This is not a Wikipedia article: It is an individual user's work-in-progress page, and may be incomplete and/or unreliable. For guidance on developing this draft, see Wikipedia:So you made a userspace draft. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Genode is a research operating system framework, designed primarily to run on microkernels (although other configurations are available), with a particular focus on security, scalability, efficiency, and portability.
Initially conceived at the University of Technology Dresden, the project is now managed by Genode Labs.
The code is maintained at GitHub[1], and is available under two licenses: an open-source license (AGPLv3), and a commercial license through Genode Labs.
Releases are scheduled at regular, three-month intervals, and are labelled in a "YY.MM" format (e.g., the May 2017 release is labelled "17.05").
Thorough developer documentation is available in an e-book called "Genode Foundations"[2].
Major Architectural Features
editGenode builds on the general philosophy behind microkernels - that the smaller and simpler the code, the easier it is to verify for trustworthiness and correctness. Genode extends this philosophy in some novel ways to produce a framework for more secure software.
At the core is separating all software into components, which ideally are kept small and single-purpose. This brings several benefits. With proper design, it helps keep the Trusted Computing Base (TCB) small. But Genode adds to this by enforcing a strict hierarchy of component creation/ownership, sandboxing each component's use of resources, and tracking ownership of resources through the component tree. A capability-based security scheme is used to manage permissions to resources.
This arrangement prevents many kinds of problems typically associated with resource management.
Build System and Targets
editCurrently, the supported CPU architectures are:
Genode currently runs atop several kernels, including:
Note: The Linux port is intended mainly for development, because the debugging tools are more convenient than debugging code running directly on hardware.
The Genode build system is based on the GNU compiler suite, with a set of custom tools to automate the preparation of build "scenarios", compiling the code, and testing the results.
A scenario is a particular combination of the build target (CPU and hardware platform) along with the desired software components to be included, along with any configuration that is required. Each scenario results in the creation of one target binary. To reduce build times (and storage space), the build system allows sharing the intermediate binaries between different scenarios that share the same build target.
Many packages are available in the package repository, to be used as building blocks in custom scenarios. These range from simple code libraries to major frameworks such as a port of Qt5 or the custom "Noux" subsystem (a UNIX-like runtime environment that simplifies porting existing software).
Historically, the Genode build system has only supported creating fixed, embedded-style boot images, with a predetermined set of components. However, after years of laying the groundwork for dynamic runtime system updates, a project (codenamed "Sculpt") is under way to allow creating desktop-style images, with the ability to install, remove, and configure software at run-time. This is scheduled to gradually roll out through 2018[3].
Technical Achievements
edit- Genode's exploration of ARM TrustZone[4] along with its open-source implementation achieved wide recognition[5] in 2014. This line of work was later extended into the Genode ARM virtualization project[6].
- Genode managed to execute VirtualBox[7] on top of the NOVA microhypervisor[8]. It thereby significantly reduces the trusted computing base of VirtualBox-based virtualization solutions.
- Genode designed from scratch a thin interface layer (called "base-hw") that can be used instead of a full microkernel to manage hardware resources. It is available for the ARM and x86 (32 and 64 bit) platforms.
- Genode is an early adopter of the RISC-V instruction-set architecture[9].
- In 2016, Genode became available for the seL4 microkernel, thereby complementing seL4 with a scalable and dynamic user land.
History
editThe project was initiated in 2006 by Norman Feske and Christian Helmuth at the University of Technology Dresden. It envisioned a scalable general-purpose OS based on the combination of capability-based security, microkernel construction principles, and virtualization. Its first architecture draft[10] (using the working title "Bastei") coined the term "application-specific trusted computing base".
Genode was influenced by Jonathan Shapiro's work on EROS, and the L4 family of microkernels.
In 2008, the original Genode authors founded the company Genode Labs with the mission to advance the initial research prototype into an OS technology applicable in real-world products.
In the same year, the first open-source version of Genode was published under the GPLv2 license. Since then, the project follows a quarterly release cycle[11].
In addition to the open-source license, Genode Labs offers Genode under commercial licensing terms.
In 2017, the open-source license was updated to AGPLv3[12] accompanied with an open-source software linking clause that fosters the interoperability of Genode with all popular open-source licenses.
References
edit- ^ Genode Labs at GitHub
- ^ Genode Foundations e-book
- ^ 2018 Road Map
- ^ Genode ARM TrustZone Investigation
- ^ An Exploration of ARM TrustZone Technology
- ^ Genode ARM Virtualization
- ^ Release Notes 14.02
- ^ NOVA Microhypervisor
- ^ Genode OS Adds RISC-V Support
- ^ Bastei Design Paper
- ^ Genode Release Notes Index
- ^ Genode Open-Source License Update