This page describes the Generic Kernel Image (GKI) project and how it increases Android stability and improves security.
History
Every Android-powered device needs a production kernel. Prior to GKI, kernels were custom and based on the Android Common Kernel (ACK), with device-specific changes made by system on chip (SoC) vendors and OEMs.
This customization could result in as much as 50% of kernel code being out-of-tree code and not from upstream Linux kernels or ACKs. As such, the custom nature of pre-GKI kernels resulted in significant kernel fragmentation.
Costs of fragmentation
Kernel fragmentation has several negative effects on the Android community.
Security updates are labor intensive
Security patches cited in the Android Security Bulletin (ASB) must be backported into each of the device kernels. However, due to kernel fragmentation, it's prohibitively expensive to propagate security fixes to Android devices in the field.
Difficult to merge Long-Term Supported updates
The Long-Term Supported (LTS) releases include security fixes and other critical bug fixes. Staying up to date with LTS releases has proven to be the most effective way to provide security fixes. On Pixel devices, it was discovered that 90% of the kernel security issues reported in the ASB had already been fixed for devices that stay up to date.
However, with all of the custom modifications in the device kernels, it's difficult to just merge the LTS fixes into device kernels.
Inhibit Android platform release upgrades
Fragmentation makes it difficult for new Android features requiring kernel changes to be added to devices in the field. Android Framework code had to account for the different kernel variations and couldn't rely on new Android features being implemented in the kernel This slowed down innovation and caused increased code size and complexity.
Difficult to contribute kernel changes back to upstream Linux
The fragmented way of pulling patches into the production kernels caused a delay of up to 18 months from the point where an LTS release was available upstream, to when it was in a device. This long delay between upstream kernel release and products makes it difficult for the Android community to feed needed features and drivers into the upstream kernels. By the time a user submitted suggestions for improvements, the codebase had changed, making it hard to show the relevance of the patch.
Fix the fragmentation: Generic Kernel Image
The Generic Kernel Image (GKI) project addresses kernel fragmentation by unifying the core kernel and moving SoC and board support out of the core kernel into loadable vendor modules. GKI also presents a stable Kernel Module Interface (KMI) for vendor modules, so modules and kernel can be updated independently. Some characteristics of the GKI kernel are:
- The GKI kernel is built from the ACK sources.
- The GKI kernel is a single-kernel binary plus associated loadable modules per architecture, per LTS release.
- The GKI kernel is tested with all Android Platform releases that are supported for the associated ACK. There's no feature deprecation for the lifetime of a GKI kernel version.
- The GKI kernel exposes a stable KMI to drivers within a given LTS.
- The GKI kernel doesn't contain SoC-specific or board-specific code.
For an image of GKI architecture, refer to the Kernel overview.
Common Image
Begging with Android 12, devices shipping with kernel version 5.10 or higher must ship with the GKI kernel. Generic Kernel Image (GKI) release builds are updated regularly and updated regularly with LTS and critical bug fixes. Because binary stability is maintained for the KMI, you can install these boot images without making changes to vendor images. The GKI project has these goals:
- Don't introduce significant performance or power regressions when replacing the product kernel with the GKI kernel.
- Enable partners to deliver kernel security fixes and bug fixes without vendor involvement.
- Reduce the cost of upreving the major kernel version for devices.
- Maintain a single GKI kernel binary per architecture by updating kernel versions with a clear process for upgrading.