Build a Custom Kernel for Android on Debian-based Linux
These instructions are written for and tested on Debian Bullseye and Ubuntu 20.04, but should be straightforward to adapt to other Linux distributions. Building on Mac or Windows has not been tested and is not currently supported.
Prepare to Build the Kernel Image
To create a viable custom kernel for Android, first install the dependencies:
sudo apt-get install --no-install-recommends docker.io git patch tar
The next steps depend on the version of Android you're after.
Android 7, 8, 9, and 10 (Kernel 4.4)
1. Clone the common kernel repository and checkout commit hash 0566f6529a7b8d15d8ff50797331717b346f9aa4
.
git clone https://android.googlesource.com/kernel/common
cd common/
git checkout 0566f6529a7b8d15d8ff50797331717b346f9aa4
export COMMON_CHECKOUT=$(realpath .)
2. Download this patch and save it to $COMMON_CHECKOUT
:
3. Apply the patch with:
patch -p1 < android-common-4.4.patch
4. Download this tarball and save it to $COMMON_CHECKOUT:
5. Extract the tarball to the correct directory from the $COMMON_CHECKOUT
location:
mkdir drivers/corellium/
tar --extract --directory drivers/corellium --file drivers-corellium.tar.gz --gunzip
6. Save this file to $COMMON_CHECKOUT/arch/arm64/configs/corellium_defconfig.
Android 11 (Kernel 5.4)
1. Clone the common kernel repository and checkout the android11-5.4.161_r00
tag.
git clone https://android.googlesource.com/kernel/common
cd common/
git checkout android11-5.4.161_r00
export COMMON_CHECKOUT=$(realpath .)
2. Download this patch and save it to $COMMON_CHECKOUT
:
3. Apply the patch with:
patch -p1 < android-common-5.4.patch
4. Download this tarball and save it to $COMMON_CHECKOUT
:
5. Extract the tarball to the correct directory from the $COMMON_CHECKOUT
location:
mkdir drivers/corellium/
tar --extract --directory drivers/corellium --file drivers-corellium.tar.gz --gunzip
6. Save this file to $COMMON_CHECKOUT/arch/arm64/configs/corellium_defconfig
.
Android 12 (Kernel 5.10)
1. Clone the common kernel repository and checkout the android12-5.10.81_r00
tag.
git clone https://android.googlesource.com/kernel/common
cd common/
git checkout android12-5.10.81_r00
export COMMON_CHECKOUT=$(realpath .)
2. Download this patch and save it to $COMMON_CHECKOUT
:
3. Apply the patch with:
patch -p1 < android-common-5.10.patch
4. Download this tarball and save it to $COMMON_CHECKOUT
:
5. Extract the tarball to the correct directory from the $COMMON_CHECKOUT
location:
mkdir drivers/corellium/
tar --extract --directory drivers/corellium --file drivers-corellium.tar.gz --gunzip
6. Save this file to $COMMON_CHECKOUT/arch/arm64/configs/corellium_defconfig
.
Android 13 and 14 (Kernel 5.15)
1. Clone the common kernel repository and checkout the android13-5.15-2022-08_r6
tag.
git clone https://android.googlesource.com/kernel/common
cd common/
git checkout android13-5.15-2022-08_r6
export COMMON_CHECKOUT=$(realpath .)
2. Download this patch and save it to $COMMON_CHECKOUT
:
3. Apply the patch with:
patch -p1 < android-common-5.15.patch
4. Download this tarball and save it to $COMMON_CHECKOUT
:
5. Extract the tarball to the correct directory from the $COMMON_CHECKOUT
location:
mkdir drivers/corellium/
tar --extract --directory drivers/corellium --file drivers-corellium.tar.gz --gunzip
6. Save this file to $COMMON_CHECKOUT/arch/arm64/configs/corellium_defconfig
.
Build the Kernel
For portability, build the kernel inside a Docker container.
To build the kernel image use the following:
mkdir common-build-environment/
cd common-build-environment/
cat > Dockerfile << END
FROM ubuntu:18.04
RUN apt-get update && apt-get install --assume-yes --no-install-recommends autoconf automake bc bison build-essential ca-certificates cpio curl device-tree-compiler flex g++ gcc gcc-aarch64-linux-gnu gettext git-core gnupg gperf groff lib32ncurses5-dev lib32stdc++6 lib32z-dev libc6-dev libc6-dev-i386 libffi-dev libgl1-mesa-dev libncursesw5-dev libpopt-dev libssl-dev libtool libx11-dev libxml2-utils make ninja-build openjdk-8-jdk-headless openjdk-8-jre-headless openssh-client p7zip-full pkg-config python python3 python3-pip python3-venv rsync sudo unzip uuid-dev wget x11proto-core-dev xsltproc xz-utils zip zlib1g-dev
END
sudo docker build --tag=common-kernel-build-environment .
sudo docker run --interactive --tty --mount=type=bind,source=$COMMON_CHECKOUT,target=/common common-kernel-build-environment bash -c 'cd /common/ && ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make corellium_defconfig && ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make'
Tweak and Rebuild the Kernel Image
Once the build is finished, a usable kernel image is found in your checkout directory under arch/arm64/boot/Image
. It is recommended to first test the default-configured kernel image on the respective Android device version to ensure the build was successful before making changes to the kernel.
Rebuild the kernel image with your changes by running:
sudo docker run --interactive --tty --mount=type=bind,source=$COMMON_CHECKOUT,target=/common common-kernel-build-environment bash -c 'cd /common/ && ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make corellium_defconfig && ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make'
Notes
Kernels compiled from physical devices and uploaded a Corellium virtual device will not work. This is because Corellium only supports a specific chipset and hardware configuration.
Advance Your Mobile Security Research with Corellium
Experience Corellium’s groundbreaking virtualization technology for mobile devices and discover never-before-possible mobile vulnerability and threat research for iOS and Android phones. Set up a meeting today to explore how our platform can optimize mobile security research and malware analysis.