Skip to content

jiaxuan-guo/kernelflinger

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,310 Commits
.github/workflows
.github/workflows
 
 
avb
avb
 
 
build
build
 
 
doc
doc
 
 
include
include
 
 
libadb
libadb
 
 
libedk2_tpm
libedk2_tpm
 
 
libefitcp
libefitcp
 
 
libefiusb
libefiusb
 
 
libelfloader
libelfloader
 
 
libfastboot
libfastboot
 
 
libheci
libheci
 
 
libkernelflinger
libkernelflinger
 
 
libqltipc
libqltipc
 
 
libsslsupport
libsslsupport
 
 
libtransport
libtransport
 
 
libxbc
libxbc
 
 
prebuilt/board/APL_UP2
prebuilt/board/APL_UP2
 
 
Android.mk
Android.mk
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
com.txt
com.txt
 
 
installer.c
installer.c
 
 
kernelflinger.c
kernelflinger.c
 
 
kf4abl.c
kf4abl.c
 
 
kf4cic.c
kf4cic.c
 
 
kfld.c
kfld.c
 
 
unittest.c
unittest.c
 
 
unittest.h
unittest.h
 
 
ux.c
ux.c
 
 
ux.h
ux.h
 
 

Repository files navigation

Kernelflinger

Overview

Kernelflinger is the Intel UEFI bootloader for AndroidTM/BrilloTM. It is compatible with the UEFI 2.4 specification.

Kernelflinger implements the Google Bootloader requirements for AndroidTM L, M, N and O desserts.

The key features are:

  1. Google verified boot support.
  2. Android verified boot support.
  3. Fastboot support over USB and TCP.
  4. Installer: Standalone EFI application that can be used to flash a device from the EFI shell using an external storage.
  5. Crashmode: provides a simple access using adb commmand to retrieve data from memory, partitions, EFI variables or ACPI tables in case of OS crash.
  6. Trusty: support load and verify TEE OS, and setup the IPC between TEE OS.

Basic architecture

  • libkernelflinger: library that provides all the tools necessary to access ACPI and SMBIOS tables, run image verification, use storage (SATA, eMMC, SDCard and UFS) and draw graphic widgets.
  • libfastboot: Fastboot protocol implementation. fastboot protocol
  • libadb: used by Crashmode.
  • libefiusb: based on the non-standard DeviceMode protocol it provides easy to use USB configuration, read and write functions and TX/RX events callbacks.
  • libefitcp: based on the standard UEFI TCP protocol, it provides easy to use TCP configuration, read and write functions and TX/RX events callbacks.
  • libtransport: is a framework to abstract the transport layer. Used by both libfastboot and libadb to support USB and TCP transport.
  • libqltipc: used for setup the IPC between TEE OS.
  • libheci: support HECI protocol.
  • kernelflinger.c: main program that implements the boot flow.
  • installer.c: main program of the Installer

Dependencies

Kernelflinger depends on the following libraries:

  • gnu-efi (TODO: github link)
  • openssl (TODO: github link)

Kernelflinger's compilation requires the following tools:

Compilation

Kernelflinger's compilation relies on the AndroidTM compilation system. In an AndroidTM tree, with all the dependencies checked out, run the following command to build $OUT/efi/kernelflinger.efi.

$ make kernelflinger-$TARGET_BUILD_VARIANT

Run the following command to build $OUT/efi/installer.efi:

$ make installer-$TARGET_BUILD_VARIANT

Kerneflinger specific configuration flags:

  • TARGET_NO_DEVICE_UNLOCK: if true, any attempt to unlock the device (fastboot flashing unlock) will systematically fail.
  • HAL_AUTODETECT: Cf. Autodetect.
  • KERNELFLINGER_ALLOW_UNSUPPORTED_ACPI_TABLE: makes kernelflinger ignore ACPI table oem_id, oem_table_id and revision fields.
  • KERNELFLINGER_USE_POWER_BUTTON: makes kernelflinger use the power key as an input source.
  • KERNELFLINGER_USE_WATCHDOG: makes kernelflinger start the "kernel" watchdog prior booting the kernel.
  • KERNELFLINGER_USE_CHARGING_APPLET: makes Kernelflinger use the non-standard ChargingApplet protocol to get the battery and charger status, and modify the boot flow in consequence.
  • KERNELFLINGER_IGNORE_RSCI: makes Kernelflinger ignore the non-standard RSCI ACPI table. This APCI table provides the reset and wake source reasons.
  • KERNELFLINGER_IGNORE_NOT_APPLICABLE_RESET: makes Kernelflinger ignore the ACPI table RSCI reset source "not_applicable" when setting the bootreason.
  • KERNELFLINGER_SSL_LIBRARY: either 'openssl' or 'boringssl', makes Kernelflinger build against the OpenSSL library, respectively, the BoringSSL library.
  • BOARD_AVB_ENABLE: support AVB (Android Verify Boot)
  • BOARD_SLOT_AB_ENABLE: support AVB A/B slot.

Command line parameters

  • -f: enforce kernelfliner to enter Fastboot mode
  • -U [test-suite-name]: run unittest test (see unittest.c).

Reporting a Potential Security Vulnerability

If you have discovered potential security vulnerability in Kernelflinger, please send an e-mail to secure@intel.com. For issues related to Intel Products, please visit https://security-center.intel.com.

It is important to include the following details:

  • The projects and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

Vulnerability information is extremely sensitive. Please encrypt all security vulnerability reports using our PGP key.

A member of the Intel Product Security Team will review your e-mail and contact you to to collaborateon resolving the issue. For more information on how Intel works to resolve security issues, see: vulnerability handling guidelines.

Copyright and Licence

Kernelflinger is licensed under the terms of the BSD 2-Clause.

About

No description, website, or topics provided.

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 97.2%
  • Makefile 1.4%
  • Other 1.4%