Bare-metal Rust in Android: How it improves security

Rust is a programming language designed to ensure a high level of security without sacrificing performance. We have seen how important memory safety is in applications and how most cyber attacks tends to take advantage of these problems. With Rust, developers have the opportunity to avoid rust-related bugs at their root memory management finally freeing itself from the risks of C/C++.

Google has talked about the implementation of Rust bare-metal in Android referring to the use of code capable of being directly executed on the device’s hardware, without intermediaries. The Mountain View company emphasizes that the transition to Rust has led to a significant reduction of vulnerabilities security in Android. On the other hand, we have seen that Rust is forcefully entering the Linux kernel and the Windows kernel.

Until now, however, the efforts of Android developers were concentrated on the so-called userspace that is, system services that operate outside the kernel, on top of it. Everything a user interacts with directly or indirectly on an Android device is part of the userspace.

Rust bare-metal: why this is a major change

The Google development team is also embracing Rust for lower-level software components on the operating system Android. Many critical components for the safety on Android operate in “bare-metal” environments outside of the Linux kernel and are historically written in C. To improve the security of these components, the Android Rust rewrote the pVM firmware (protected VM) inside theAndroid Virtualization Framework.

The initials VAT refers to a virtual machine that operates in a secure, isolated environment. The use of VAT is aimed at guaranteeing the security and integrity of the data: bringing it within theAndroid Virtualization Frameworkusing the Rust language, Google improves the security of devices based on the green robot.

Initially, in fact, Google had opted for the open source bootloader U-Boot: This tool, however, had numerous problems and defects that made it unsuitable for use in a potentially hostile environment.

The Mountain View company has therefore taken action not only to improve U-Boot but also to contribute to the Rust community. The company founded by Larry Page and Sergey Brin, contributed to the crate existing ones and shared new ones. THE crate they are the main way to organize code in Rust and the largest compilation unit in the language. We also took great care to optimize the driver Virtue which deals with improving the performance and flexibility of virtual machines.

Google says that many of the company’s engineers were pleasantly surprised by how productive and pleasant it is to work with Rust: the language offers high-level development capabilities even in software environments that are, by their nature, low-level.


Please enter your comment!
Please enter your name here