e4fcfb04c105446ef2c65691256ee03f378bb Mon Sep 17 00:00:00 2001
+From: Jeffrey Kardatzke <jkardatzke(a)google.com>
+Date: Mon, 8 Feb 2021 23:34:44 +0000
+Subject: [PATCH] vaapi: Fix other includes for libva update
+
+I missed a couple spots where I needed the legacy define so we don't
+have conflicting values in headers.
+
+BUG=b:174951211
+TEST=Builds w/ updated libva patch in ChromeOS chroot
+
+Change-Id: I092544aa3285f7ff764fdd6c402e36b129f60ce7
+Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2679258
+Commit-Queue: Jeffrey Kardatzke <jkardatzke(a)google.com>
+Commit-Queue: Andres Calderon Jaramillo <andrescj(a)chromium.org>
+Auto-Submit: Jeffrey Kardatzke <jkardatzke(a)google.com>
+Reviewed-by: Andres Calderon Jaramillo <andrescj(a)chromium.org>
+Cr-Commit-Position: refs/heads/master@{#851954}
+---
+ media/gpu/vaapi/va_surface.h | 7 +++++++
+ media/gpu/vaapi/vaapi_video_decoder.h | 7 +++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/media/gpu/vaapi/va_surface.h b/media/gpu/vaapi/va_surface.h
+index a6f4ac5ea2fac..d64814a8cba61 100644
+--- a/media/gpu/vaapi/va_surface.h
++++ b/media/gpu/vaapi/va_surface.h
+@@ -8,6 +8,13 @@
+ #ifndef MEDIA_GPU_VAAPI_VA_SURFACE_H_
+ #define MEDIA_GPU_VAAPI_VA_SURFACE_H_
+
++// TODO(jkardatzke): Remove this once the transition to the new upstream
++// protected content API is complete. This is used to bridge a transition
++// between the libva pull request we used, and what actually landed upstream.
++#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
++#define LEGACY_UPSTREAM_PROTECTED_LIBVA
++#endif
++
+ #include <va/va.h>
+
+ #include "base/callback.h"
+diff --git a/media/gpu/vaapi/vaapi_video_decoder.h
b/media/gpu/vaapi/vaapi_video_decoder.h
+index 7bddbc6a23bd7..c9301be5720c4 100644
+--- a/media/gpu/vaapi/vaapi_video_decoder.h
++++ b/media/gpu/vaapi/vaapi_video_decoder.h
+@@ -5,6 +5,13 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_H_
+
++// TODO(jkardatzke): Remove this once the transition to the new upstream
++// protected content API is complete. This is used to bridge a transition
++// between the libva pull request we used, and what actually landed upstream.
++#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
++#define LEGACY_UPSTREAM_PROTECTED_LIBVA
++#endif
++
+ #include <stdint.h>
+ #include <va/va.h>
+
diff --git a/chromium-89-vaapi-r854937.patch b/chromium-89-vaapi-r854937.patch
new file mode 100644
index 0000000..16a7495
--- /dev/null
+++ b/chromium-89-vaapi-r854937.patch
@@ -0,0 +1,712 @@
+From e0b362edd9b49143b89fc76c4a31dd5603b6fbd0 Mon Sep 17 00:00:00 2001
+From: Jeffrey Kardatzke <jkardatzke(a)google.com>
+Date: Wed, 17 Feb 2021 21:39:01 +0000
+Subject: [PATCH] vaapi: Remove libva protected content legacy compatibility
+
+This removes the compatibility layer with the downstream version of
+libva protected content that we had before. We are now aligned with the
+upstream APIs, so ChromeOS can update libva/iHD without breaking Chrome.
+
+BUG=b:174951211
+TEST=Protected content playback works on volteer
+
+Change-Id: If6f39d085209087de7b73c5d26c8f85548c07f6a
+Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2699067
+Reviewed-by: Jeffrey Kardatzke <jkardatzke(a)google.com>
+Reviewed-by: J Kardatzke <jkardatzke(a)chromium.org>
+Reviewed-by: Andres Calderon Jaramillo <andrescj(a)chromium.org>
+Commit-Queue: J Kardatzke <jkardatzke(a)chromium.org>
+Cr-Commit-Position: refs/heads/master@{#854937}
+---
+ .../h264_vaapi_video_decoder_delegate.cc | 21 ++-
+ .../vaapi/h264_vaapi_video_decoder_delegate.h | 3 +
+ .../h265_vaapi_video_decoder_delegate.cc | 12 +-
+ .../vaapi/h265_vaapi_video_decoder_delegate.h | 10 +-
+ media/gpu/vaapi/va_surface.h | 7 -
+ media/gpu/vaapi/vaapi_utils.cc | 8 +-
+ media/gpu/vaapi/vaapi_utils.h | 7 -
+ media/gpu/vaapi/vaapi_video_decoder.h | 7 -
+ .../gpu/vaapi/vaapi_video_decoder_delegate.cc | 10 +-
+ .../gpu/vaapi/vaapi_video_decoder_delegate.h | 13 +-
+ media/gpu/vaapi/vaapi_wrapper.cc | 2 +
+ media/gpu/vaapi/vaapi_wrapper.h | 7 -
+ .../vaapi/vp9_vaapi_video_decoder_delegate.cc | 9 +-
+ .../va_protected_content.h | 149 ------------------
+ 14 files changed, 55 insertions(+), 210 deletions(-)
+
+diff --git a/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.cc
b/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.cc
+index ff397d92dc3d4..7940887de44ae 100644
+--- a/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.cc
++++ b/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.cc
+@@ -4,13 +4,6 @@
+
+ #include "media/gpu/vaapi/h264_vaapi_video_decoder_delegate.h"
+
+-// TODO(jkardatzke): Remove this once the transition to the new upstream
+-// protected content API is complete. This is used to bridge a transition
+-// between the libva pull request we used, and what actually landed upstream.
+-#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#define LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#endif
+-
+ #include <va/va.h>
+
+ #include "base/memory/aligned_memory.h"
+@@ -103,7 +96,9 @@ DecodeStatus H264VaapiVideoDecoderDelegate::SubmitFrameMetadata(
+ "H264VaapiVideoDecoderDelegate::SubmitFrameMetadata");
+ VAPictureParameterBufferH264 pic_param;
+ memset(&pic_param, 0, sizeof(pic_param));
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ memset(&crypto_params_, 0, sizeof(crypto_params_));
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ full_sample_ = false;
+
+ #define FROM_SPS_TO_PP(a) pic_param.a = sps->a
+@@ -224,6 +219,7 @@ DecodeStatus
H264VaapiVideoDecoderDelegate::ParseEncryptedSliceHeader(
+ // extract the slice header parameters of interest and return them to the
+ // caller.
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ VAEncryptionParameters crypto_params = {};
+ // Don't use the VAEncryptionSegmentInfo vector in the class since we do not
+ // need to hold this data across calls.
+@@ -357,6 +353,9 @@ DecodeStatus
H264VaapiVideoDecoderDelegate::ParseEncryptedSliceHeader(
+ slice_header_out->full_sample_index =
+ status_buf->status_report_index_feedback;
+ return DecodeStatus::kOk;
++#else // BUILDFLAG(IS_CHROMEOS_ASH)
++ return DecodeStatus::kFail;
++#endif
+ }
+
+ DecodeStatus H264VaapiVideoDecoderDelegate::SubmitSlice(
+@@ -384,6 +383,7 @@ DecodeStatus H264VaapiVideoDecoderDelegate::SubmitSlice(
+ : DecodeStatus::kFail;
+ }
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (IsEncryptedSession()) {
+ const ProtectedSessionState state = SetupDecryptDecode(
+ /*full_sample=*/false, size, &crypto_params_,
&encryption_segment_info_,
+@@ -396,6 +396,7 @@ DecodeStatus H264VaapiVideoDecoderDelegate::SubmitSlice(
+ return DecodeStatus::kTryAgain;
+ }
+ }
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ VASliceParameterBufferH264 slice_param;
+ memset(&slice_param, 0, sizeof(slice_param));
+
+@@ -496,11 +497,13 @@ DecodeStatus H264VaapiVideoDecoderDelegate::SubmitDecode(
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ TRACE_EVENT0("media,gpu",
"H264VaapiVideoDecoderDelegate::SubmitDecode");
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (IsEncryptedSession() && !full_sample_ &&
+ !vaapi_wrapper_->SubmitBuffer(VAEncryptionParameterBufferType,
+ sizeof(crypto_params_), &crypto_params_)) {
+ return DecodeStatus::kFail;
+ }
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ const VaapiH264Picture* vaapi_pic = pic->AsVaapiH264Picture();
+ CHECK(gfx::Rect(vaapi_pic->GetDecodeSize()).Contains(pic->visible_rect()));
+ VAProcPipelineParameterBuffer proc_buffer;
+@@ -516,7 +519,9 @@ DecodeStatus H264VaapiVideoDecoderDelegate::SubmitDecode(
+
+ const bool success = vaapi_wrapper_->ExecuteAndDestroyPendingBuffers(
+ vaapi_pic->GetVADecodeSurfaceID());
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ encryption_segment_info_.clear();
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ if (!success && NeedsProtectedSessionRecovery())
+ return DecodeStatus::kTryAgain;
+
+@@ -540,7 +545,9 @@ bool H264VaapiVideoDecoderDelegate::OutputPicture(
+
+ void H264VaapiVideoDecoderDelegate::Reset() {
+ DETACH_FROM_SEQUENCE(sequence_checker_);
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ encryption_segment_info_.clear();
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ vaapi_wrapper_->DestroyPendingBuffers();
+ }
+
+diff --git a/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.h
b/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.h
+index 9219c7e586eb2..fbe823e4b0242 100644
+--- a/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.h
++++ b/media/gpu/vaapi/h264_vaapi_video_decoder_delegate.h
+@@ -8,6 +8,7 @@
+ #include "base/atomic_sequence_num.h"
+ #include "base/memory/scoped_refptr.h"
+ #include "base/sequence_checker.h"
++#include "build/chromeos_buildflags.h"
+ #include "media/gpu/h264_decoder.h"
+ #include "media/gpu/vaapi/vaapi_video_decoder_delegate.h"
+ #include "media/video/h264_parser.h"
+@@ -68,6 +69,7 @@ class H264VaapiVideoDecoderDelegate : public
H264Decoder::H264Accelerator,
+ VAPictureH264* va_pics,
+ int num_pics);
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ // We need to hold onto this memory here because it's referenced by the
+ // mapped buffer in libva across calls. It is filled in SubmitSlice() and
+ // stays alive until SubmitDecode() or Reset().
+@@ -76,6 +78,7 @@ class H264VaapiVideoDecoderDelegate : public
H264Decoder::H264Accelerator,
+ // We need to retain this for the multi-slice case since that will aggregate
+ // the encryption details across all the slices.
+ VAEncryptionParameters crypto_params_;
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ // We need to set this so we don't resubmit crypto params on decode.
+ bool full_sample_;
+diff --git a/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.cc
b/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.cc
+index 9efb5d30f41d5..eef9044281f3f 100644
+--- a/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.cc
++++ b/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.cc
+@@ -79,7 +79,9 @@ DecodeStatus H265VaapiVideoDecoderDelegate::SubmitFrameMetadata(
+
+ VAPictureParameterBufferHEVC pic_param;
+ memset(&pic_param, 0, sizeof(pic_param));
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ memset(&crypto_params_, 0, sizeof(crypto_params_));
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ int highest_tid = sps->sps_max_sub_layers_minus1;
+ #define FROM_SPS_TO_PP(a) pic_param.a = sps->a
+@@ -304,6 +306,7 @@ DecodeStatus H265VaapiVideoDecoderDelegate::SubmitSlice(
+ return DecodeStatus::kFail;
+ }
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (IsEncryptedSession()) {
+ const ProtectedSessionState state =
+ SetupDecryptDecode(/*full_sample=*/false, size, &crypto_params_,
+@@ -316,6 +319,7 @@ DecodeStatus H265VaapiVideoDecoderDelegate::SubmitSlice(
+ return DecodeStatus::kTryAgain;
+ }
+ }
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ memset(&slice_param_, 0, sizeof(slice_param_));
+
+ slice_param_.slice_data_size = slice_hdr->nalu_size;
+@@ -438,7 +442,7 @@ DecodeStatus H265VaapiVideoDecoderDelegate::SubmitSlice(
+ #if BUILDFLAG(IS_CHROMEOS_ASH)
+ slice_param_.slice_data_num_emu_prevn_bytes =
+ slice_hdr->header_emulation_prevention_bytes;
+-#endif
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ last_slice_data_ = data;
+ last_slice_size_ = size;
+@@ -454,11 +458,13 @@ DecodeStatus H265VaapiVideoDecoderDelegate::SubmitDecode(
+ return DecodeStatus::kFail;
+ }
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (IsEncryptedSession() &&
+ !vaapi_wrapper_->SubmitBuffer(VAEncryptionParameterBufferType,
+ sizeof(crypto_params_), &crypto_params_)) {
+ return DecodeStatus::kFail;
+ }
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ const VaapiH265Picture* vaapi_pic = pic->AsVaapiH265Picture();
+ CHECK(gfx::Rect(vaapi_pic->GetDecodeSize()).Contains(pic->visible_rect()));
+@@ -476,7 +482,9 @@ DecodeStatus H265VaapiVideoDecoderDelegate::SubmitDecode(
+ const bool success = vaapi_wrapper_->ExecuteAndDestroyPendingBuffers(
+ vaapi_pic->GetVADecodeSurfaceID());
+ ref_pic_list_pocs_.clear();
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ encryption_segment_info_.clear();
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ if (!success && NeedsProtectedSessionRecovery())
+ return DecodeStatus::kTryAgain;
+
+@@ -503,7 +511,9 @@ void H265VaapiVideoDecoderDelegate::Reset() {
+ DETACH_FROM_SEQUENCE(sequence_checker_);
+ vaapi_wrapper_->DestroyPendingBuffers();
+ ref_pic_list_pocs_.clear();
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ encryption_segment_info_.clear();
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ last_slice_data_ = nullptr;
+ }
+
+diff --git a/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.h
b/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.h
+index 986c2b530076e..f02871a1b2200 100644
+--- a/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.h
++++ b/media/gpu/vaapi/h265_vaapi_video_decoder_delegate.h
+@@ -5,16 +5,10 @@
+ #ifndef MEDIA_GPU_VAAPI_H265_VAAPI_VIDEO_DECODER_DELEGATE_H_
+ #define MEDIA_GPU_VAAPI_H265_VAAPI_VIDEO_DECODER_DELEGATE_H_
+
+-// TODO(jkardatzke): Remove this once the transition to the new upstream
+-// protected content API is complete. This is used to bridge a transition
+-// between the libva pull request we used, and what actually landed upstream.
+-#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#define LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#endif
+-
+ #include <va/va.h>
+
+ #include "base/memory/scoped_refptr.h"
++#include "build/chromeos_buildflags.h"
+ #include "media/gpu/h265_decoder.h"
+ #include "media/gpu/h265_dpb.h"
+ #include "media/gpu/vaapi/vaapi_video_decoder_delegate.h"
+@@ -95,6 +89,7 @@ class H265VaapiVideoDecoderDelegate : public
H265Decoder::H265Accelerator,
+ const uint8_t* last_slice_data_{nullptr};
+ size_t last_slice_size_{0};
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ // We need to hold onto this memory here because it's referenced by the
+ // mapped buffer in libva across calls. It is filled in SubmitSlice() and
+ // stays alive until SubmitDecode() or Reset().
+@@ -103,6 +98,7 @@ class H265VaapiVideoDecoderDelegate : public
H265Decoder::H265Accelerator,
+ // We need to retain this for the multi-slice case since that will aggregate
+ // the encryption details across all the slices.
+ VAEncryptionParameters crypto_params_;
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ };
+
+ } // namespace media
+diff --git a/media/gpu/vaapi/va_surface.h b/media/gpu/vaapi/va_surface.h
+index d64814a8cba61..a6f4ac5ea2fac 100644
+--- a/media/gpu/vaapi/va_surface.h
++++ b/media/gpu/vaapi/va_surface.h
+@@ -8,13 +8,6 @@
+ #ifndef MEDIA_GPU_VAAPI_VA_SURFACE_H_
+ #define MEDIA_GPU_VAAPI_VA_SURFACE_H_
+
+-// TODO(jkardatzke): Remove this once the transition to the new upstream
+-// protected content API is complete. This is used to bridge a transition
+-// between the libva pull request we used, and what actually landed upstream.
+-#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#define LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#endif
+-
+ #include <va/va.h>
+
+ #include "base/callback.h"
+diff --git a/media/gpu/vaapi/vaapi_utils.cc b/media/gpu/vaapi/vaapi_utils.cc
+index 876c14498aed1..7d2437069d8b0 100644
+--- a/media/gpu/vaapi/vaapi_utils.cc
++++ b/media/gpu/vaapi/vaapi_utils.cc
+@@ -11,6 +11,7 @@
+ #include "base/memory/ptr_util.h"
+ #include "base/numerics/ranges.h"
+ #include "base/synchronization/lock.h"
++#include "build/chromeos_buildflags.h"
+ #include "media/gpu/vaapi/vaapi_common.h"
+ #include "media/gpu/vaapi/vaapi_wrapper.h"
+ #include "media/gpu/vp8_picture.h"
+@@ -350,7 +351,12 @@ void FillVP8DataStructures(const Vp8FrameHeader& frame_header,
+ }
+
+ bool IsValidVABufferType(VABufferType type) {
+- return type < VABufferTypeMax || type == VAEncryptionParameterBufferType ||
++ return type < VABufferTypeMax ||
++#if BUILDFLAG(IS_CHROMEOS_ASH)
++ // TODO(jkardatzke): Remove this once we update to libva 2.0.10 in
++ // ChromeOS.
++ type == VAEncryptionParameterBufferType ||
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ type == VACencStatusParameterBufferType;
+ }
+
+diff --git a/media/gpu/vaapi/vaapi_utils.h b/media/gpu/vaapi/vaapi_utils.h
+index fd42ad2a148e3..9bcee23ce96d1 100644
+--- a/media/gpu/vaapi/vaapi_utils.h
++++ b/media/gpu/vaapi/vaapi_utils.h
+@@ -5,13 +5,6 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_UTILS_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_UTILS_H_
+
+-// TODO(jkardatzke): Remove this once the transition to the new upstream
+-// protected content API is complete. This is used to bridge a transition
+-// between the libva pull request we used, and what actually landed upstream.
+-#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#define LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#endif
+-
+ #include <va/va.h>
+
+ #include "base/callback_forward.h"
+diff --git a/media/gpu/vaapi/vaapi_video_decoder.h
b/media/gpu/vaapi/vaapi_video_decoder.h
+index c9301be5720c4..7bddbc6a23bd7 100644
+--- a/media/gpu/vaapi/vaapi_video_decoder.h
++++ b/media/gpu/vaapi/vaapi_video_decoder.h
+@@ -5,13 +5,6 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_H_
+
+-// TODO(jkardatzke): Remove this once the transition to the new upstream
+-// protected content API is complete. This is used to bridge a transition
+-// between the libva pull request we used, and what actually landed upstream.
+-#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#define LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#endif
+-
+ #include <stdint.h>
+ #include <va/va.h>
+
+diff --git a/media/gpu/vaapi/vaapi_video_decoder_delegate.cc
b/media/gpu/vaapi/vaapi_video_decoder_delegate.cc
+index 0e0e512b21dea..1c708b58cbfff 100644
+--- a/media/gpu/vaapi/vaapi_video_decoder_delegate.cc
++++ b/media/gpu/vaapi/vaapi_video_decoder_delegate.cc
+@@ -25,7 +25,7 @@ namespace {
+ constexpr base::TimeDelta kKeyRetrievalMaxPeriod =
+ base::TimeDelta::FromMinutes(1);
+ } // namespace
+-#endif
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ namespace media {
+
+@@ -49,7 +49,7 @@ VaapiVideoDecoderDelegate::VaapiVideoDecoderDelegate(
+ #if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (cdm_context)
+ chromeos_cdm_context_ = cdm_context->GetChromeOsCdmContext();
+-#endif
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ memset(&src_region_, 0, sizeof(src_region_));
+ memset(&dst_region_, 0, sizeof(dst_region_));
+ }
+@@ -101,6 +101,7 @@ bool VaapiVideoDecoderDelegate::SetDecryptConfig(
+ return true;
+ }
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ VaapiVideoDecoderDelegate::ProtectedSessionState
+ VaapiVideoDecoderDelegate::SetupDecryptDecode(
+ bool full_sample,
+@@ -109,7 +110,6 @@ VaapiVideoDecoderDelegate::SetupDecryptDecode(
+ std::vector<VAEncryptionSegmentInfo>* segments,
+ const std::vector<SubsampleEntry>& subsamples) {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+-#if BUILDFLAG(IS_CHROMEOS_ASH)
+ DCHECK(crypto_params);
+ DCHECK(segments);
+ if (protected_session_state_ == ProtectedSessionState::kInProcess ||
+@@ -233,11 +233,9 @@ VaapiVideoDecoderDelegate::SetupDecryptDecode(
+ DecryptConfig::kDecryptionKeySize);
+ crypto_params->key_blob_size = DecryptConfig::kDecryptionKeySize;
+ crypto_params->segment_info = &segments->front();
+-#else // if BUILDFLAG(IS_CHROMEOS_ASH)
+- protected_session_state_ = ProtectedSessionState::kFailed;
+-#endif
+ return protected_session_state_;
+ }
++#endif // if BUILDFLAG(IS_CHROMEOS_ASH)
+
+ bool VaapiVideoDecoderDelegate::NeedsProtectedSessionRecovery() {
+ if (!IsEncryptedSession() || !vaapi_wrapper_->IsProtectedSessionDead() ||
+diff --git a/media/gpu/vaapi/vaapi_video_decoder_delegate.h
b/media/gpu/vaapi/vaapi_video_decoder_delegate.h
+index aeb48a75bd2c9..9d46000ba9d42 100644
+--- a/media/gpu/vaapi/vaapi_video_decoder_delegate.h
++++ b/media/gpu/vaapi/vaapi_video_decoder_delegate.h
+@@ -5,13 +5,6 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_DELEGATE_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_VIDEO_DECODER_DELEGATE_H_
+
+-// TODO(jkardatzke): Remove this once the transition to the new upstream
+-// protected content API is complete. This is used to bridge a transition
+-// between the libva pull request we used, and what actually landed upstream.
+-#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#define LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#endif
+-
+ #include <map>
+ #include <memory>
+ #include <string>
+@@ -32,7 +25,7 @@
+
+ #if BUILDFLAG(IS_CHROMEOS_ASH)
+ #include "chromeos/components/cdm_factory_daemon/chromeos_cdm_context.h"
+-#endif
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ namespace media {
+
+@@ -99,12 +92,14 @@ class VaapiVideoDecoderDelegate {
+ // |subsamples| is for the current slice. |size| is the size of the slice
+ // data. This should be called if IsEncrypted() is true even if the current
+ // data is not encrypted (i.e. |subsamples| is empty).
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ ProtectedSessionState SetupDecryptDecode(
+ bool full_sample,
+ size_t size,
+ VAEncryptionParameters* crypto_params,
+ std::vector<VAEncryptionSegmentInfo>* segments,
+ const std::vector<SubsampleEntry>& subsamples);
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ // Returns true if we are handling encrypted content, in which case
+ // SetupDecryptDecode() should be called for every slice.
+@@ -149,7 +144,7 @@ class VaapiVideoDecoderDelegate {
+ ProtectedSessionUpdateCB on_protected_session_update_cb_;
+ #if BUILDFLAG(IS_CHROMEOS_ASH)
+ chromeos::ChromeOsCdmContext* chromeos_cdm_context_{nullptr}; // Not owned.
+-#endif
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+ EncryptionScheme encryption_scheme_;
+ ProtectedSessionState protected_session_state_;
+ std::unique_ptr<DecryptConfig> decrypt_config_;
+diff --git a/media/gpu/vaapi/vaapi_wrapper.cc b/media/gpu/vaapi/vaapi_wrapper.cc
+index 2a1eea0298b67..5cac28746eb19 100644
+--- a/media/gpu/vaapi/vaapi_wrapper.cc
++++ b/media/gpu/vaapi/vaapi_wrapper.cc
+@@ -2796,6 +2796,7 @@ bool VaapiWrapper::Initialize(CodecMode mode,
+ return false;
+ }
+
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (encryption_scheme != EncryptionScheme::kUnencrypted) {
+ DCHECK(!required_attribs.empty());
+ // We need to adjust the attribute for encryption scheme.
+@@ -2807,6 +2808,7 @@ bool VaapiWrapper::Initialize(CodecMode mode,
+ }
+ }
+ }
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ const VAStatus va_res =
+ vaCreateConfig(va_display_, va_profile, entrypoint,
+diff --git a/media/gpu/vaapi/vaapi_wrapper.h b/media/gpu/vaapi/vaapi_wrapper.h
+index f58723a0e852e..29b6864998240 100644
+--- a/media/gpu/vaapi/vaapi_wrapper.h
++++ b/media/gpu/vaapi/vaapi_wrapper.h
+@@ -10,13 +10,6 @@
+ #ifndef MEDIA_GPU_VAAPI_VAAPI_WRAPPER_H_
+ #define MEDIA_GPU_VAAPI_VAAPI_WRAPPER_H_
+
+-// TODO(jkardatzke): Remove this once the transition to the new upstream
+-// protected content API is complete. This is used to bridge a transition
+-// between the libva pull request we used, and what actually landed upstream.
+-#ifndef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#define LEGACY_UPSTREAM_PROTECTED_LIBVA
+-#endif
+-
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <va/va.h>
+diff --git a/media/gpu/vaapi/vp9_vaapi_video_decoder_delegate.cc
b/media/gpu/vaapi/vp9_vaapi_video_decoder_delegate.cc
+index 27f26002967cd..34ac822cdeb7a 100644
+--- a/media/gpu/vaapi/vp9_vaapi_video_decoder_delegate.cc
++++ b/media/gpu/vaapi/vp9_vaapi_video_decoder_delegate.cc
+@@ -8,6 +8,7 @@
+
+ #include "base/stl_util.h"
+ #include "base/trace_event/trace_event.h"
++#include "build/chromeos_buildflags.h"
+ #include "media/gpu/decode_surface_handler.h"
+ #include "media/gpu/macros.h"
+ #include "media/gpu/vaapi/va_surface.h"
+@@ -91,12 +92,13 @@ DecodeStatus VP9VaapiVideoDecoderDelegate::SubmitDecode(
+ if (!encoded_data)
+ return DecodeStatus::kFail;
+
+- bool uses_crypto = false;
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ const DecryptConfig* decrypt_config = pic->decrypt_config();
+- std::vector<VAEncryptionSegmentInfo> encryption_segment_info;
+ if (decrypt_config && !SetDecryptConfig(decrypt_config->Clone()))
+ return DecodeStatus::kFail;
+
++ bool uses_crypto = false;
++ std::vector<VAEncryptionSegmentInfo> encryption_segment_info;
+ VAEncryptionParameters crypto_param{};
+ if (IsEncryptedSession()) {
+ const ProtectedSessionState state = SetupDecryptDecode(
+@@ -120,6 +122,7 @@ DecodeStatus VP9VaapiVideoDecoderDelegate::SubmitDecode(
+ return DecodeStatus::kFail;
+ }
+ }
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ pic_param.frame_width =
base::checked_cast<uint16_t>(frame_hdr->frame_width);
+ pic_param.frame_height =
+@@ -215,11 +218,13 @@ DecodeStatus VP9VaapiVideoDecoderDelegate::SubmitDecode(
+ {slice_params_->type(), slice_params_->size(), &slice_param}},
+ {encoded_data->id(),
+ {encoded_data->type(), frame_hdr->frame_size, frame_hdr->data}}};
++#if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (uses_crypto) {
+ buffers.push_back(
+ {crypto_params_->id(),
+ {crypto_params_->type(), crypto_params_->size(), &crypto_param}});
+ }
++#endif // BUILDFLAG(IS_CHROMEOS_ASH)
+
+ const VaapiVP9Picture* vaapi_pic = pic->AsVaapiVP9Picture();
+ VAProcPipelineParameterBuffer proc_buffer;
+diff --git a/third_party/libva_protected_content/va_protected_content.h
b/third_party/libva_protected_content/va_protected_content.h
+index c14a77da41389..845e1afde8282 100644
+--- a/third_party/libva_protected_content/va_protected_content.h
++++ b/third_party/libva_protected_content/va_protected_content.h
+@@ -46,98 +46,10 @@ extern "C" {
+ * @{
+ */
+
+-#ifdef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-/**
+- *
+- * A protected content function for processing cipher protected content.
+- *
+- **/
+-#define VAEntrypointProtectedContent ((VAEntrypoint)0x1000)
+-
+-/**
+- * \brief Cipher algorithm of the protected session.
+- *
+- * This attribute specifies the cipher algorithm of the protected session. It
+- * could be AES, etc.... It depends on IHV's implementation.
+- */
+-#define VAConfigAttribProtectedContentCipherAlgorithm \
+- ((VAConfigAttribType)0x10003)
+-/**
+- * \brief Cipher block size of the protected session.
+- *
+- * This attribute specifies the block size of the protected session. It could be
+- * 128, 192, or 256. It depends on IHV's implementation.
+- */
+-#define VAConfigAttribProtectedContentCipherBlockSize \
+- ((VAConfigAttribType)0x10004)
+-/**
+- * \brief Cipher mode of the protected session.
+- *
+- * This attribute specifies the cipher mode of the protected session. It could
+- * be CBC, CTR, etc... It depends on IHV's implementation.
+- */
+-#define VAConfigAttribProtectedContentCipherMode ((VAConfigAttribType)0x10005)
+-/**
+- * \brief Decryption sample type of the protected session.
+- *
+- * This attribute specifies the decryption sample type of the protected session.
+- * It could be fullsample or subsample. It depends on IHV's implementation.
+- */
+-#define VAConfigAttribProtectedContentCipherSampleType \
+- ((VAConfigAttribType)0x10006)
+-
+-/**
+- * \brief Special usage attribute of the protected session.
+- *
+- * The attribute specifies the flow for the protected session could be used. For
+- * example, it could be Widevine usages or something else. It dpends on IHV's
+- * implementation.
+- */
+-#define VAConfigAttribProtectedContentUsage ((VAConfigAttribType)0x10007)
+-
+-/** \brief Encryption parameters buffer for content protection usage */
+-#define VAEncryptionParameterBufferType ((VABufferType)0x20001)
+-
+-#endif // LEGACY_UPSTREAM_PROTECTED_LIBVA
+-
+ /**\brief CENC status paramter, used for vendor content protection only.
+ * The buffer corresponds to #VACencStatusParameters for va/cp*/
+ #define VACencStatusParameterBufferType ((VABufferType)0x20002)
+
+-#ifdef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-/** attribute values for VAConfigAttribEncryption */
+-#define VA_ENCRYPTION_TYPE_NONE 0x00000000
+-#define VA_ENCRYPTION_TYPE_FULLSAMPLE_CBC 0x00000002
+-#define VA_ENCRYPTION_TYPE_FULLSAMPLE_CTR 0x00000008
+-#define VA_ENCRYPTION_TYPE_SUBSAMPLE_CTR 0x00000010
+-#define VA_ENCRYPTION_TYPE_SUBSAMPLE_CBC 0x00000020
+-
+-/** attribute values for VAConfigAttribContentProtectionSessionMode */
+-#define VA_PC_SESSION_MODE_NONE 0x00000000
+-
+-/** attribute values for VAConfigAttribContentProtectionSessionType */
+-#define VA_PC_SESSION_TYPE_NONE 0x00000000
+-
+-/** attribute values for VAConfigAttribContentProtectionCipherAlgorithm */
+-#define VA_PC_CIPHER_AES 0x00000001
+-
+-/** attribute values for VAConfigAttribContentProtectionCipherBlockSize */
+-#define VA_PC_BLOCK_SIZE_128 0x00000001
+-#define VA_PC_BLOCK_SIZE_256 0x00000004
+-
+-/** attribute values for VAConfigAttribContentProtectionCipherMode */
+-#define VA_PC_CIPHER_MODE_CBC 0x00000002
+-#define VA_PC_CIPHER_MODE_CTR 0x00000004
+-
+-/** attribute values for VAConfigAttribContentProtectionUsage */
+-#define VA_PC_USAGE_DEFAULT 0x00000000
+-
+-/** attribute values for VAConfigAttribContentProtectionCipherSampleType */
+-#define VA_PC_SAMPLE_TYPE_FULLSAMPLE 0x00000001
+-#define VA_PC_SAMPLE_TYPE_SUBSAMPLE 0x00000002
+-
+-#endif // LEGACY_UPSTREAM_PROTECTED_LIBVA
+-
+ /** \brief TeeExec Function Codes. */
+ #define VA_TEE_EXEC_TEE_FUNCID_HW_UPDATE 0x40000002
+ #define VA_TEE_EXEC_TEE_FUNCID_IS_SESSION_ALIVE 0x40000103
+@@ -156,67 +68,6 @@ typedef enum {
+ VA_ENCRYPTION_STATUS_UNSUPPORT
+ } VAEncryptionStatus;
+
+-#ifdef LEGACY_UPSTREAM_PROTECTED_LIBVA
+-/** \brief structure for encrypted segment info. */
+-typedef struct _VAEncryptionSegmentInfo {
+- /** \brief The offset relative to the start of the bitstream input in
+- * bytes of the start of the segment*/
+- uint32_t segment_start_offset;
+- /** \brief The length of the segments in bytes*/
+- uint32_t segment_length;
+- /** \brief The length in bytes of the remainder of an incomplete block
+- * from a previous segment*/
+- uint32_t partial_aes_block_size;
+- /** \brief The length in bytes of the initial clear data */
+- uint32_t init_byte_length;
+- /** \brief This will be AES 128 counter for secure decode and secure
+- * encode when numSegments equals 1 */
+- uint8_t aes_cbc_iv_or_ctr[16];
+- /** \brief Reserved bytes for future use, must be zero */
+- uint32_t va_reserved[VA_PADDING_MEDIUM];
+-} VAEncryptionSegmentInfo;
+-
+-/** \brief encryption parameters, corresponding to
+- * #VAEncryptionParameterBufferType*/
+-typedef struct _VAEncryptionParameters {
+- /** \brief Encryption type, attribute values. */
+- uint32_t encryption_type;
+- /** \brief The number of sengments */
+- uint32_t num_segments;
+- /** \brief Pointer of segments */
+- VAEncryptionSegmentInfo* segment_info;
+- /** \brief The status report index for CENC workload.
+- * The value is to indicate CENC workload and needs to be
+- * different for each CENC workload */
+- uint32_t status_report_index;
+- /** \brief CENC counter length */
+- uint32_t size_of_length;
+- /** \brief Wrapped decrypt blob (Snd)kb */
+- uint8_t wrapped_decrypt_blob[16];
+- /** \brief Wrapped Key blob info (Sne)kb */
+- uint8_t wrapped_encrypt_blob[16];
+- /** \brief Indicates the number of 16-byte BLOCKS that are encrypted in any
+- * given encrypted region of segments.
+- * If this value is zero:
+- * 1. All bytes in encrypted region of segments are encrypted, i.e. the
+- * CENC or CBC1 scheme is being used
+- * 2. blocks_stripe_clear must also be zero.
+- * If this value is non-zero, blocks_stripe_clear must also be non-zero. */
+- uint32_t blocks_stripe_encrypted;
+- /** \brief Indicates the number of 16-byte BLOCKS that are clear in any given
+- * encrypted region of segments, as defined by the CENS and CBCS schemes in
+- * the common encryption spec.
+- * If this value is zero, all bytes in encrypted region of segments are
+- * encrypted, i.e. the CENC or CBC1 scheme is being used.
+- */
+- uint32_t blocks_stripe_clear;
+- /* Forwards compatibility */
+- uint32_t key_blob_size;
+- /** \brief Reserved bytes for future use, must be zero */
+- uint32_t va_reserved[VA_PADDING_MEDIUM - sizeof(uint32_t)];
+-} VAEncryptionParameters;
+-#endif // LEGACY_UPSTREAM_PROTECTED_LIBVA
+-
+ /** \brief cenc status parameters, corresponding to
+ * #VACencStatusParameterBufferType*/
+ typedef struct _VACencStatusParameters {
diff --git a/chromium-freeworld.spec b/chromium-freeworld.spec
index ee8143a..35e914c 100644
--- a/chromium-freeworld.spec
+++ b/chromium-freeworld.spec
@@ -144,15 +144,20 @@ Recommends: libva-utils
# This build should be only available to amd64
ExclusiveArch: x86_64
+# Google patches:
+Patch1101: chromium-89-vaapi-r850949.patch
+Patch1102: chromium-89-vaapi-r851954.patch
+Patch1103: chromium-89-vaapi-r854937.patch
+
# Gentoo patches:
Patch200: chromium-89-webcodecs-deps.patch
+Patch201: chromium-89-EnumTable-crash.patch
# Fedora patches:
Patch300: chromium-py2-bootstrap.patch
Patch301: chromium-fstatfix.patch
Patch302: chromium-gcc11.patch
-# Manually applied patches:
-Patch701: chromium-rawhide-gcc-std-max-fix.patch
+Patch1303: chromium-rawhide-gcc-std-max-fix.patch
# RPM Fusion patches [free/chromium-freeworld]:
Patch400: chromium-hw-accel-mjpeg.patch
@@ -161,8 +166,7 @@ Patch402: chromium-enable-widevine.patch
Patch403: chromium-manpage.patch
Patch404: chromium-md5-based-build-id.patch
Patch405: chromium-names.patch
-# Manually applied patches:
-Patch700: chromium-rpm-fusion-brand.patch
+Patch1406: chromium-rpm-fusion-brand.patch
%description
%{name} is an open-source web browser, powered by WebKit (Blink)
@@ -185,16 +189,22 @@ Patch700: chromium-rpm-fusion-brand.patch
%patchset_apply chromium-89-quiche-private.patch
%patchset_apply chromium-89-skia-CropRect.patch
-# Apply patches up to #600 from this spec.
-%autopatch -M600 -p1
+# Apply patches up to #1000 from this spec.
+%autopatch -M1000 -p1
# Manually apply patches that need an ifdef
-%if %{freeworld}
-%patch700 -p1
+%if 0%{?fedora} >= 34
+%patch1101 -p1
+%patch1102 -p1
+%patch1103 -p1
%endif
%if 0%{?fedora} >= 35
-%patch701 -p1
+%patch1303 -p1
+%endif
+
+%if %{freeworld}
+%patch1406 -p1
%endif
#Let's change the default shebang of python files.