The new Genode version 14.08 extends the graphical abilities of the framework to the level of flexibility expected from a general-purpose OS. In contrast to contemporary GUI stacks, Genode approaches the problem from the angle of maximizing security. This premise led to a fairly unique design. Further highlights of the new version are a new port of OpenVPN, an upgraded DDE Linux, vast performance improvements of the base-hw kernel, and networking for VirtualBox on top of the NOVA microhypervisor.
It goes without saying that a flexible and dynamic GUI stack is needed for a general-purpose operating system. Since Genode strives to become such a system, this problem had to be covered at some point. The starting point was the existing nitpicker GUI server, which is a secure multiplexer for the physical display and input devices. Regarding widget sets, the framework already featured a few custom graphical applications talking directly to nitpicker, and came with support for Qt and libSDL. However, there was a missing link between the low-level nitpicker GUI server and the applications, namely a window manager and desktop environment. The open question was how to maintain the rigid security provided by nitpicker while also supporting sophisticated window management, visually appealing window decorations, and customizability.
The solution took the Genode team more than a year to fall into place. At its core, it is a clever combination of small components that use existing Genode interfaces and facilitate two features unique to Genode: the virtualization of arbitrary OS services and the sandboxing of each individual process. The solution that comes with the new release adds merely 3000 lines of code to the trusted computing base of graphical applications while enabling advanced dynamic GUIs. The complex parts of the GUI such as the rendering and behavior of window decorations and window-layout management are stuffed away in sandboxes so that those complex (and potentially bug-prone) parts cannot compromise the privacy of the user. In fact, the security of the GUI stack does not even depend on a correctly working C runtime. So its attack surface is orders of magnitude smaller compared with commodity OSes. Of course, the current version is just a step on the road towards an integrated desktop environment but now, in contrast to one year ago, the path to walk on is clear.
Besides addressing the GUI stack, the new release comes with an updated execution environment for device drivers of the Linux 3.14.5 kernel. Thanks to DDE Linux, Linux subsystems such as the TCP/IP stack and the USB stack can be executed directly on the microkernels supported by Genode. The primary motivation behind the update was ongoing work on bringing the Intel wireless stack to Genode.
Functionality-wise, the highlights of the new release are a new port of the OpenVPN client that can now be used as Genode component, added networking support for guest OSes running in VirtualBox on top of NOVA, the use of multiple processors by the Seoul virtual-machine monitor, and the addition of pluggable file systems. Those and many more topics are covered in the detailed release documentation.