Owner: mnissler Bug: http://b/25969241, http://b/27101983

Clone this repo:
  1. 2606a97 [LSC] Add LOCAL_LICENSE_KINDS to system/nvram am: abe4fdd77e am: 60009096d7 am: 94623fb372 by Bob Badour · 12 months ago android-s-v2-preview-1 android12--mainline-release android12-dev android12-qpr1-d-release android12-qpr1-d-s1-release android12-qpr1-d-s2-release android12-qpr1-d-s3-release android12-qpr1-release master android-12.0.0_r16 android-12.0.0_r18 android-12.0.0_r19 android-12.0.0_r20 android-12.0.0_r21 android-12.0.0_r26 android-12.0.0_r27 android-mainline-12.0.0_r4 android-s-v2-beta-2 android-s-v2-preview-2
  2. 94623fb [LSC] Add LOCAL_LICENSE_KINDS to system/nvram am: abe4fdd77e am: 60009096d7 by Bob Badour · 12 months ago
  3. 6000909 [LSC] Add LOCAL_LICENSE_KINDS to system/nvram am: abe4fdd77e by Bob Badour · 12 months ago android-s-beta-4 android-s-beta-5 android-s-beta-1 android-s-beta-2 android-s-beta-3
  4. abe4fdd [LSC] Add LOCAL_LICENSE_KINDS to system/nvram by Bob Badour · 12 months ago android-s-preview-1
  5. 559fb5b Convert system/nvram/Android.mk to Android.bp. am: 843f23682b am: f651fd4535 am: 45d3742378 by Patrice Arruda · 2 years, 8 months ago android11-d1-b-release android11-d1-release android11-d1-s1-release android11-d1-s5-release android11-d1-s6-release android11-d1-s7-release android11-d2-release android11-dev android11-mainline-captiveportallogin-release android11-mainline-cellbroadcast-release android11-mainline-conscrypt-release android11-mainline-documentsui-release android11-mainline-extservices-release android11-mainline-media-release android11-mainline-media-swcodec-release android11-mainline-networkstack-release android11-mainline-os-statsd-release android11-mainline-permission-release android11-mainline-release android11-mainline-sparse-2020-dec-release android11-mainline-sparse-2021-jan-release android11-mainline-tethering-release android11-qpr1-c-release android11-qpr1-d-release android11-qpr1-d-s1-release android11-qpr1-release android11-qpr1-s1-release android11-qpr1-s2-release android11-qpr2-release android11-qpr3-release android11-qpr3-s1-release android-11.0.0_r10 android-11.0.0_r11 android-11.0.0_r12 android-11.0.0_r13 android-11.0.0_r14 android-11.0.0_r15 android-11.0.0_r16 android-11.0.0_r18 android-11.0.0_r19 android-11.0.0_r20 android-11.0.0_r21 android-11.0.0_r22 android-11.0.0_r23 android-11.0.0_r24 android-11.0.0_r26 android-11.0.0_r27 android-11.0.0_r28 android-11.0.0_r29 android-11.0.0_r30 android-11.0.0_r31 android-11.0.0_r32 android-11.0.0_r33 android-11.0.0_r34 android-11.0.0_r35 android-11.0.0_r36 android-11.0.0_r37 android-11.0.0_r38 android-11.0.0_r39 android-11.0.0_r40 android-11.0.0_r41 android-11.0.0_r42 android-11.0.0_r43 android-11.0.0_r44 android-11.0.0_r45 android-11.0.0_r46 android-11.0.0_r47 android-11.0.0_r48 android-11.0.0_r7 android-11.0.0_r8 android-11.0.0_r9 android-mainline-11.0.0_r1 android-mainline-11.0.0_r10 android-mainline-11.0.0_r12 android-mainline-11.0.0_r13 android-mainline-11.0.0_r14 android-mainline-11.0.0_r15 android-mainline-11.0.0_r16 android-mainline-11.0.0_r17 android-mainline-11.0.0_r18 android-mainline-11.0.0_r19 android-mainline-11.0.0_r2 android-mainline-11.0.0_r20 android-mainline-11.0.0_r21 android-mainline-11.0.0_r22 android-mainline-11.0.0_r23 android-mainline-11.0.0_r24 android-mainline-11.0.0_r25 android-mainline-11.0.0_r26 android-mainline-11.0.0_r27 android-mainline-11.0.0_r28 android-mainline-11.0.0_r29 android-mainline-11.0.0_r3 android-mainline-11.0.0_r30 android-mainline-11.0.0_r31 android-mainline-11.0.0_r32 android-mainline-11.0.0_r33 android-mainline-11.0.0_r34 android-mainline-11.0.0_r35 android-mainline-11.0.0_r36 android-mainline-11.0.0_r37 android-mainline-11.0.0_r38 android-mainline-11.0.0_r39 android-mainline-11.0.0_r4 android-mainline-11.0.0_r40 android-mainline-11.0.0_r41 android-mainline-11.0.0_r42 android-mainline-11.0.0_r43 android-mainline-11.0.0_r44 android-mainline-11.0.0_r45 android-mainline-11.0.0_r5 android-mainline-11.0.0_r6 android-mainline-11.0.0_r7 android-mainline-11.0.0_r8 android-mainline-11.0.0_r9

Access-controlled NVRAM implementation

This repository contains various pieces related to the Access-controlled NVRAM HAL. In a nutshell, the Access-controlled NVRAM HAL allows creation of NVRAM spaces that can hold arbitrary data blobs of limited size. Access restrictions can be configured on each NVRAM space to prevent the contents from being accessed or modified, up to the point of requiring full hardware reset to clear a locked NVRAM space. This can be used for various security features that require a trusted storage location for critical data that an attacker can't tamper with. For details of the NVRAM HAL API, see hardware/libhardware/include/hardware/nvram.h.


Contains a simple command-line application to interact with the NVRAM HAL implementation. This is useful for experimentation and use in scripts. nvram-client receives commands and parameters on the command line and translates them to NVRAM HAL calls. Results are printed on stdout.


A reference implementation of the NVRAM functionality. This reference implementation can be used to create NVRAM HAL implementations that run in a trusted execution environment. It is also the basis for the testing NVRAM HAL module, which implements the entire NVRAM HAL API surface in userspace for the sake of illustration (but obviously doesn't meet the persistence and tamper-evidence requirements).

Note that the reference implementation leaves persistent storage to be handled by the embedding code, which needs to provide an implementation of the storage interface defined in system/nvram/core/include/nvram/core/storage.h.


The hal directory contains glue code that simplifies creation of NVRAM HAL modules. The code implements the API surface specified by the nvram.h HAL header and translates calls into the request/response message format defined in the messages directory. Thus, to create a working NVRAM HAL module, it is sufficient to provide an implementation that understands nvram::Request and nvram::Response objects, the glue code will adapt it to the full NVRAM API surface.


Defines an IPC message format that can be used to serialize NVRAM HAL calls and their parameters in preparation for sending them elsewhere (e.g., a TEE) for execution. There is a request and a response struct corresponding to each NVRAM HAL function. The nvram::Request and nvram::Response wrappers keep track of the actual request or response type, respectively, as well as the request or response parameters specific to the type.