Genode

Last updated
Genode
Genode logo text.png
2018-09-21-sculpt-vc.png
The desktop system Sculpt based on Genode
Developer Genode Labs
Written in C++
Working stateCurrent
Source model Open source
Initial release2008;16 years ago (2008)
Latest release 24.08 [1]   OOjs UI icon edit-ltr-progressive.svg / 29 August 2024;52 days ago (29 August 2024)
Repository github.com/genodelabs/genode
Marketing target Desktop computers
Embedded systems
Available in English
Platforms ARM, RISC-V, [2] x86, x86-64 [3]
Kernel type Microkernel
Userland Genode, POSIX
License AGPL-3.0-only and commercial
Official website genode.org

Genode is a free and open-source software operating system (OS) framework consisting of a microkernel abstraction layer and a set of user space components. [4] [5] [6] The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such as Unix. The characteristic design philosophy is that a small trusted computing base is of primary concern in a security-oriented OS.

Contents

Genode can be used as a basis for a desktop computer [7] [8] or tablet [9] OS or as a virtual machine monitor for guest operating systems. The framework has been used as a trusted component of secure virtualization systems for both x86 [10] and ARM. [11]

The small codebase of Genode makes it a flexible alternative to more complex Unix-derived operating systems. For this reason the framework has been used as a base system for research in such fields as virtualization, [12] inter-process communication, [13] IP stack isolation, [14] [15] monitoring, [16] and software development. [17] [18]

History

Genode was first conceived as the Bastei OS Architecture [19] research report at the Technical University of Dresden (TU Dresden). The focus of the report was to determine the practicality of a component-based OS using capability-based security. This report was motivated in part by research into L4 microhypervisors [20] conducted during the same time. Following the success of an early prototype, the authors of the report founded the company Genode Labs to develop Bastei as the Genode OS Framework.

Releases

The project is developed publicly as an open source project released under the terms of the GNU Affero General Public License with a commercial entity offering alternative licensing. Releases are scheduled at three-month intervals to make changes to the system application binary interface (ABI), application programming interface (API), and issue documentation. The OS framework is available in source code form and following the 18.02 release a general purpose derivative named Sculpt is provided with on-target binary deployment.

Architectural features

Genode builds on the general philosophy of microkernels: the smaller and simpler the code, the easier it is to verify for trustworthiness and correctness. Genode extends this philosophy to user space by composing complex applications from small components. Each component exists in a strict hierarchy of parent-child relationships. Any component acting as a parent may apply resource and inter-process communication (IPC) access policies to its children. This hierarchical system layout yields intuitive partitioning and privilege deescalation as specialized subsystems are nested within more general subsystems, mitigating the confused deputy problem endemic to centralized or superuser system policy.

The framework is designed to be hosted by microkernels, however the features of any given microkernel fall mostly within a common set, and monolithic kernels implement a superset of those features. Abstracting these features allows Genode to act as user space for a variety of L4 microkernels, [21] [22] and Linux.

Criticism

C++

Genode is often criticized for the choice of its implementation language, C++ (a few other operating systems implemented in C++ include BeOS, Fuchsia, Ghost, Haiku, IncludeOS, Managarm, OSv, Palm OS, ReactOS, SerenityOS, Syllable, and Symbian). This critique usually asserts that C++ is a poor choice for implementing system libraries and APIs because of the inherent complexity of C++ and the difficulty in analyzing code for correct behavior. While Genode does make use of multiple inheritance and templates in its system library, the use of the C++ Standard Library is not allowed and language features that rely on implicit global state, such as thread-local storage and the global allocator, have been removed from the language runtime. [23] Comprehensive static analysis of C++ is not possible. However, the Genode project publishes unit tests for empirical analysis.

XML

Genode components consume and publish state using structured data serialized in XML, in contrast to the plain text model of Unix derivatives. The Genode framework makes use of XML in effectively all of its components because XML is easily parsed and generated programmatically while still being possible to understand and edit manually.

Local namespacing

Genode lacks any practical global namespace; there is no global file system or registry of processes or IPC endpoints. This is in contrast to systems such as Unix which feature a ubiquitous file system and allow a superuser context to arbitrarily manage any process within the system. Explicitly declaring the permissions and routing of components may be perceived as labor-intensive relative to Unix. However, compartmentalizing administration allows subsystems to be managed by mutually untrusted system administrators on the same machine without resorting to virtualizing, a common isolation method.

Sculpt

The Genode project publishes a desktop operating system named Sculpt that targets contemporary consumer laptops. [24] Sculpt is a small base system with automatic device detection and configuration, some GUI control interfaces, and frontends to the Genode package manager. The system does not feature a full desktop environment, but requires users to deploy virtual machines hosting traditional OSes for a fully featured desktop. Sculpt is distinguished from the Genode operating system framework in that it relies heavily on dynamic reconfiguration using privileged control components in contrast to specialized systems with static policies.

See also

Related Research Articles

<span class="mw-page-title-main">IBM AIX</span> Series of Unix operating systems from IBM

AIX is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms.

<span class="mw-page-title-main">GNU Hurd</span> Operating system kernel designed as a replacement for Unix

GNU Hurd is a collection of microkernel servers written as part of GNU, for the GNU Mach microkernel. It has been under development since 1990 by the GNU Project of the Free Software Foundation, designed as a replacement for the Unix kernel, and released as free software under the GNU General Public License. When the Linux kernel proved to be a viable solution, development of GNU Hurd slowed, at times alternating between stasis and renewed activity and interest.

<span class="mw-page-title-main">Microkernel</span> Kernel that provides fewer services than a traditional kernel

In computer science, a microkernel is the near-minimum amount of software that can provide the mechanisms needed to implement an operating system (OS). These mechanisms include low-level address space management, thread management, and inter-process communication (IPC).

Darwin is the core Unix-like operating system of macOS, iOS, watchOS, tvOS, iPadOS, audioOS, visionOS, and bridgeOS. It previously existed as an independent open-source operating system, first released by Apple Inc. in 2000. It is composed of code derived from NeXTSTEP, FreeBSD, other BSD operating systems, Mach, and other free software projects' code, as well as code developed by Apple.

L4 is a family of second-generation microkernels, used to implement a variety of types of operating systems (OS), though mostly for Unix-like, Portable Operating System Interface (POSIX) compliant types.

This article presents a timeline of events in the history of computer operating systems from 1951 to the current day. For a narrative explaining the overall developments, see the History of operating systems.

Extremely Reliable Operating System (EROS) is an operating system developed starting in 1991 at the University of Pennsylvania, and then Johns Hopkins University, and The EROS Group, LLC. Features include automatic data and process persistence, some preliminary real-time support, and capability-based security. EROS is purely a research operating system, and was never deployed in real world use. As of 2005, development stopped in favor of a successor system, CapROS.

Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses traditional UNIX permissions and Access Control Lists.

<span class="mw-page-title-main">FOSDEM</span> Annual event in Brussels centered on free and open source software development

Free and Open source Software Developers' European Meeting (FOSDEM) is a non-commercial, volunteer-organized European event centered on free and open-source software development. It is aimed at developers and anyone interested in the free and open-source software movement. It aims to enable developers to meet and to promote the awareness and use of free and open-source software.

<span class="mw-page-title-main">Workplace OS</span> Defunct 1990s operating system

Workplace OS is IBM's ultimate operating system prototype of the 1990s. It is the product of an exploratory research program in 1991 which yielded a design called the Grand Unifying Theory of Systems (GUTS), proposing to unify the world's systems as generalized "personalities" cohabitating concurrently upon a universally sophisticated platform of object-oriented frameworks upon one microkernel. Using personalities, a single machine would be able to run applications from multiple conventional operating systems like Unix or OS/2.

A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This contrasts with operating-system–level virtualization, where all instances must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.

<span class="mw-page-title-main">Architecture of Windows NT</span> Structure of the operating system

The architecture of Windows NT, a line of operating systems produced and sold by Microsoft, is a layered design that consists of two main components, user mode and kernel mode. It is a preemptive, reentrant multitasking operating system, which has been designed to work with uniprocessor and symmetrical multiprocessor (SMP)-based computers. To process input/output (I/O) requests, it uses packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with Windows XP, Microsoft began making 64-bit versions of Windows available; before this, there were only 32-bit versions of these operating systems.

A hybrid kernel is an operating system kernel whose architecture attempts to combine aspects and benefits of microkernel and monolithic kernel architectures used in operating systems.

<span class="mw-page-title-main">PikeOS</span> Real-time operating system

PikeOS is a commercial hard real-time operating system (RTOS) which features a separation kernel-based hypervisor. This hypervisor supports multiple logical partition types for various operating systems (OS) and applications, each referred to as a GuestOS. PikeOS is engineered to support the creation of certifiable smart devices for the Internet of Things (IoT), ensuring compliance with industry standards for quality, safety, and security across various sectors. In instances where memory management units (MMU) are not present but memory protection units (MPU) are available on controller-based systems, PikeOS for MPU is designed for critical real-time applications and provides up-to-standard safety and security.

<span class="mw-page-title-main">Gernot Heiser</span> Australian computer scientist

Gernot Heiser is a Scientia Professor and the John Lions Chair for operating systems at UNSW Sydney, where he leads the Trustworthy Systems group (TS).

An embedded hypervisor is a hypervisor that supports the requirements of embedded systems.

<span class="mw-page-title-main">NetBSD</span> Free and open-source Unix-like operating system

NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is available for many platforms, including servers, desktops, handheld devices, and embedded systems.

<span class="mw-page-title-main">Lennart Poettering</span> German software engineer

Lennart Poettering is a German software engineer working for Microsoft and the original author of PulseAudio, Avahi and systemd.

<span class="mw-page-title-main">Rump kernel</span> Software run in userspace that offers kernel functionality

The NetBSD rump kernel is the first implementation of the "anykernel" concept where drivers either can be compiled into or run in the monolithic kernel or in user space on top of a light-weight kernel. The NetBSD drivers can be used on top of the rump kernel on a wide range of POSIX operating systems, such as the Hurd, Linux, NetBSD, DragonFly BSD, Solaris kernels and even Cygwin, along with the file system utilities built with the rump libraries. The rump kernels can also run without POSIX directly on top of the Xen hypervisor, an L4 microkernel using the Genode OS Framework or even on "OS-less" bare metal.

References

  1. "Release 24.08". 29 August 2024. Retrieved 21 September 2024.
  2. "Genode OS adds RISC-V support".
  3. Larabel, Michael. "Genode Is Developing A GPU Multiplexer For Intel Graphics Hardware". Phoronix.
  4. "Introduction of the Genode OS Framework". archive.fosdem.org/2012.
  5. "L4 Based Operating Systems". L4hq.org. Archived from the original on 2018-06-14. Retrieved 2018-06-01.
  6. Larabel, Michael. "Redox OS, MINIX, Hurd & Genode Had Their Time at FOSDEM Too". Phoronix.
  7. Baader, Hans-Joachim. "Genode 2018.2 mit Sculpt OS". pro-linux.de.
  8. Larabel, Michael. "Sculpt Aims to Be a General-Purpose OS Built Atop Genode".
  9. Tarasikov, Alexander (2013-05-11). "Porting Genode to commercial hardware". I hate software. Blogger.
  10. "Muen: An x86/64 Separation Kernel for High Assurance".
  11. Williams, John. "Inspecting data from the safety of your trusted execution environment" (PDF).
  12. "Embassies: Radically Refactoring the Web" (PDF). USENIX.
  13. Wegner, Martin; Holthusen, Sönke (2014-12-11). "Contract Specification and language". ccc-project.org. Archived from the original on 2019-03-27. Retrieved 2018-06-01.
  14. Hamad, Mohammad (2016-01-06). "The Secure Communication Module of CCC". ccc-project.org. Archived from the original on 2019-01-23. Retrieved 2018-06-01.
  15. Hamad, Mohammad. "A communication framework for distributed access control in microkernel-based systems" (PDF).
  16. Pruthiviraj, B.; Madhusuthun, G.S.; Vijayasarathy, S.; Chakrapani, K. "A Microkernel Based Secure Operating System Using Genode Framework" (PDF). JATIT.
  17. Hähne, Ludwig. "Empirical Comparison of SCons and GNU Make" (PDF).
  18. Millo-Sánchez, Reinier; Paz Rodríguez, Waldo; Fajardo-Moya, Alexis. "Genode OS Framework, un framework para el desarrollo de sistemas embebidos". ResearchGate.
  19. "TU Dresden technical report TUD-FI06-07" (PDF).
  20. "NOVA Microhypervisor".
  21. "L4 Based Operating Systems". L4hq.org. Archived from the original on 2018-06-14. Retrieved 2018-06-01.
  22. "SeL4 Community Projects". sel4.systems.
  23. "Genode's Conscious C++ dialect". genodians.org. Retrieved 2019-11-29.
  24. "Release notes 18.02".
Official websites
Research projects
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.