1*7ba4dab5SXin Li# Access-controlled NVRAM implementation 2*7ba4dab5SXin Li 3*7ba4dab5SXin LiThis repository contains various pieces related to the Access-controlled NVRAM 4*7ba4dab5SXin LiHAL. In a nutshell, the Access-controlled NVRAM HAL allows creation of NVRAM 5*7ba4dab5SXin Lispaces that can hold arbitrary data blobs of limited size. Access restrictions 6*7ba4dab5SXin Lican be configured on each NVRAM space to prevent the contents from being 7*7ba4dab5SXin Liaccessed or modified, up to the point of requiring full hardware reset to clear 8*7ba4dab5SXin Lia locked NVRAM space. This can be used for various security features that 9*7ba4dab5SXin Lirequire a trusted storage location for critical data that an attacker can't 10*7ba4dab5SXin Litamper with. For details of the NVRAM HAL API, see 11*7ba4dab5SXin Li[hardware/libhardware/include/hardware/nvram.h](https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/nvram.h). 12*7ba4dab5SXin Li 13*7ba4dab5SXin Li## [client](/client) 14*7ba4dab5SXin Li 15*7ba4dab5SXin LiContains a simple command-line application to interact with the NVRAM HAL 16*7ba4dab5SXin Liimplementation. This is useful for experimentation and use in scripts. 17*7ba4dab5SXin Li`nvram-client` receives commands and parameters on the command line and 18*7ba4dab5SXin Litranslates them to NVRAM HAL calls. Results are printed on stdout. 19*7ba4dab5SXin Li 20*7ba4dab5SXin Li## [core](/core) 21*7ba4dab5SXin Li 22*7ba4dab5SXin LiA reference implementation of the NVRAM functionality. This reference 23*7ba4dab5SXin Liimplementation can be used to create NVRAM HAL implementations that run in a 24*7ba4dab5SXin Litrusted execution environment. It is also the basis for the testing NVRAM HAL 25*7ba4dab5SXin Limodule, which implements the entire NVRAM HAL API surface in userspace for the 26*7ba4dab5SXin Lisake of illustration (but obviously doesn't meet the persistence and 27*7ba4dab5SXin Litamper-evidence requirements). 28*7ba4dab5SXin Li 29*7ba4dab5SXin LiNote that the reference implementation leaves persistent storage to be handled 30*7ba4dab5SXin Liby the embedding code, which needs to provide an implementation of the storage 31*7ba4dab5SXin Liinterface defined in 32*7ba4dab5SXin Li[system/nvram/core/include/nvram/core/storage.h](core/include/nvram/core/storage.h). 33*7ba4dab5SXin Li 34*7ba4dab5SXin Li## [hal](/hal) 35*7ba4dab5SXin Li 36*7ba4dab5SXin LiThe [hal](/hal) directory contains glue code that simplifies creation of NVRAM 37*7ba4dab5SXin LiHAL modules. The code implements the API surface specified by the nvram.h HAL 38*7ba4dab5SXin Liheader and translates calls into the request/response message format defined in 39*7ba4dab5SXin Lithe [messages](/messages) directory. Thus, to create a working NVRAM HAL module, 40*7ba4dab5SXin Liit is sufficient to provide an implementation that understands `nvram::Request` 41*7ba4dab5SXin Liand `nvram::Response` objects, the glue code will adapt it to the full NVRAM API 42*7ba4dab5SXin Lisurface. 43*7ba4dab5SXin Li 44*7ba4dab5SXin Li## [messages](/messages) 45*7ba4dab5SXin Li 46*7ba4dab5SXin LiDefines an IPC message format that can be used to serialize NVRAM HAL calls and 47*7ba4dab5SXin Litheir parameters in preparation for sending them elsewhere (e.g., a TEE) for 48*7ba4dab5SXin Liexecution. There is a request and a response struct corresponding to each NVRAM 49*7ba4dab5SXin LiHAL function. The `nvram::Request` and `nvram::Response` wrappers keep track of 50*7ba4dab5SXin Lithe actual request or response type, respectively, as well as the request or 51*7ba4dab5SXin Liresponse parameters specific to the type. 52