Implement a GKI module partition

GKI and GKI modules can be updated independently from the rest of the partition because GKI modules reside on a separate dynamic partition in the super image called system_dlkm. GKI modules are signed by Google using the kernel build-time key pair and are compatible only with the GKI they're built with. There's no ABI stability between GKI and GKI modules; for modules to load correctly during runtime, GKI and GKI modules must be built and updated together.

Implement system_dklm partition support

The system_dlkm partition is located in the super partition as another dynamic partition. This partition can contain:

  • Google build-time signed kernel modules
  • depmod artifacts

Build system_dlkm

Building system_dlkm is a similar process to building other dynamic partitions. Perform the following steps to add system_dlkm to your build:

  1. In BoardConfig.mk, add the following entries:

    BOARD_USES_SYSTEM_DLKMIMAGE := true
    BOARD_SYSTEM_DLKMIMAGE_FILE_SYSTEM_TYPE := $(TARGET_RO_FILE_SYSTEM_TYPE)
    TARGET_COPY_OUT_SYSTEM_DLKM := system_dlkm
    
  2. In the partition list, add system_dlkm: BOARD_GOOGLE_SYSTEM_DYNAMIC_PARTITIONS_PARTITION_LIST := system_dlkm

  3. (Optional) For A/B and virtual A/B devices, add the following line in the device.mk file for your device:

    AB_OTA_PARTITIONS += system_dlkm
    

Identify kernel modules to copy into system_dlkm

For modules to load successfully at runtime, GKI and GKI modules must be built together. Therefore you must identify kernel modules in the GKI build for the AArch64 in Android Common Kernel at <ACK-3.10>/out/android13-5.10/staging/system_dlkm_staging:

  BOARD_SYSTEM_DLKM_SRC := kernel/prebuilts/5.10/arm64/system_dlkm_staging

At build time, modules listed in BOARD_SYSTEM_DLKM_SRC are installed in $ANDROID_PRODUCT_OUT/system_dlkm. A symbolic link is created at /system/lib/modules that points to /system_dlkm/lib/modules.

Mount system_dlkm at runtime

To mount the system_dlkm partition at runtime, add following in your fstab:

  system_dlkm /system_dlkm erofs ro wait,logical,first_stage_mount,slotselect,avb

Partition mounting and module loading

During first_stage_init, the system_dlkm partition is mounted in the /system_dlkm as a read-only file system. On a successful mount, symbolic links at /system/lib/modules pointing to /system_dlkm/lib/modules are available.

For a reference implementation of the fstab entries see either of these Cuttlefish examples:

  • <AOSP CODE>/device/google/cuttlefish/shared/config/fstab.ext4
  • <AOSP CODE>/device/google/cuttlefish/shared/config/fstab.f2fs

A vendor process, such as an .rc script, can then load the kernel modules based on the order specified in modules.load. If necessary, the vendor process can also load the modules at a later time.

Validate the system-dlkm partition

Google provides a GKI VTS test case to verify the system_dlkm partition. To manually invoke the test, use the following atest command:

  atest -c vts_dlkm_partition_test