EME alone does not stop you from recording content - it is not the point of EME. EME simply provides a unified way of communicating with the proprietary component of the DRM browser (the so-called content decryption module - otherwise CDM). This interface allows you to:
- Check which decryption keys are loaded in CDM
- Create a specific CDM request for decryption keys for the license server
- Click the response from the license server to retrieve new decryption keys in CDM
- Check what restrictions are associated with decryption keys (e.g. HDCP requirement)
All decryption is performed internally - now the value of the internal value very much depends on what content you play and on which platform.
From the point of view of commercial content, there is usually a different value of content for permission:
- SD is usually SW DRM and there can be no output protection at all
- HD / FHD - usually SW DRM and HDCP 1.x + excellent - no analog output
- UHD (4k) - HW DRM (includes Secure Processor and Secure Video Path), HDCP 2.2+ is required (if Netflix does not reduce protection for native content)
Currently, only very few desktop PCs provide UHD content security. HW security requires a combination of OS and CPU (you should get this in Edge on Windows 10 with the latest generation processors). This contrasts with ARM, where it has been standard for many years (and, as a rule, this allowed 4k streaming on TVs).
During consumption, there is also a different meaning of the content:
- Encrypted compressed content - no value. This content is publicly available on the CDN, and this is what you download when you submit it. Without a decryption key, the contents are useless.
- Decrypted compressed content is high. This is encoded video or audio samples after decryption. This content is considered high because it has the original encoding from the streaming service. It is also of great importance because coding makes it relatively small. When HW DRM is involved, this content is never exposed to memory that you could solve.
- Decrypted decompressed content is a lower value. This represents individual frames coming from a decoder. The original encoding has disappeared. It takes a lot of space to store each frame, so the only option is to re-encode it, which will be worse than the original one. When the protected video path is involved, you again do not have access to the memory where these frames are stored.
One thing that is good to point out that a lot of DRM protection is to make sure that ordinary users cannot just record content. When you start talking about using special drivers, recompile the kernel with changes, or something else, you are no longer a regular user.
I'm not sure exactly how Google includes Widevine in Linux distributions, but it does not work on every distribution you choose. Google must somehow "enable" the distribution for support in the first place. It is possible that driver signature validation is just as good as Widevine will be happy to work on the platform - just guessing.
Besides:
Why can't you record sound?
You can - the audio output is not protected at all.
Why can't you record a video?
If you succeed in doing this, you are working with the decrypted decompressed content that I mentioned earlier. There were other easier ways to get this content over the years, and this did not stop streaming services.