I would think so (the repo suggests this is a Lenovo TB-X505X key, I'd imagine they're at least per-product). I could certainly be be wrong about L1 keys being burned-in, that was just my understanding of it (vendor docs say things like "Hardware DRM", but maybe I'm jumping to conclusions from marketing speak)

The Widevine spec doesn't say either, it just says that all processing is within the Trusted Execution Environment, so I suppose the keys could be loaded/updated in firmware. I'm looking for more docs now...

Edit: looks like I was wrong and they can be changed with firmware updates: http://bits-please.blogspot.com/2016/04/exploring-qualcomms-...

TEE is an environment with hardware backed attestation, you run a piece of software in the "black box" to do things like key generation etc.

My educated guess, having used TEE/TrustZone for keys is that they could update the payload (the "Trusted Executable") with a new one to resolve the issue.

You should be able to ask Lenovo for a refund if you've bought the device with this feature in mind and if Lenovo advertised the ability to watch 4K on your preferred streaming service.

If the device just happens to support 4k, you may be out of luck. You could try sueing the parties that are supposed to deliver the 4k content and have revoked the key, but I doubt you'll get much out of them.

If you rely on DRM, the media industry has all the keys. You're left to their whims when it comes to content consumption, and there's very little you can do.

Yes and yes. Lenovo probably doesn’t give a shit, though. But you can ask!

Depends on the country. Some do have some liability on manufacturers and/or vendors for defects. Unsure if an asterisk in their click through contract about key revocation would even matter.