Android Virtualization Framework

2022

Android Virtualization Framework

Protected computing for the next generation use cases

David Brazdil (he/him) Serban Constantinescu (he/him)

Technical Lead Product Manager
@dbrazdil @serbanc
 Android defense mechanisms

Fragmented, constrained APIs, limited

Google Play Store
security updates and no mutual distrust.
Malware and security scanning for
Android applications.

Android Application Sandbox

Isolates Android applications and their Isolated Execution Environment
resources from each other. Isolates security critical payloads even in the
event of a compromised Android Kernel.
Android Kernel
Enforces the application sandbox and
process isolation and security policies.

Too big of an attack surface for

privacy-sensitive use cases.
2
 A standard deployment across the ecosystem
Personal
identi able
information

Biometrics
information and
algorithms.
Defense in Intellectual
depth Property The TrustZone TEE is
too privileged and
These use cases Kernel protection
and malware
DRM, Machine
Learning and IP
fragmented to use.
detection. protection.
need isolation even More use cases require
in the event of a an Isolated Execution Deploying there would
kernel vulnerability Environment
further increase the
(think Dirty Pipe). Ambient
vulnerable TCB.
information
Digital assets
Confidential or
personal Digital keys, crypto
information that and more.
should never leave
the device.
Healthcare

Medical and digital

fitness data.

3
The Execution Environment needed
to enable Protected Computing on Android

Isolated Updatable Least privilege

from the kernel’s using the same mutually distrusted
attack surface and other containers and updata and isolated even in
Protected Virtual Machines. technologies as Android. the event of an exploit.
Android Virtualization
Framework
android13-5.x branches:
we’ve been very busy!
Key pKVM hypervisor features available today:
● VM state and management isolated from the host

13
● Guest memory isolation

○ Including some IOMMU support (S2MPU)

● Services exposed as hypercalls to the guest payload

○ Memory sharing and virtio using bounce buffers

○ MMIO guard

○ TRNG proxied to secure world

● pVM firmware loading

● Non-protected guests for debug visibility

Actively working on upstreaming all of these features!

See our talks at KVM Forum
Architecture Protected
VM

Application (APKs/APEXes)

Android Microdroid

Java API Native API

virtualization service userspace tools

crosvm libbinder microdroid_manager libbinder EL0

Linux Kernel Linux kernel EL1

pvmfw

Hypervisor (pKVM) EL2

Programming Model

● Using APIs, you create a protected VM and run a native shared library in your APK there
● The library implements a Binder service
● Android app connects over Binder to send commands and get results

Android Protected VM

APK
Talk (over Binder)
Code for Android
Load &
Code for
Run
protected VM

Code for protected VM

Protected VM’s memory is protected

from host VM (and vice versa)
Secret Provisioning Using DICE

● Each pVM has its own secret key, not available to Android

● The per-pVM secret is not a random number, nor kept in a secure key store

● It is a function of
(1) measurements of the software that defines the behavior of the pVM* and
(2) Unique Device Secret (UDS) pVM

● Provisioned during the pVM boot

Per-VM
Application (APKs/APEXes) secret key
Microdroid

KDF

UDS

Provisioned

*From bootloader, hypervisor, up to the application

Documentation
https://source.android.com/devices/virtualization

[email protected]
 Questions

● How do you plan to use the Android Virtualization Framework?

● What use cases do you deploy at EL2/TZ today?
Thank you!
Backup
 Cyber landscape

Today, more cyber attacks than ever are

happening on a broader, global scale. The
targets of these attacks are … but also
individuals.
 Attacks are moving to more privileged layers

Zero-day Vulnerability Database Zerodium

(data) (data)

Attacks are probably moving to more

privileged layers like the TEE.
15
Android Virtualization Framework

Upstream Protected KVM Isolated from Android,

or vendor specific. other VMs and DMA devices.

Hypervisor , Protected Virtual Machines and Framework APIs

that enable Protected Computing in Android.

Integrated in Android
as a first-class primitive;
standard and developer friendly.

2022 | Confidential and Proprietary

Key Components (1/3)

Hypervisor Application (APKs/APEXes)

● Must isolate VM memory from others,

Android Microdroid
even from the host; enforced with stage-2
page tables and IOMMUs Java API Native API

● Reference implementation: KVM/arm in

virtualization service userspace tools
protected mode (pKVM)

Generic Kernel Image (GKI) crosvm libbinder microdroid_manager libbinder

● pKVM distributed as part of GKI, enabled

when kernel booted in EL2 GKI GKI
pvmfw
● Exposes /dev/kvm as the control interface

● Host GKI remains in charge of scheduling Hypervisor

● Guests run the same GKI kernel booted in EL1

Key Components (2/3)

virtualization service Application (APKs/APEXes)

● System service managing lifecycle of VMs

Android Microdroid
● Actual creation of VM is delegated to crosvm
Java API Native API
● Accessed via Java API (optional library)
virtualization service userspace tools
crosvm
● Virtual machine monitor written in Rust crosvm libbinder microdroid_manager libbinder

● Hypervisor and PV device backends

● Resource management (memory, vCPUs) GKI GKI

pvmfw
pvmfw
● First code that runs in a protected VM Hypervisor

● Verifies the payload, derives per-VM secret

Key Components (3/3)

Microdroid Application (APKs/APEXes)

● Lightweight headless Android for pVM

Android Microdroid
microdroid_manager
Java API Native API
● Manages application inside the VM
virtualization service userspace tools
● Securely mounts APK/APEXes from host

● Provides access to per-VM secret crosvm libbinder microdroid_manager libbinder

libbinder
● Extended to work over vsock GKI GKI
pvmfw
● Primary means of inter-VM communication
Hypervisor
Native API
● A subset of NDK provided to application

● libc/m/dl, no libandroid.so
Packaging
boot.img microdroid_system.img

GKI Native API

Protected KVM

pvmfw.img (new partition) userspace tools

pvmfw
microdroid_boot.img
system_ext.img
GKI (guest)

Java API
com.android.virt.apex
virtualization service

crosvm
Lifecycle of a pVM

Once created, a pVM instance can be repeatedly started and stopped,

as long as the software running inside the pVM remains the same.
Future changes will allow to update forward without invalidating the instance.

Valid instance
run
create
instance
Stopped Running
stop

delete
instance
payload change detected

Deleted

Invalid
Secret Provisioning Using DICE

● Each stage in boot sequence derives a secret for the next stage

Unique Device Secret

Secret from stage N-1

Android Bootloader
Stage N
input
pvmfw secret
save/
compare salt
Key Derivation
Instance Function
Hash pvmfw
disk

OS secret

Microdroid

Secret from stage N

per-VM secret

Stage N+1 Application