Full SDP on HiKey with software decoding can’t really be done as the OMX decoder is running on the host CPU, so it makes little sense to enable the .secure for the OMX codecs (unless you want to put the codec in OP-TEE but that is unadvised).
We did do a SDP_PROTOTYPE feature, which relies on the memory firewall protection in ATF being disabled, and then maps the secure buffer and memcpy() the contents. But that was really just for testing purposes.
In addition for Android you should be using the ClearKey mediadrm  plugin. However with regards to Chromium browser some changes are required in Chromium source for an Android build as it has a built-in ClearKey OpenSSL CDM which is uses for ClearKey playback rather than searching for a mediadrm plugin on the target.
With other key systems such as Widevine or Playready, it will use mediadrm plugin on Android straight away, but with ClearKey it we found it uses the built in OpenSSL decryptor rather than searching for the plugin.
If you want to do SDP development you are better off using a platform which actually has secure codec support such as iMX8M-evk board. Here the OMX plugins for the platform have been updated to allocate a secure buffer using ION, and the memory protection firewall is configured so that the only the decoder and display hardware can access the memory.