Dear PW,Google Play Store? Why put that in denylist?; Only need to hide root from gms (Play Services) droidguard process (com.google.android.gms.unstable) as stated... Need to select Show System apps in menu to see/select this ..
Seems you're playing with MHPC settings you don't understand... Do you have Force BASIC key Attestation option active?; The default setting spoofs Nexus 5 in Model prop(s) on Google devices an very likely in devices unknown to MHPC... You certainly don't need to do this spoofing on your old device that uses Basic attestation out of the box... Hardware backed key attestation began w/ devices launched w/Android 8...
You should revert any MHPC changes you made; many are critical... Only use Edit MagiskHide props to automatically set sensitive props to 'safe' values as I said...
No, not possible on your device... This certification is hardware dependant and your device has no High Dynamic Range (HDR) / HDCP capabilities... Many lower spec modern devices never had L1 certification to begin with for this reason; your old hardware certainly can't render HD video and doesn't even have hardware TEE OS required for this task by the DRM / Widevine spec.
Nb. My original response was simply to help you pass SafetyNet and get Netflix in Play Store as requested...
PW
your right about playing with MHPC, I'm no expert but if I do a mistake I can still flash the tablet and install the OS again. I'm only using it for streaming so I'm not afraid of beeing "hacked". I didn't know that the devices under Android 8 don't have the key attestation.
I'll survive with the videos not being played in FHD , it is mostly for my son that will watch the cartoons.
I'm gratefull for all your help!
KR
Rok