"Impossible" is a bit rhetorical, although in principle the content has to be decrypted to be seen and a Sufficiently Sophisticated Attacker can always somehow extract the decrypted data from the device, in more practical terms this can be made pretty much arbitrarily difficult.
What I really meant is that making DRM difficult to crack generally goes against owner control over the machine. The more control you have the easier it is to simply copy the decrypted data or at least attempt exploiting some bugs in the DRM engine if the former is impossible. So we see things like signed bootloaders or dedicated "secure" cores running alongside normal CPUs with some secret firmware on them.
In particular, it seems that Android's DRM can be subverted by the bootloader (presumably it uses the ARM TrustZone extension, which is configured by the bootloader and then locked away from the OS) and hence the OP has to choose between DRM and unlocked bootloader.
What I really meant is that making DRM difficult to crack generally goes against owner control over the machine. The more control you have the easier it is to simply copy the decrypted data or at least attempt exploiting some bugs in the DRM engine if the former is impossible. So we see things like signed bootloaders or dedicated "secure" cores running alongside normal CPUs with some secret firmware on them.
In particular, it seems that Android's DRM can be subverted by the bootloader (presumably it uses the ARM TrustZone extension, which is configured by the bootloader and then locked away from the OS) and hence the OP has to choose between DRM and unlocked bootloader.