Genode
 | |
 The desktop system Sculpt based on Genode | |
| Developer | Genode Labs |
|---|---|
| Written in | C++ |
| Working state | Current |
| Source model | Open source |
| Initial release | 2008 |
| Latest release | 24.05[1] / 30 May 2024 |
| Repository | github |
| Marketing target | Desktop computers Embedded systems |
| Available in | English |
| Platforms | ARM,RISC-V,[2]x86,x86-64[3] |
| Kerneltype | Microkernel |
| Userland | Genode,POSIX |
| License | AGPL-3.0-onlyand commercial |
| Official website | genode |
Genodeis afree and open-source softwareoperating system(OS) framework consisting of amicrokernelabstraction layer and a set ofuser spacecomponents.[4][5][6]The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such asUnix.The characteristic design philosophy is that a smalltrusted computing baseis of primary concern in a security-oriented OS.
Genode can be used as a basis for adesktop computer[7][8]or tablet[9]OS or as avirtual machine monitorfor guest operating systems. The framework has been used as a trusted component of securevirtualizationsystems for bothx86[10]andARM.[11]
The smallcodebaseof Genode makes it a flexible alternative to more complex Unix-derived operating systems. For this reason the framework has been used as a base system for research in such fields as virtualization,[12]inter-process communication,[13]IP stackisolation,[14][15]monitoring,[16]andsoftware development.[17][18]
History
[edit]Genode was first conceived as the Bastei OS Architecture[19]research report at the Technical University of Dresden (TU Dresden). The focus of the report was to determine the practicality of a component-based OS usingcapability-based security.This report was motivated in part by research intoL4microhypervisors[20]conducted during the same time. Following the success of an early prototype, the authors of the report founded the company Genode Labs to develop Bastei as the Genode OS Framework.
Releases
[edit]The project is developed publicly as an open source project released under the terms of theGNU Affero General Public Licensewith a commercial entity offering alternative licensing. Releases are scheduled at three-month intervals to make changes to the systemapplication binary interface(ABI),application programming interface(API), and issue documentation. The OS framework is available in source code form and following the 18.02 release a general purpose derivative namedSculptis provided with on-target binary deployment.
Architectural features
[edit]Genode builds on the general philosophy of microkernels: the smaller and simpler the code, the easier it is to verify for trustworthiness and correctness. Genode extends this philosophy to user space by composing complex applications from small components. Each component exists in a strict hierarchy of parent-child relationships. Any component acting as a parent may apply resource andinter-process communication(IPC) access policies to its children. This hierarchical system layout yields intuitive partitioning and privilege deescalation as specialized subsystems are nested within more general subsystems, mitigating theconfused deputy problemendemic to centralized orsuperusersystem policy.
The framework is designed to be hosted by microkernels, however the features of any given microkernel fall mostly within a common set, andmonolithic kernelsimplement a superset of those features. Abstracting these features allows Genode to act as user space for a variety of L4 microkernels,[21][22]and Linux.
Criticism
[edit]C++
[edit]Genode is often criticized for the choice of its implementation language,C++(a few other operating systems implemented in C++ includeBeOS,Fuchsia,Ghost,Haiku,IncludeOS,Managarm,OSv,Palm OS,ReactOS,SerenityOS,Syllable,andSymbian). This critique usually asserts that C++ is a poor choice for implementing system libraries and APIs because of the inherent complexity of C++ and the difficulty in analyzing code for correct behavior. While Genode does make use of multiple inheritance and templates in its system library, the use of theC++ Standard Libraryis not allowed and language features that rely on implicit global state, such asthread-local storageand the global allocator, have been removed from the language runtime.[23]Comprehensive static analysis of C++ is not possible. However, the Genode project publishes unit tests for empirical analysis.
XML
[edit]Genode components consume and publish state using structured data serialized inXML,in contrast to the plain text model of Unix derivatives. The Genode framework makes use of XML in effectively all of its components because XML is easily parsed and generated programmatically while still being possible to understand and edit manually.
Local namespacing
[edit]Genode lacks any practical globalnamespace;there is no globalfile systemor registry ofprocessesor IPC endpoints. This is in contrast to systems such as Unix which feature a ubiquitous file system and allow a superuser context to arbitrarily manage any process within the system. Explicitly declaring the permissions and routing of components may be perceived as labor-intensive relative to Unix. However, compartmentalizing administration allows subsystems to be managed by mutually untrustedsystem administratorson the same machine without resorting to virtualizing, a common isolation method.
Sculpt
[edit]The Genode project publishes a desktop operating system namedSculptthat targets contemporary consumerlaptops.[24]Sculpt is a small base system with automatic device detection and configuration, some GUI control interfaces, and frontends to the Genode package manager. The system does not feature a full desktop environment, but requires users to deployvirtual machineshosting traditional OSes for a fully featured desktop. Sculpt is distinguished from the Genode operating system framework in that it relies heavily on dynamic reconfiguration using privileged control components in contrast to specialized systems with static policies.
See also
[edit]- HelenOS,a desktop microkernel based operating system
- QNX,a proprietary Unix-like operating system hosted by a microkernel
- Qubes OS,a desktop operating system that provides security through virtualization
- Capability-based security
- Secure by default
References
[edit]- ^"Release 24.05".30 May 2024.Retrieved22 June2024.
- ^"Genode OS adds RISC-V support".
- ^Larabel, Michael."Genode Is Developing A GPU Multiplexer For Intel Graphics Hardware".Phoronix.
- ^"Introduction of the Genode OS Framework".archive.fosdem.org/2012.
- ^"L4 Based Operating Systems".L4hq.org.Archived fromthe originalon 2018-06-14.Retrieved2018-06-01.
- ^Larabel, Michael."Redox OS, MINIX, Hurd & Genode Had Their Time at FOSDEM Too".Phoronix.
- ^Baader, Hans-Joachim."Genode 2018.2 mit Sculpt OS".pro-linux.de.
- ^Larabel, Michael."Sculpt Aims to Be a General-Purpose OS Built Atop Genode".
- ^Tarasikov, Alexander (2013-05-11)."Porting Genode to commercial hardware".I hate software.Blogger.
- ^"Muen: An x86/64 Separation Kernel for High Assurance".
- ^Williams, John."Inspecting data from the safety of your trusted execution environment"(PDF).
- ^"Embassies: Radically Refactoring the Web"(PDF).USENIX.
- ^Wegner, Martin; Holthusen, Sönke (2014-12-11)."Contract Specification and language".ccc-project.org.Archived fromthe originalon 2019-03-27.Retrieved2018-06-01.
- ^Hamad, Mohammad (2016-01-06)."The Secure Communication Module of CCC".ccc-project.org.Archived fromthe originalon 2019-01-23.Retrieved2018-06-01.
- ^Hamad, Mohammad."A communication framework for distributed access control in microkernel-based systems"(PDF).
- ^Pruthiviraj, B.; Madhusuthun, G.S.; Vijayasarathy, S.; Chakrapani, K."A Microkernel Based Secure Operating System Using Genode Framework"(PDF).JATIT.
- ^Hähne, Ludwig."Empirical Comparison of SCons and GNU Make"(PDF).
- ^Millo-Sánchez, Reinier; Paz Rodríguez, Waldo; Fajardo-Moya, Alexis."Genode OS Framework, un framework para el desarrollo de sistemas embebidos".ResearchGate.
- ^"TU Dresden technical report TUD-FI06-07"(PDF).
- ^"NOVA Microhypervisor".
- ^"L4 Based Operating Systems".L4hq.org.Archived fromthe originalon 2018-06-14.Retrieved2018-06-01.
- ^"SeL4 Community Projects".sel4.systems.
- ^"Genode's Conscious C++ dialect".genodians.org.Retrieved2019-11-29.
- ^"Release notes 18.02".
External links
[edit]
- Official websites
- Research projects
- KV-Cache: A Scalable High-Performance Web-Object Cache for Manycore
- TrApps: Secure Compartments in the Evil Cloud
- Development of an Embedded Platform for Secure CPS Services
- Secure-OS project of IIT Madras
- Kernel isolation of a Capability-based security Operating System
- Mobile Device Security with ARM TrustZone
| Kernels |
| ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Operating systems |
| ||||||||||||||||||||||||
| Frameworks,kits | |||||||||||||||||||||||||
| Developers | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
