Announcement

Collapse
No announcement yet.

Genode OS Framework 21.08 Streamlining Its Porting Of Linux Driver Code

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Genode OS Framework 21.08 Streamlining Its Porting Of Linux Driver Code

    Phoronix: Genode OS Framework 21.08 Streamlining Its Porting Of Linux Driver Code

    We've been covering Genode OS for more than a decade now as this original open-source operating system "framework" and through this time they have managed to keep up with their routine feature releases. Out this week is Genode OS Framework 21.08 as they seek to make it easier porting device driver code to their platform...

    https://www.phoronix.com/scan.php?pa...enode-OS-21.08

  • #2
    I wonder what's the goal. Efficient containerization, embedded, high availability or something?

    Comment


    • #3
      a solution looking for a problem to solve...

      Comment


      • #4
        Originally posted by tildearrow View Post
        I wonder what's the goal. Efficient containerization, embedded, high availability or something?
        I asked myself the same question. Then I looked at their "About" page:

        Originally posted by About Genode
        The Genode OS Framework is a tool kit for building highly secure special-purpose operating systems. It scales from embedded systems with as little as 4 MB of memory to highly dynamic general-purpose workloads.

        Genode is based on a recursive system structure. Each program runs in a dedicated sandbox and gets granted only those access rights and resources that are needed for its specific purpose. Programs can create and manage sub-sandboxes out of their own resources, thereby forming hierarchies where policies can be applied at each level. The framework provides mechanisms to let programs communicate with each other and trade their resources, but only in strictly-defined manners. Thanks to this rigid regime, the attack surface of security-critical functions can be reduced by orders of magnitude compared to contemporary operating systems.

        The framework aligns the construction principles of L4 with Unix philosophy. In line with Unix philosophy, Genode is a collection of small building blocks, out of which sophisticated systems can be composed. But unlike Unix, those building blocks include not only applications but also all classical OS functionalities including kernels, device drivers, file systems, and protocol stacks.

        (source)
        YMMV.

        Comment


        • #5
          Originally posted by ermo View Post

          I asked myself the same question. Then I looked at their "About" page:



          YMMV.
          can I run system=d ?

          Comment


          • #6
            Originally posted by ermo View Post

            I asked myself the same question. Then I looked at their "About" page:



            YMMV.
            I did look at the About page prior to asking, but even so I still was confused.

            Comment


            • #7
              Originally posted by DrLecter View Post
              a solution looking for a problem to solve...
              I mean... we have all these nails, why not have a hammer? Isn't it sorta obvious what the use of this is?

              Comment


              • #8
                Originally posted by tildearrow View Post
                I wonder what's the goal. Efficient containerization, embedded, high availability or something?
                I mean, on seL4 you can guarantee all sorts of isolation, including timing isolation, that just don't work anywhere else. Genode is a framework for building systems on top of these kernels.

                Comment


                • #9
                  Originally posted by tildearrow View Post

                  I did look at the About page prior to asking, but even so I still was confused.
                  If I were to build a security critical commercial service (aren't they all essentially security critical these days?), then GenodeOS might be just the ticket, provided the isolation <-> performance tradeoffs are managable from both a hardware and human-resources provisioning perspective?

                  For fixed services (the kind you can build scale-out capability for), this kind of thing seems tailor-made to ensure reliability, trust-worthiness and uptime while keeping security tight?

                  For end-user workstations, though...? Hm. I suppose it could provide strong guarantees for isolation if you are working in a highly sensitive area where hardware back-dooring by sophisticated nation-state-backed attacks is a legitimate concern? If you run a Linux VM on top of a bare-iron seL4 system, you may be able to fend off your would-be attacker more easily (for a suitable definition of "easy" that is)?

                  Might also be useful for portable secure communication devices for instance?

                  Comment

                  Working...
                  X