We’re currently working on two projects

The primary development device for this project is the Samsung Galaxy Nexus phone.


Samsung Galaxy Nexus is based on the Texas Instruments OMAP4 CPU which is an ARMv7 core and thus incapable of hardware-assisted virtualization. We rely on paravirtualization therefore. A modified version of linux (L4Linux) is running on top of the Fiasco.OC L4 microkernel and the Genode Framework. Virtualization and moving drivers from linux to Genode gives us several advantages.

A picture of the Galaxy Nexus phone running three instances of linux simultaneously.


Genode Support for Samsung Galaxy Nexus


The tuna-hacks branch contains the WIP support for the Galaxy Nexus. Here is the list of our changes.

To build a demo, use the “astarasikov/run/”. Refer to the general Genode building guide and do a “make run/tuna-l4android35” to build the system. Make sure to prepare an initial ramdisk image and edit the path to it in the file.

Alternatively, use a prebuilt demo image [still uploading] and refer to the u-boot section on the details about booting this image.

U-boot port

Detailed description is on the page gnex_uboot

To be able to run custom OS without reflashing the phone, we have ported the u-boot bootloader to the Galaxy Nexus phone. It currently has the following features

U-boot source code

Take a look at the video showing u-boot booting Android without Samsung SBL bootloader!

U-boot demo

To build an image that can be flashed to the kernel partition (as opposed to replacing the SBL bootloader), edit the include/configs/omap4_tuna.h and comment out the #define TUNA_SPL_BUILD

If you put the u-boot instead of the kernel partition, put put the kernel in either u-boot or android image format to /boot/vmlinux.uimg inside the android system partition.

U-boot also supports booting custom kernels from the emmc (/sdcard partition). The kernel has to be put to /boot/vmlinux.uimg on /sdcard or /data/media/boot/vmlinux.uimg in the device root. Hold down the volume down key to boot a custom kernel

Currently u-boot has issues with reading EXT4 file system, large files (>10MB) mostly fail to load. So if you need them, check out the tuna_fosdem_hacks, format the cache partition to ext2, and put the kernel to /media/boot/vmlinux.uimg on the cache partition.

RIL (Radio Information Layer)


For a number of reasons, we wanted to replace the proprietary modem binaries with an open source implementation

The modem inside Samsung Galaxy Nexus and Samsung Galaxy S2 is the Infenion XMM6260 modem running a custom baseband firmware from Samsung. The physical transport is different on these devices (S2 uses USB EHCI, while Nexus is using HCI which is a special kind of a fast serial port). Software-wise, the modem and the RIL exchange the packets of a HDLC-encoded data. These packages do not contain standard GSM AT commands, but the proprietary binary commands of the Samsung IPC protocol. XMM6260 uses SIPCv4 protocol.

The Replicant project already had a working implementation for the older phones (namely, the non-galaxy Nexus) so all we had to do was to write the firmware loader for the modem.

We’re nice guys and have contributed our work back to Replicant so now there’s full modem support with open-source drivers.

Since Replicant is under heavy development, we have a ‘stable’ mirror of the code in our repository which is tested to compile and work successfully.

Samsung IPC Library


Here is our patched libsamsung-ipc library which is implementing the SIPC protocol support and is not tied to a particular RIL implementation (Android, Ofono etc)

Our contribution includes:

Samsung RIL


Our additions include.

Samsung RIL Client

samsung ril client

RIL Client is a library which allows the GPS, NFC and Sound drivers to access the modem for certain power-management features. Our library is based on the Replicatn library, with the following additions.

GPS Proxy

As a part of the project to isolate trusted and untrusted stuff, we have implemented a daemon and the library that proxify the GPS interface for the Android OS. The rationale behind developing them was that reverse-engineering the Sirf Star 4 driver was unrealistic.

RPC Library. THe RPC Library can exchange arbitrary binary messages in both directions via a single socket. It is similiar to MSGPack, but much simpler. It uses select() calls to avoid polling.

GPS Proxy

The GPS proxy consists of a proxy library that implements the GPS interface and the daemon which loads the proprietary GPS binary. The proxy library and the daemon communicate via a socket using the RPC Library. The idea is that the untrusted binary driver can be run in an isolated l4linux container while being isolated from the trusted Android instance by an RPC transport. Using fixed-size RPC messages serves as a protection from stack smashing techiques.