OS News Archive

Genode 16.05 features revised API, Rust, and huge driver update

  Submitted by Norman Feske OS News 6 Comments

The Genode project has released the version 16.05 of the operating-system framework. The new version comes with a fundamentally reworked component API, basic support for the Rust programming language, new ACPI infrastructure, and upgraded device drivers for Intel wireless, Intel graphics, audio, and USB.

The Genode API and the programming styles for developing components evolved over the years. Being born out of the L4 community, the sole reliance on synchronous inter-component communication was deeply ingrained in the developer's mindset when the project was started ten years ago. It took the project a few years to overcome this misconception and embrace asynchronous communication primitives. Most modern Genode components use a mix of both synchronous and asynchronous inter-component interactions. At the API level, however, the two forms of communication remained to exist side by side instead of being integrated in one holistic design. With respect to programming styles, the project underwent a similar evolution. Coming from C-programming background, many parts of the original API resembled a C-ish programming style such as the prominent use of pointers, format strings, side effects via global function calls, or integer error codes. Over the years, however, the expressiveness of the C++ language got fully embraced and the programming style evolved towards functional programming.

Today, most modern Genode components are designed as single-threaded state machines, triggered only by signals and RPC requests originating from other components. There are almost no dynamic memory allocations. If so, allocations are not anonymous but accounted to a specific allocator. State is explicitly passed as arguments, not captured in the form of globally accessible objects. Thanks to this style, certain classes of bugs such as race conditions or memory leaks are greatly alleviated by design. Genode 16.05 cultivates the modern style of Genode components in the form of a fundamentally revised API. The new API is less complex, much safer, and easier to reason about. To account for this profound change, the release documentation is accompanied by a new edition of the "Genode Foundations" book (PDF).

The second major focus of the current release is the updated arsenal of device drivers. All drivers ported from Linux were upgraded to the Linux kernel 4.4.3. Specifically, the drivers are the Intel wireless stack, the Intel graphics driver, the USB driver, and the TCP/IP stack. Thereby, Genode users are able to leverage the same drivers as up-to-date Linux distributions but with each driver being encapsulated in a dedicated protection domain. The audio driver, which originates from OpenBSD, received an update to OpenBSD 5.9. The device drivers are complemented with new infrastructure that makes ACPI platform controlling and monitoring features available to Genode users.

Further highlights are the added ability to use the Rust programming language in Genode components and the enhanced support for using the GNU debugger on top of the NOVA microhypervisor. Details about all improvements and API changes are provided by the extensive release documentation of version 16.05.

Read More

Minoca OS: operating system for connected devices

OS News 8 Comments

Minoca OS is a leading-edge, highly customizable, general purpose operating system. It features application level functionality such as virtual memory, networking, and POSIX compatibility, but at a significantly reduced image and memory footprint. Unique development, debugging, and real-time profiling tools make getting to the bottom of issues straightforward and easy. Direct support from the development team behind Minoca OS simplifies the process of creating OS images tailored to your application, saving on engineering resources and development time. Minoca OS is a one-stop shop for systems-level design.

Since this will be the main question: no, it is not open source (count the buzzwords). There's a free version that's free to use in non-commercial settings, and a pro version that isn't free, but does come with source access. So no, not open source - but not everything has to be. It's not like open source operating system folks are starved for entertainment in that department.

Read More

VMS Software releases OpenVMS 8.4-2

OS News 36 Comments

As Mark Twain famously wrote, "...the reports of my death are greatly exaggerated". So with OpenVMS.

VMS Software, Inc. (VSI) today announced the worldwide availability of VSI OpenVMS Version 8.4-2 (Maynard Release) operating system for HPE Integrity servers. The Maynard Release is the second by VSI. The new OS is compatible with HPE Integrity servers running the latest Intel Itanium 9500 series processor, as well as most prior generations of the Itanium processor family. VSI also reconfirmed plans to offer OpenVMS on x86-based servers.

"This second release reaffirms our long-term commitment to the OpenVMS platform, and builds upon our highly successful first release of OpenVMS in June of 2015," said Duane P. Harris, CEO of VMS Software. "It is the first of many exciting improvements planned for OpenVMS, including future updates to the file system, TCP/IP, and other major improvements that we look forward to sharing with our customers as we work our way through the planned roadmap."

Read More

L4: lessons from 20 years of research and deployments

OS News 3 Comments

NICTA, Australia's Information and Communications Technology Research Centre, has published a paper on the lessons learned by 20 years of work around the L4 microkernel.

Some of you may remember that NICTA has developped the seL4 microkernel, one of the first - if not the first - microkernel formally verified, an important stepstone in securing computing systems against whole classes of bugs and attacks.

The L4 microkernel has undergone 20 years of use and evolution. It has an active user and developer community, and there are commercial versions that are deployed on a large scale and in safety-critical systems. In this article we examine the lessons learnt in those 20 years about microkernel design and implementation. We revisit the L4 design papers, and examine the evolution of design and implementation from the original L4 to the latest generation of L4 kernels. We specifically look at seL4, which has pushed the L4 model furthest and was the first OS kernel to undergo a complete formal verification of its implementation as well as a sound analysis of worst-case execution times. We demonstrate that while much has changed, the fundamental principles of minimality, generality and high inter-process communication (IPC) performance remain the main drivers of design and implementation decisions.

Read More

Subgraph OS: open source OS that prioritizes security, anonymity

OS News 9 Comments

Subgraph, an open source security company based in Montreal, has published the alpha release of Subgraph OS, which is designed to with security, anonymity AND usability in mind.

"Subgraph OS was designed from the ground-up to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks," its creators say.

Not the first time we've talked about it.

Read More

Sortix 1.0 released

OS News 10 Comments

I'm happy to announce the release of Sortix 1.0. This is the first self-hosting and installable release.

Sortix is a small self-hosting operating-system aiming to be a clean and modern POSIX implementation. It is a hobbyist operating system written from scratch with its own base system, including kernel and standard library, as well as ports of third party software.

We first reported on Sortix (version 0.9) a year ago.

Read More

Qubes OS 3.1 released

OS News 3 Comments

The major new architectural feature of this release has been the introduction of the Qubes Management infrastructure, which is based on the popular Salt management software.

In Qubes 3.1, this management stack makes it possible to conveniently control system-wide Qubes configuration using centralized, declarative statements. Declarative is the key word here: it makes creating advanced configurations significantly simpler. (The user or administrator needs only to specify what they want to get, rather than how they want to get it).

Read More

Genode 16.02 supports the RISC-V CPU architecture

OS News 9 Comments

With version 16.02, the Genode OS Framework moves beyond x86 and ARM CPUs and embraces the emerging open-source RISC-V hardware architecture. Furthermore, the release comes with the new ability to securely assign USB devices to virtual machines, and updates the Muen separation kernel and the seL4 microkernel.

Today's x86 and ARM-based commodity platforms have become increasingly opaque and infested with proprietary firmware. With new platforms becoming ever more complex and being equipped with mandatory companion processors like Intel's Management Engine, the trustworthiness of mainstream hardware becomes more and more uncertain. If those parts of the system become compromised, even a perfectly secure OS cannot protect the user's privacy and security. It goes without saying that this development is a strong concern of privacy advocates. The article Intel x86 considered harmful by Joanna Rutkowska substantiates those concerns extremely well.

RISC-V is a possible answer to the call for trustworthy hardware. In contrast to the CPUs of current-generation hardware, RISC-V is an open-source CPU architecture. The idea of open-source CPUs is not new. There exist numerous softcore CPUs like LatticeMico32 or OpenRISC. But in contrast to those projects, which are primarily targeted at FPGA platforms, RISC-V is designed to scale from deeply embedded systems to 64-bit general-purpose platforms. The prospect of a scalable and trustworthy hardware architecture motivated the Genode project to take a closer look. In the just-released version 16.02, RISC-V has been added as a supported architecture to Genode's custom base-hw kernel. Since the hardware is still in flux, the scope of the support is still somewhat limited. But Genode is already able to run on the official Spike simulator as well as on RISC-V as a synthesized FPGA softcore.

Besides the added RISC-V support, the second highlight of the current release is the new ability to securely assign USB devices to VirtualBox instances running on top of the NOVA kernel. With this feature, Genode becomes able to accommodate many typical desktop-OS work flows like transferring data via USB sticks, or obtaining pictures from a digital camera. Under the hood, the implementation is quite interesting as it successfully transplants the xHCI device model of Qemu to VirtualBox.

The third focus of version 16.02 is the update of the Muen and seL4 kernels. The Muen separation kernel has been updated to version 0.7, which greatly improves the interoperability with Genode's tooling. In fact, Muen can now be targeted with the same work flows as employed for all the other kernels. Genode's support for the seL4 kernel is still a rather experimental line of work. In this respect, the update to the kernel version 2.1 posed a number of interesting challenges with respect to the kernel-resource management. This discussion along with details about the many more improvements of the current release is covered in the official release documentation.

Read More

Microkernels are slow and Elvis didn’t do no drugs

OS News 79 Comments

Microkernel hatred is a peculiar phenomenon. Sheltered users who have never had any background in much beyond Windows and some flavor of free monolithic Unix, will, despite a general apathy or ignorance in the relevant subjects, have strong opinions on the allegedly dreadful performance and impracticality of "icrokernels", however they define the term (and we shall see that a lot of people have some baffling impressions of what a microkernel is supposed to be). Quite often, these negative views will be a result of various remarks made by Linus Torvalds and a general hero worship of his character, a misrepresentation of an old Usenet flame war between AST and Torvalds that was somehow "won" and which supposedly proved that microkernels are nothing but a toy of ivory tower academics, or a rehash of quarter century-old benchmarks on CMU's Mach that were unfavorable. The presence of Linus' character in many of this is no coincidence. It strikes me that anti-microkernel sentiment most vocally originates as a sort of tribal affiliation mechanism by Linux users to ward off insecurity.

In any event, this article will be a concise tour of microkernel myths and misconceptions throughout the ages.

I wouldn't exactly call this article "concise", but it's definitely filled with valuable technical information.

Read More

What is FlingOS?

OS News 7 Comments

The general plan for the OS is to create a micro-kernel based design with sufficient drivers that a basic user-mode interface can be created. The user-mode interface will include a basic tablet or laptop user interface with the ability to start user mode applications. The final goal is to develop a web-browser application to demonstrate the power of the OS.

FlingOS is an educational operating system designed to aid in teaching and learning low-level operating system programming.

Read More

SymbOS: the multitasking OS for the Amstrad CPC, MSX, more

OS News 8 Comments

At the end of 2000 I watched some GEOS-pages and asked myself, why not making such a system on CPC, too. Most CPCs have 128K (most C64 only have 64K), a screen-resolution of 320x200 with 4 colours (C64 only has 2 colours for each 8x8 area in 320x200) and some more advantages. So the idea of the SymbOS-Project was born. SymbOS stands for "SYmbiosis Multitasking Based Operating System". SymbOS should become a demonstration, what could be possible on CPC since the last 20 years. I want to give everything to SymbOS what a modern OS needs. Real preemptive Multitasking, a dynamic memory-management for up to 576K and more and a totaly MS-Windows-like GUI are the three most important things.

Impressive project, and lovely retro '90s website.

Read More

Genode’s new TrustZone demo on the USB Armory

OS News 5 Comments

In their latest article, the developers of the Genode OS Framework document the long-winded way to their new ARM TrustZone demo on the USB Armory - an open source flash drive sized computer. This undertaking was motivated by the prospect to put Linux, which normally runs on the USB Armory, under the supervision of a significantly less complex Genode hypervisor. This construction enables shielding sensitive information like cryptographic keys from Linux by exposing them to Genode only and thereby drastically reduces the attack surface.

The article illustrates how the TrustZone technology is used to isolate Genode from Linux without compromising the rich feature set of Linux, and how both worlds can safely communicate with each other. Finally, the article provides you with all tools and information for easily bringing the demo to your own USB Armory.

Read More

Genode 15.11 puts emphasis on desktop computing

OS News 12 Comments

With the just released version 15.11, the Genode OS framework takes a big step towards desktop computing. On that account, its GUI and audio stacks have become much more modular, dynamic, and flexible. Moreover, the release features the port of Intel KMS from Linux, extends the support for the USB Armory and Xilinx Zynq-7000, and introduces new file-system infrastructure such as a VFS server.

In their release documentation, the Genode developers dedicate an entire section (including screenshots) to the ambition to use Genode as desktop OS. It turns out that the framework's existing component architecture solves a number of difficult problems in new and elegant ways. For example, the configuration of all types of components - be it low-level device drivers or high-level GUI components - can be edited live with a plain text editor. The changes become effective by merely saving a file. This works even for components that have no means or permissions to access a file system at all. Another interesting twist on classical GUI-integration features is Genode's new copy-and-paste mechanism that prevents the clipboard to be misused by malicious applications as a covert information channel while retaining the convenience of traditional clipboard mechanisms.

At a lower level, the desktop theme of the release is supported by the new Intel KMS driver ported from the Linux kernel. It allows the use of multiple displays, and screen resolutions can be switched on the fly. With nearly 70,000 SLOC of Linux kernel code, the porting was a major feat. This work continues the pattern of reusing Linux kernel code, which already enabled Genode to use the Intel wireless stack, the Linux USB stack, and the Linux TCP/IP stack as user-level components. The Intel KMS driver is interesting also in another respect: Since it is tightly coupled with the Intel GEM and DRM infrastructure of the Linux kernel, those subsystems had to be ported as well. So the driver may become a suitable starting point for the development of a future GPU multiplexer.

Thanks to the developer's continuous focus on making the framework fit for day-to-day computing, Genode is now used by a hand full of die-hard Genode enthusiasts as their primary OS. Still, many tasks are carried out via a guest OS in VirtualBox. But all of the circa 40 underlying components such as the kernel, device drivers, protocol stacks, and a growing number of applications are working nicely together and are stable and fast enough to get productive work done.

Besides the main focus on desktop computing, the release is not short of other areas of improvement. Xilinx Zynq-7000 has been added to the supported platforms, TrustZone on the USB Armory received a lot of attention, and a new VFS server makes Genode's file-system infrastructure much more flexible. Those and many more topics are covered by the detailed release documentation.

Read More

‘Xinu is not Unix’

OS News 6 Comments

XINU stands for Xinu Is Not Unix -- although it shares concepts and even names with Unix, the internal design differs completely. Xinu is a small, elegant operating system that supports dynamic process creation, dynamic memory allocation, network communication, local and remote file systems, a shell, and device-independent I/O functions. The small size makes Xinu suitable for embedded environments.

Read More

Live update and rerandomization in MINIX3

  Submitted by xylifyx OS News 12 Comments

MINIX3 now has support for live update and rerandomization of its system services. These features are based on LLVM bitcode compilation and instrumentation in combination with various run-time extensions. Live update and rerandomization support is currently fully functional, although still in an experimental state, not enabled by default, and available for x86 only. This document describes the basic idea, provides instructions on how to enable and use the functionality, provides more in-depth information for developers, and lists open issues and further reading material.

A very detailed look at this piece of MINIX3 functionality.

Read More

OOSMOS goes open source

  Submitted by Mark Glenn OS News 2 Comments

OOSMOS, the Object Oriented State Machine Operating System, is an open source implementation of threadless concurrency for C/C++. The portable, single-source file implementation makes it easy to integrate into any environment - from bare boards to mainframes. Out of the box, it compiles and runs on many small processors and boards (including Arduino) as well as on Windows and Linux. It is our goal for developers of any skill level to be able to use OOSMOS effectively, whether building a science project on an Arduino or building an advanced medical device.

We've already talked about OOSMOS before, but the project's just gone open source.

Read More

GNU Hurd 0.7 released

OS News 45 Comments

GNU Hurd 0.7 and GNU Mach 1.6 have been released.

The GNU Hurd is the GNU project's replacement for the Unix kernel. It is a collection of servers that run on the Mach microkernel to implement file systems, network protocols, file access control, and other features that are implemented by the Unix kernel or similar kernels (such as Linux).

Since day one of the GNU project, Hurd was supposed to be its kernel - as we all know, of course, it turned out Linux provided a far better kernel with a much faster pace of development, and it's been used as the de-facto GNU kernel ever since. Those with an appreciation for history will love the lingering, mildly dismissive tone of "...such as Linux".

Read More