The just released version 18.02 of the Genode OS Framework features the first version of Sculpt, which is a Genode-based general-purpose operating system. To our knowledge, it is the first usable open-source general-purpose OS that facilitates capability-based security from the ground up.
Being currently targeted at users that are close to the project, this initial version is named Sculpt for Early Adopters (EA). It is accompanied with detailed documentation that covers everything needed to install Sculpt on a real machine. The topics include the creation of the boot image, disk preparation, wireless networking, storage, software installation and deployment, and virtualization. Along the way, many concepts that are unique to Genode are explained.
Without any doubt, most topics of Genode 18.02 were motivated by the work on Sculpt. Most importantly, the release introduces new infrastructure for installing, updating, and deploying software from within a running Genode system. The underlying concepts are very much inspired by Git and the Nix package manager, enabling the installation of multiple software versions side by side, or the ability to roll back the installation to an earlier state. Also the on-target tooling breaks with the traditional notion of package management. Instead of executing package-management steps with vast privileges, each single step, for example extracting downloaded content, is executed in a dedicated sandbox.
Besides Sculpt, the Genode release 18.02 also includes many other noteworthy improvements. E.g., the user-level networking stack received a lot of attention, the Nim programming language can now be used for implementing Genode services, there are new tracing facilities, and improved drivers support for NXP i.MX hardware. Furthermore, many 3rd-party software packages received updates. All the improvements are covered by the detailed release documentation.
I’m excited for when the Sculptor’s Cut version is released!
Wow! What an enormous effort to get to this point. Whatever the long-term success of this project, I believe it will enhance the security model for many projects.