The just released version 11.02 of the Genode OS Framework pushes its platform support to 8 different kernels. Genode allows the construction of specialized operating systems by combining one of those kernels with a steadily growing number of ready-to-use components. The new platform additions are the support for Fiasco.OC, which is a modern capability-based microkernel, the upgrade to the NOVA hypervisor 0.3, and a custom kernel implementation specifically targeted to softcore CPUs as employed in FPGA-based SoCs. Functionality-wise, Genode 11.02 features the first parts of a new execution environment for running command-line-based GNU software natively on Genode.
Genode’s cross-kernel portability had always been a unique point of the framework. Traditional microkernel-based OSes were tied to one particular microkernel and are regarded as inherently unportable. Genode changes this by providing a uniform API that works transparently across many different kernel APIs. At the same time, the specific features of each kernel are readily accessible if needed.
Most parts of the infrastructure that comes with Genode is completely kernel agnostic. This includes the dynamic linker, many device drivers, a TCP/IP stack, the Libc, a GUI, and Qt4. Consequently, each supported kernel platform immediately profits from enhancements of this infrastructure. The current release makes this rich functionality available on the Fiasco.OC kernel.
Technically, Fiasco.OC is a modernized version of the L4/Fiasco kernel as it emerged from the L4/Fiasco code base. However, Fiasco.OC’s kernel interface diverged entirely from the classical L4 API, towards a modern capability-based object-oriented model. Fiasco.OC is rich when it comes to features. It supports x86_32, x86_64 alongside many ARM-based platforms, facilitate the use of hardware-based virtualization, supports SMP, accounts kernel resources, and implements capability-based security. This feature set is actually a great fit for Genode, which was designed as a capability-based OS from the start.
With the second major addition to Genode’s platform support, the Genode project enters the realms of kernel development. For running Genode on the Xilinx MicroBlaze softcore CPU, a new kernel design was created, which dissolves the classical split of user land and kernel land. Let me explain.
Existing microkernels come in the form of self sustaining programs that include all functionality needed to operate independently from the user land. This functionality includes data structures for tracking memory mappings and memory allocators. However, in practice, each kernel is accompanied by a single user-level component (often referred to as roottask) that manages the creation of further user-level programs. For doing this, roottask has to keep very similar data structures as those used in the kernel. For a real system work load, both the kernel and roottask are always part of the trusted computing base. Consequently, roottask can be characterized as being the user-level portion of the kernel (even though kernel-developers tend to not appreciate this characterization).
Genode’s core component plays the role of such a roottask. If both the kernel and core are always present in a real system, wouldn’t it make sense to let both use the same data structures? Shouldn’t the real goal of a microkernel-based system be a minimal-complexity trusted computing base rather than only a minimally-complex kernel, which is then accompanied by a complex roottask anyway?
Moving Genode to a new CPU architecture provided the right incentive to pursue the experiment of merging core with the kernel. The kernel part is reduced to only a subset of a typical microkernel: CPU exception handling, a scheduler, functions for the direct manipulation of a software-loaded TLB, and an IPC mechanism. The current stage of implementation allows running core and multiple nested instances of the init process on the Xilinx MicroBlaze CPU. The outcome of this work already demonstrates that this approach has the potential to significantly reduce the complexity of the trusted computing based shared by all Genode applications.
The third platform addition of Genode 11.02 is the support for the recently released version 0.3 of the NOVA hypervisor. With this version, NOVA provides all means to run the complete Genode software stack including dynamically linked applications.
A wide range of supported platforms is of limited value without functionality to be used on top of the framework. Hence, each release enriches the framework with new functionality that thereby becomes available as workload for all supported kernels. Version 11.02 is no exception. It features the first parts of the Noux execution environment, which allows the use of command-line based GNU user land programs on top of Genode. Noux is geared towards the needs of the Genode developers, in particular for using the GNU tools. (gcc, binutils, make, etc.) Even though Noux is in an early stage, the code shipping with the new release clearly shows the direction of where its developers are heading – shaping Genode into a scalable yet highly secure general-purpose OS.
Read on about further details regarding the new kernel platforms, the vision behind Noux, and many more improvements of the framework in the release notes of version 11.02.
Why don’t more people rave about this?
It’s a pile of fantastic ideas.