having unusable kernel is useless

Hardly, the difference is that seL4 makes a very specific claim that having complete code coverage of testing makes them magically more secure and reliable than other microkernels, when the truth is that the piece of code they have complete coverage on is but a tiny portion of the stack, and so while there are advantages that microkernels provide in terms of security and reliability, seL4 isn't really all that special... and its benefit is meaningless outside of tightly controlled embedded environments where you can certify the entire stack.

But even then that certification basically just means that that software does what the Requirements Docs say it does. If the requirements documents say "Send passwords in clear text" then as long as it does that then it's "proven".

If you don't know what a formal proof is, you don't know, but don't go telling others that they got it wrong when you literally have no idea what you're talking about. The concept of "test coverage" doesn't even apply to this, and they aren't even tests. A formal proof is a real tangible thing, unlike a marketing claim of "artificial intelligence"

Luke, go do your homework, you're making an ass of yourself.

Minix, QNX, Singularity, (in the future) Redox... The list can go for quite some time. The L4 kernels are hardly the only entry in the market and they're far from the most interesting or "complete". They were useful to prove that it was just a Mach fuckup that microkernels were considered slow, but at this point their main argument in favour of themselves is mastubatory marketing crap that doesn't actually mean much of anything.

You might want to look into a mirror. You're making an ass of yourself trying to decry the fact that I ripped off all the shitty wrapping paper that your marketing speak wrapped up around a nothingburger. I'm the one that actually did do his research and so isn't being taken away by hand waving terms about "mathematical symbols". All your "proof" means is that your program matches your requirements doc to the letter and it has the tests to prove it. That does not mean it's secure, that does not mean it's fast, that does not mean that it is good.

In principle sure you can sit there in the documentation masturbating about your algorithm and using a logic proof to say that the inputs and outputs are "correct" (not fast, not secure, not good, correct) and thus the function is proven... but do you know why nobody does that? Why "Mathematically Proven" in seL4's case and generally in software means "100% code coverage"? Because if your correct output is not fast, secure, or good then you have to change the code and rewrite the proof from scratch. If your proofs are instead in tests then it's much easier to modify them, because radical changes aren't required, and the "mathematical proof" is that all branches have been hit.

Someone hasn't read any of the writeups on it. https://www.securityweek.com/bleedin...-click-attacks

First There's this:
you can protect against arbitrary code with kernel privileges but probably not the denial of service.

There's this:
Which is an information leak that means that within a microkernel you could still likely read the address space of the bluetooth stack without triggering a segfault. Network stacks such as Bluetooth do contain sensitive information users wouldn't want leaked.

then we have
which again... denial of services aren't stopped by microkernels.

We'll assume for the sake of argument that appropriate memory protections are in place to stop arbitrary code execution in userspace (NX Bit and all that), but the rest of these are still serious and not halted by the memory isolation provided by using a microkernel.

True the kernel is only a part of the stack. But there is a project to write an operating system in Rust on top of of seL4. Also you can write servers in Rust for Genode. With that in theory you can write safer code that a Linux subsystem written in C.
Also you can isolate the unsafe components and thanks to seL4 blazing fast IPC (and it's proven that it's fast) the performance overhead is negligible.
So not only is the kernel safer, it allows to write safer components and isolate security risks while remaining perfomant. And you can run older unadapted code (l4linix) fast and isolated.
I think it's worthwhile.

it ate your brain. linux is not under microkernel. and if it's under some hypervisor - that hypervisor is useless in kernel role, since it is used in hypervisor role and requires real kernel.

neither "fast" nor "blazing" is a number. in real world outside of your marketing hype the only fast ipc is no ipc. and in addition to being slow, ipc is complicated. so you only need order of magnitude more manpower than linux
you mean, you can run all your non-imaginary code fast and "isolated". guess what? you can do it without microkernels

You've conveniently ignored the second half of my post, which was: