DISCONTINUATION OF PROJECT

This project will no longer be maintained by Intel.

Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.

Intel no longer accepts patches to this project.

If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project.

Contact: webadmin@linux.intel.com Kernelflinger

Overview

Kernelflinger is the Intel UEFI bootloader for Android^TM/Brillo^TM. It is compatible with the UEFI 2.4 specification.

Kernelflinger implements the Google Bootloader requirements for Android^TM L, M, N and O desserts.

The key features are:

1. Google verified boot support.
2. Android verified boot support.
3. Fastboot support over USB and TCP.
4. Installer: Standalone EFI application that can be used to flash a device from the EFI shell using an external storage.
5. Crashmode: provides a simple access using adb commmand to retrieve data from memory, partitions, EFI variables or ACPI tables in case of OS crash.
6. Trusty: support load and verify TEE OS, and setup the IPC between TEE OS.

Basic architecture

• libkernelflinger: library that provides all the tools necessary to access ACPI and SMBIOS tables, run image verification, use storage (SATA, eMMC, SDCard and UFS) and draw graphic widgets.
• libfastboot: Fastboot protocol implementation. fastboot protocol
• libadb: used by Crashmode.
• libefiusb: based on the non-standard DeviceMode protocol it provides easy to use USB configuration, read and write functions and TX/RX events callbacks.
• libefitcp: based on the standard UEFI TCP protocol, it provides easy to use TCP configuration, read and write functions and TX/RX events callbacks.
• libtransport: is a framework to abstract the transport layer. Used by both libfastboot and libadb to support USB and TCP transport.
• libqltipc: used for setup the IPC between TEE OS.
• libheci: support HECI protocol.
• kernelflinger.c: main program that implements the boot flow.
• installer.c: main program of the Installer

Dependencies

Kernelflinger depends on the following libraries:

• gnu-efi (TODO: github link)
• openssl (TODO: github link)

Kernelflinger's compilation requires the following tools:

• sbsigntool: EFI binary signer.
• vendor_intel_build: EFI compilation definitions for Android^TM.

Compilation

Kernelflinger's compilation relies on the Android^TM compilation system. In an Android^TM tree, with all the dependencies checked out, run the following command to build $OUT/efi/kernelflinger.efi.

$ make kernelflinger-$TARGET_BUILD_VARIANT

Run the following command to build $OUT/efi/installer.efi:

$ make installer-$TARGET_BUILD_VARIANT

Kerneflinger specific configuration flags:

• TARGET_NO_DEVICE_UNLOCK: if true, any attempt to unlock the device (fastboot flashing unlock) will systematically fail.
• HAL_AUTODETECT: Cf. Autodetect.
• TARGET_BOOTLOADER_POLICY: Cf. Bootloader Policy and Factory Reset Protection
• KERNELFLINGER_ALLOW_UNSUPPORTED_ACPI_TABLE: makes kernelflinger ignore ACPI table oem_id, oem_table_id and revision fields.
• KERNELFLINGER_USE_POWER_BUTTON: makes kernelflinger use the power key as an input source.
• KERNELFLINGER_USE_WATCHDOG: makes kernelflinger start the "kernel" watchdog prior booting the kernel.
• KERNELFLINGER_USE_CHARGING_APPLET: makes Kernelflinger use the non-standard ChargingApplet protocol to get the battery and charger status, and modify the boot flow in consequence.
• KERNELFLINGER_IGNORE_RSCI: makes Kernelflinger ignore the non-standard RSCI ACPI table. This APCI table provides the reset and wake source reasons.
• KERNELFLINGER_IGNORE_NOT_APPLICABLE_RESET: makes Kernelflinger ignore the ACPI table RSCI reset source "not_applicable" when setting the bootreason.
• KERNELFLINGER_SSL_LIBRARY: either 'openssl' or 'boringssl', makes Kernelflinger build against the OpenSSL library, respectively, the BoringSSL library. Note: the TARGET_BOOTLOADER_POLICY flag cannot be used if KERNELFLINGER_SSL_LIBRARY is set to 'boringssl' because the BoringSSL does not support the PKCS7 message format which is used by the RMA force unlock feature (Cf. Bootloader Policy and Factory Reset Protection).
• BOARD_AVB_ENABLE: support AVB (Android Verify Boot)
• BOARD_SLOT_AB_ENABLE: support AVB A/B slot.
• KERNELFLINGER_USE_RPMB: support use RPMB, it can be used by Trusty, or save the AVB rollback index.
• BUILD_ANDROID_THINGS: enable some feature for Android Things.

Command line parameters

• -f: enforce kernelfliner to enter Fastboot mode
• -U [test-suite-name]: run unittest test (see unittest.c).

Reporting a Potential Security Vulnerability

If you have discovered potential security vulnerability in Kernelflinger, please send an e-mail to secure@intel.com. For issues related to Intel Products, please visit https://security-center.intel.com.

It is important to include the following details:

• The projects and versions affected
• Detailed description of the vulnerability
• Information on known exploits

Vulnerability information is extremely sensitive. Please encrypt all security vulnerability reports using our PGP key.

A member of the Intel Product Security Team will review your e-mail and contact you to to collaborateon resolving the issue. For more information on how Intel works to resolve security issues, see: vulnerability handling guidelines.

Copyright and Licence

Kernelflinger is licensed under the terms of the BSD 2-Clause.