Kernelflinger is the Intel UEFI bootloader for AndroidTM/BrilloTM. It is compatible with the UEFI 2.4 specification.
Kernelflinger implements the Google Bootloader requirements for AndroidTM L, M, N and O desserts.
The key features are:
- Google verified boot support.
- Android verified boot support.
- Fastboot support over USB and TCP.
- Installer: Standalone EFI application that can be used to flash a device from the EFI shell using an external storage.
- Crashmode: provides a simple access using adb commmand to retrieve data from memory, partitions, EFI variables or ACPI tables in case of OS crash.
- Trusty: support load and verify TEE OS, and setup the IPC between TEE OS.
- libkernelflinger: library that provides all the tools necessary to access ACPI and SMBIOS tables, run image verification, use storage (SATA, eMMC, SDCard and UFS) and draw graphic widgets.
- libfastboot: Fastboot protocol implementation. fastboot protocol
- libadb: used by Crashmode.
- libefiusb: based on the non-standard DeviceMode protocol it provides easy to use USB configuration, read and write functions and TX/RX events callbacks.
- libefitcp: based on the standard UEFI TCP protocol, it provides easy to use TCP configuration, read and write functions and TX/RX events callbacks.
- libtransport: is a framework to abstract the transport layer. Used by both libfastboot and libadb to support USB and TCP transport.
- libqltipc: used for setup the IPC between TEE OS.
- libheci: support HECI protocol.
- kernelflinger.c: main program that implements the boot flow.
- installer.c: main program of the Installer
Kernelflinger depends on the following libraries:
- gnu-efi (TODO: github link)
- openssl (TODO: github link)
Kernelflinger's compilation requires the following tools:
- sbsigntool: EFI binary signer.
- vendor_intel_build: EFI compilation definitions for AndroidTM.
Kernelflinger's compilation relies on the AndroidTM
compilation system. In an AndroidTM tree, with all the
dependencies checked out, run the following command to build
$OUT/efi/kernelflinger.efi.
$ make kernelflinger-$TARGET_BUILD_VARIANTRun the following command to build $OUT/efi/installer.efi:
$ make installer-$TARGET_BUILD_VARIANTKerneflinger specific configuration flags:
TARGET_NO_DEVICE_UNLOCK: if true, any attempt to unlock the device (fastboot flashing unlock) will systematically fail.HAL_AUTODETECT: Cf. Autodetect.TARGET_BOOTLOADER_POLICY: Cf. Bootloader Policy and Factory Reset ProtectionKERNELFLINGER_ALLOW_UNSUPPORTED_ACPI_TABLE: makes kernelflinger ignore ACPI table oem_id, oem_table_id and revision fields.KERNELFLINGER_USE_POWER_BUTTON: makes kernelflinger use the power key as an input source.KERNELFLINGER_USE_WATCHDOG: makes kernelflinger start the "kernel" watchdog prior booting the kernel.KERNELFLINGER_USE_CHARGING_APPLET: makes Kernelflinger use the non-standard ChargingApplet protocol to get the battery and charger status, and modify the boot flow in consequence.KERNELFLINGER_IGNORE_RSCI: makes Kernelflinger ignore the non-standard RSCI ACPI table. This APCI table provides the reset and wake source reasons.KERNELFLINGER_IGNORE_NOT_APPLICABLE_RESET: makes Kernelflinger ignore the ACPI table RSCI reset source "not_applicable" when setting the bootreason.KERNELFLINGER_SSL_LIBRARY: either 'openssl' or 'boringssl', makes Kernelflinger build against the OpenSSL library, respectively, the BoringSSL library. Note: theTARGET_BOOTLOADER_POLICYflag cannot be used ifKERNELFLINGER_SSL_LIBRARYis set to 'boringssl' because the BoringSSL does not support the PKCS7 message format which is used by the RMA force unlock feature (Cf. Bootloader Policy and Factory Reset Protection).BOARD_AVB_ENABLE: support AVB (Android Verify Boot)BOARD_SLOT_AB_ENABLE: support AVB A/B slot.KERNELFLINGER_USE_RPMB: support use RPMB, it can be used by Trusty, or save the AVB rollback index.BUILD_ANDROID_THINGS: enable some feature for Android Things.
-f: enforce kernelfliner to enter Fastboot mode-U[test-suite-name]: run unittest test (see unittest.c).
Kernelflinger is licensed under the terms of the BSD 2-Clause.