Linked by nfeske on Thu 28th Aug 2014 19:00 UTC
OSNews, Generic OSes

The new Genode version 14.08 extends the graphical abilities of the framework to the level of flexibility expected from a general-purpose OS. In contrast to contemporary GUI stacks, Genode approaches the problem from the angle of maximizing security. This premise led to a fairly unique design. Further highlights of the new version are a new port of OpenVPN, an upgraded DDE Linux, vast performance improvements of the base-hw kernel, and networking for VirtualBox on top of the NOVA microhypervisor.

It goes without saying that a flexible and dynamic GUI stack is needed for a general-purpose operating system. Since Genode strives to become such a system, this problem had to be covered at some point. The starting point was the existing nitpicker GUI server, which is a secure multiplexer for the physical display and input devices. Regarding widget sets, the framework already featured a few custom graphical applications talking directly to nitpicker, and came with support for Qt and libSDL. However, there was a missing link between the low-level nitpicker GUI server and the applications, namely a window manager and desktop environment. The open question was how to maintain the rigid security provided by nitpicker while also supporting sophisticated window management, visually appealing window decorations, and customizability.

The solution took the Genode team more than a year to fall into place. At its core, it is a clever combination of small components that use existing Genode interfaces and facilitate two features unique to Genode: the virtualization of arbitrary OS services and the sandboxing of each individual process. The solution that comes with the new release adds merely 3000 lines of code to the trusted computing base of graphical applications while enabling advanced dynamic GUIs. The complex parts of the GUI such as the rendering and behavior of window decorations and window-layout management are stuffed away in sandboxes so that those complex (and potentially bug-prone) parts cannot compromise the privacy of the user. In fact, the security of the GUI stack does not even depend on a correctly working C runtime. So its attack surface is orders of magnitude smaller compared with commodity OSes. Of course, the current version is just a step on the road towards an integrated desktop environment but now, in contrast to one year ago, the path to walk on is clear.

Besides addressing the GUI stack, the new release comes with an updated execution environment for device drivers of the Linux 3.14.5 kernel. Thanks to DDE Linux, Linux subsystems such as the TCP/IP stack and the USB stack can be executed directly on the microkernels supported by Genode. The primary motivation behind the update was ongoing work on bringing the Intel wireless stack to Genode.

Functionality-wise, the highlights of the new release are a new port of the OpenVPN client that can now be used as Genode component, added networking support for guest OSes running in VirtualBox on top of NOVA, the use of multiple processors by the Seoul virtual-machine monitor, and the addition of pluggable file systems. Those and many more topics are covered in the detailed release documentation.

Permalink for comment 595306
To read all comments associated with this story, please click here.
RE: base-hw kernel
by nfeske on Sun 31st Aug 2014 17:07 UTC in reply to "base-hw kernel"
nfeske
Member since:
2009-05-27

The performance of base-hw and Fiasco.OC (as the only L4 kernel of Genode's base platforms that supports the Pandaboard) is largely on par. For highly dynamic workloads such as the "noux_tool_chain" test, base-hw is up to 25% faster than Fiasco.OC. That result possibly stems from the fact that the base-hw interface matches the Genode API more closely.

What is more interesting though, is that the application performance of base-hw tends to outperform Linux. E.g., loading a complex website (spiegel.de) on the Arora version of Ubuntu 14.04 takes longer than on Genode's Arora version, both running on the same Pandaboard ES.

In short, the performance of base-hw looks quite good. In particular, the universally presumed "microkernel overhead" is really nothing to write home about.

Reply Parent Score: 3