Home | History | Annotate | only in /system/nvram
Up to higher level directory
NameDateSize
Android.mk05-Oct-2017684
client/05-Oct-2017
core/05-Oct-2017
hal/05-Oct-2017
messages/05-Oct-2017
README.md05-Oct-20172.7K

README.md

      1 # Access-controlled NVRAM implementation
      2 
      3 This repository contains various pieces related to the Access-controlled NVRAM
      4 HAL. In a nutshell, the Access-controlled NVRAM HAL allows creation of NVRAM
      5 spaces that can hold arbitrary data blobs of limited size. Access restrictions
      6 can be configured on each NVRAM space to prevent the contents from being
      7 accessed or modified, up to the point of requiring full hardware reset to clear
      8 a locked NVRAM space. This can be used for various security features that
      9 require a trusted storage location for critical data that an attacker can't
     10 tamper with. For details of the NVRAM HAL API, see
     11 [hardware/libhardware/include/hardware/nvram.h](https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/nvram.h).
     12 
     13 ## [client](/client)
     14 
     15 Contains a simple command-line application to interact with the NVRAM HAL
     16 implementation. This is useful for experimentation and use in scripts.
     17 `nvram-client` receives commands and parameters on the command line and
     18 translates them to NVRAM HAL calls. Results are printed on stdout.
     19 
     20 ## [core](/core)
     21 
     22 A reference implementation of the NVRAM functionality. This reference
     23 implementation can be used to create NVRAM HAL implementations that run in a
     24 trusted execution environment. It is also the basis for the testing NVRAM HAL
     25 module, which implements the entire NVRAM HAL API surface in userspace for the
     26 sake of illustration (but obviously doesn't meet the persistence and
     27 tamper-evidence requirements).
     28 
     29 Note that the reference implementation leaves persistent storage to be handled
     30 by the embedding code, which needs to provide an implementation of the storage
     31 interface defined in
     32 [system/nvram/core/include/nvram/core/storage.h](core/include/nvram/core/storage.h).
     33 
     34 ## [hal](/hal)
     35 
     36 The [hal](/hal) directory contains glue code that simplifies creation of NVRAM
     37 HAL modules. The code implements the API surface specified by the nvram.h HAL
     38 header and translates calls into the request/response message format defined in
     39 the [messages](/messages) directory. Thus, to create a working NVRAM HAL module,
     40 it is sufficient to provide an implementation that understands `nvram::Request`
     41 and `nvram::Response` objects, the glue code will adapt it to the full NVRAM API
     42 surface.
     43 
     44 ## [messages](/messages)
     45 
     46 Defines an IPC message format that can be used to serialize NVRAM HAL calls and
     47 their parameters in preparation for sending them elsewhere (e.g., a TEE) for
     48 execution. There is a request and a response struct corresponding to each NVRAM
     49 HAL function. The `nvram::Request` and `nvram::Response` wrappers keep track of
     50 the actual request or response type, respectively, as well as the request or
     51 response parameters specific to the type.
     52