OS News Archive

Genode 16.02 supports the RISC-V CPU architecture

Guest post by Norman Feske 2016-03-01 OS News 9 Comments

With version 16.02, the Genode OS Framework moves beyond x86 and ARM CPUs and embraces the emerging open-source RISC-V hardware architecture. Furthermore, the release comes with the new ability to securely assign USB devices to virtual machines, and updates the Muen separation kernel and the seL4 microkernel.

Today's x86 and ARM-based commodity platforms have become increasingly opaque and infested with proprietary firmware. With new platforms becoming ever more complex and being equipped with mandatory companion processors like Intel's Management Engine, the trustworthiness of mainstream hardware becomes more and more uncertain. If those parts of the system become compromised, even a perfectly secure OS cannot protect the user's privacy and security. It goes without saying that this development is a strong concern of privacy advocates. The article Intel x86 considered harmful by Joanna Rutkowska substantiates those concerns extremely well.

RISC-V is a possible answer to the call for trustworthy hardware. In contrast to the CPUs of current-generation hardware, RISC-V is an open-source CPU architecture. The idea of open-source CPUs is not new. There exist numerous softcore CPUs like LatticeMico32 or OpenRISC. But in contrast to those projects, which are primarily targeted at FPGA platforms, RISC-V is designed to scale from deeply embedded systems to 64-bit general-purpose platforms. The prospect of a scalable and trustworthy hardware architecture motivated the Genode project to take a closer look. In the just-released version 16.02, RISC-V has been added as a supported architecture to Genode's custom base-hw kernel. Since the hardware is still in flux, the scope of the support is still somewhat limited. But Genode is already able to run on the official Spike simulator as well as on RISC-V as a synthesized FPGA softcore.

Besides the added RISC-V support, the second highlight of the current release is the new ability to securely assign USB devices to VirtualBox instances running on top of the NOVA kernel. With this feature, Genode becomes able to accommodate many typical desktop-OS work flows like transferring data via USB sticks, or obtaining pictures from a digital camera. Under the hood, the implementation is quite interesting as it successfully transplants the xHCI device model of Qemu to VirtualBox.

The third focus of version 16.02 is the update of the Muen and seL4 kernels. The Muen separation kernel has been updated to version 0.7, which greatly improves the interoperability with Genode's tooling. In fact, Muen can now be targeted with the same work flows as employed for all the other kernels. Genode's support for the seL4 kernel is still a rather experimental line of work. In this respect, the update to the kernel version 2.1 posed a number of interesting challenges with respect to the kernel-resource management. This discussion along with details about the many more improvements of the current release is covered in the official release documentation.

Microkernels are slow and Elvis didn’t do no drugs

Thom Holwerda 2016-01-02 OS News 79 Comments

Microkernel hatred is a peculiar phenomenon. Sheltered users who have never had any background in much beyond Windows and some flavor of free monolithic Unix, will, despite a general apathy or ignorance in the relevant subjects, have strong opinions on the allegedly dreadful performance and impracticality of "icrokernels", however they define the term (and we shall see that a lot of people have some baffling impressions of what a microkernel is supposed to be). Quite often, these negative views will be a result of various remarks made by Linus Torvalds and a general hero worship of his character, a misrepresentation of an old Usenet flame war between AST and Torvalds that was somehow "won" and which supposedly proved that microkernels are nothing but a toy of ivory tower academics, or a rehash of quarter century-old benchmarks on CMU's Mach that were unfavorable. The presence of Linus' character in many of this is no coincidence. It strikes me that anti-microkernel sentiment most vocally originates as a sort of tribal affiliation mechanism by Linux users to ward off insecurity.

In any event, this article will be a concise tour of microkernel myths and misconceptions throughout the ages.

I wouldn't exactly call this article "concise", but it's definitely filled with valuable technical information.

What is FlingOS?

Thom Holwerda 2016-01-02 OS News 7 Comments

The general plan for the OS is to create a micro-kernel based design with sufficient drivers that a basic user-mode interface can be created. The user-mode interface will include a basic tablet or laptop user interface with the ability to start user mode applications. The final goal is to develop a web-browser application to demonstrate the power of the OS.

FlingOS is an educational operating system designed to aid in teaching and learning low-level operating system programming.

SymbOS: the multitasking OS for the Amstrad CPC, MSX, more

Thom Holwerda 2015-12-17 OS News 8 Comments

At the end of 2000 I watched some GEOS-pages and asked myself, why not making such a system on CPC, too. Most CPCs have 128K (most C64 only have 64K), a screen-resolution of 320x200 with 4 colours (C64 only has 2 colours for each 8x8 area in 320x200) and some more advantages. So the idea of the SymbOS-Project was born. SymbOS stands for "SYmbiosis Multitasking Based Operating System". SymbOS should become a demonstration, what could be possible on CPC since the last 20 years. I want to give everything to SymbOS what a modern OS needs. Real preemptive Multitasking, a dynamic memory-management for up to 576K and more and a totaly MS-Windows-like GUI are the three most important things.

Impressive project, and lovely retro '90s website.

Guest post by mstein 2015-12-09 OS News 5 Comments

In their latest article, the developers of the Genode OS Framework document the long-winded way to their new ARM TrustZone demo on the USB Armory - an open source flash drive sized computer. This undertaking was motivated by the prospect to put Linux, which normally runs on the USB Armory, under the supervision of a significantly less complex Genode hypervisor. This construction enables shielding sensitive information like cryptographic keys from Linux by exposing them to Genode only and thereby drastically reduces the attack surface.

The article illustrates how the TrustZone technology is used to isolate Genode from Linux without compromising the rich feature set of Linux, and how both worlds can safely communicate with each other. Finally, the article provides you with all tools and information for easily bringing the demo to your own USB Armory.

Guest post by Norman Feske 2015-12-01 OS News 12 Comments

With the just released version 15.11, the Genode OS framework takes a big step towards desktop computing. On that account, its GUI and audio stacks have become much more modular, dynamic, and flexible. Moreover, the release features the port of Intel KMS from Linux, extends the support for the USB Armory and Xilinx Zynq-7000, and introduces new file-system infrastructure such as a VFS server.

In their release documentation, the Genode developers dedicate an entire section (including screenshots) to the ambition to use Genode as desktop OS. It turns out that the framework's existing component architecture solves a number of difficult problems in new and elegant ways. For example, the configuration of all types of components - be it low-level device drivers or high-level GUI components - can be edited live with a plain text editor. The changes become effective by merely saving a file. This works even for components that have no means or permissions to access a file system at all. Another interesting twist on classical GUI-integration features is Genode's new copy-and-paste mechanism that prevents the clipboard to be misused by malicious applications as a covert information channel while retaining the convenience of traditional clipboard mechanisms.

At a lower level, the desktop theme of the release is supported by the new Intel KMS driver ported from the Linux kernel. It allows the use of multiple displays, and screen resolutions can be switched on the fly. With nearly 70,000 SLOC of Linux kernel code, the porting was a major feat. This work continues the pattern of reusing Linux kernel code, which already enabled Genode to use the Intel wireless stack, the Linux USB stack, and the Linux TCP/IP stack as user-level components. The Intel KMS driver is interesting also in another respect: Since it is tightly coupled with the Intel GEM and DRM infrastructure of the Linux kernel, those subsystems had to be ported as well. So the driver may become a suitable starting point for the development of a future GPU multiplexer.

Thanks to the developer's continuous focus on making the framework fit for day-to-day computing, Genode is now used by a hand full of die-hard Genode enthusiasts as their primary OS. Still, many tasks are carried out via a guest OS in VirtualBox. But all of the circa 40 underlying components such as the kernel, device drivers, protocol stacks, and a growing number of applications are working nicely together and are stable and fast enough to get productive work done.

Besides the main focus on desktop computing, the release is not short of other areas of improvement. Xilinx Zynq-7000 has been added to the supported platforms, TrustZone on the USB Armory received a lot of attention, and a new VFS server makes Genode's file-system infrastructure much more flexible. Those and many more topics are covered by the detailed release documentation.

‘Xinu is not Unix’

Thom Holwerda 2015-11-29 OS News 6 Comments

XINU stands for Xinu Is Not Unix -- although it shares concepts and even names with Unix, the internal design differs completely. Xinu is a small, elegant operating system that supports dynamic process creation, dynamic memory allocation, network communication, local and remote file systems, a shell, and device-independent I/O functions. The small size makes Xinu suitable for embedded environments.

Submitted by xylifyx 2015-11-17 OS News 12 Comments

MINIX3 now has support for live update and rerandomization of its system services. These features are based on LLVM bitcode compilation and instrumentation in combination with various run-time extensions. Live update and rerandomization support is currently fully functional, although still in an experimental state, not enabled by default, and available for x86 only. This document describes the basic idea, provides instructions on how to enable and use the functionality, provides more in-depth information for developers, and lists open issues and further reading material.

A very detailed look at this piece of MINIX3 functionality.

OOSMOS goes open source

Submitted by Mark Glenn 2015-11-04 OS News 2 Comments

OOSMOS, the Object Oriented State Machine Operating System, is an open source implementation of threadless concurrency for C/C++. The portable, single-source file implementation makes it easy to integrate into any environment - from bare boards to mainframes. Out of the box, it compiles and runs on many small processors and boards (including Arduino) as well as on Windows and Linux. It is our goal for developers of any skill level to be able to use OOSMOS effectively, whether building a science project on an Arduino or building an advanced medical device.

We've already talked about OOSMOS before, but the project's just gone open source.

GNU Hurd 0.7 released

Thom Holwerda 2015-10-31 OS News 45 Comments

GNU Hurd 0.7 and GNU Mach 1.6 have been released.

The GNU Hurd is the GNU project's replacement for the Unix kernel. It is a collection of servers that run on the Mach microkernel to implement file systems, network protocols, file access control, and other features that are implemented by the Unix kernel or similar kernels (such as Linux).

Since day one of the GNU project, Hurd was supposed to be its kernel - as we all know, of course, it turned out Linux provided a far better kernel with a much faster pace of development, and it's been used as the de-facto GNU kernel ever since. Those with an appreciation for history will love the lingering, mildly dismissive tone of "...such as Linux".

cOS for the Commodore 64: ‘modern’ UI with touch screen support

Thom Holwerda 2015-10-26 OS News 2 Comments

This project started as a simple experiment to see if I could create a "modern" looking graphical user interface for the commodore 64.

Once I got the basic user interface working, I decided to add an optional touch screen. It pretty much works! Of course cOS can still be operated by a standard joystick or the cursor keys.

These people are gods.

Z88 operating system OZ V4.6 released

Submitted by pek 2015-10-23 OS News 5 Comments

OZ V4.6, a continuation of the actual operating system of the Z88, has been released.

This web space has been created by and for the 'die-hard' users of the Cambridge Z88, the iPad of the 80's, launched in September 1987 at the PCW computer show in London. The company behind it was Cambridge Computer, a spring-off company of Sinclair Research, founded by Clive Sinclair.

The object of this project is to streamline the operating system, OZ and to build new applications by replacing the built-in ROM with a larger device. All the software and documents here, is provided for free, ready to be downloaded in source code, or as ready-made binaries - all GPL V2 licensed.

Incredibly impressive project.

Welcome to Interim OS

Thom Holwerda 2015-09-16 OS News 7 Comments

Interim OS is a radical new operating system with a focus on minimalism. It steals conceptually from Lisp machines (language-based kernel) and Plan 9 (everything is a file system). It boots to a JITting Lisp-like REPL and offers the programmer/user the system's resources as filesystems.

A graphical OS for the Atari 8-bit

Thom Holwerda 2015-09-09 OS News 28 Comments

Atari 8-bit fans have long hankered after a GUI similar to GEOS on the Commodore 64. Diamond GOS went some way to addressing this deficiency, and since then there have been several creditable attempts at implementing a GUI OS on the A8. Now there's another one in the pipeline: an as yet unnamed project which aims to bring a pre-emptive multi-tasking graphical operating system to the 8-bit Atari.

Impressive.

Operating systems: three easy pieces

Thom Holwerda 2015-09-07 OS News 12 Comments

Welcome to Operating Systems: Three Easy Pieces, a free online operating systems book! The book is centered around three conceptual pieces that are fundamental to operating systems: virtualization, concurrency, and persistence. In understanding the conceptual, you will also learn the practical, including how an operating system does things like schedule the CPU, manage memory, and store files persistently. Lots of fun stuff!

The object-oriented state machine operating system

Thom Holwerda 2015-09-04 OS News 51 Comments

OOSMOS stands for Object-Oriented State Machine Operating System. It is a new type of operating system where the fundamental contextual unit is the object, not the thread as it is in traditional operating systems.

Because there are no threads, there are no thread stacks, so OOSMOS is ideal for use in memory constrained environments where a traditional thread-based operating system is not a viable option.

Genode 15.08 runs on top of the Muen separation kernel

Guest post by Norman Feske 2015-08-31 OS News 11 Comments

The Genode project announced the version 15.08 of their OS framework. The most prominent topics of the current release are the use of Genode as day-to-day operating system by their developers and the added ability to run Genode-based systems on top of the Muen separation kernel.

Where monolithic kernel architectures represent one extreme with respect to kernel complexity, separation kernels mark the opposite end. The code complexity of monolithic OS kernels such as Linux is usually counted in terms of millions of lines of code. In stark contrast, modern microkernels such as NOVA and seL4 are comprised of only ten thousand lines of code. Separation kernels go even a step further by reducing the code complexity to only a few thousand lines of code. How is that possible? The answer lies in the scope of functionality addressed by the different types of kernels. The high complexity of monolithic kernels stems from the fact that all major OS functionalities are considered as being in the scope of the kernel. In particular, device drivers and protocol stacks account for most of the code in such kernels. Microkernels disregard such functionalities from the scope of the kernel by moving them to user-level components. The kernel solely retains the functionality that is fundamentally needed to enable those components to work and collaborate. In order to accommodate a wide range of workloads, microkernels typically provide interfaces to user land that enable the dynamic management of low-level resources such as memory, devices, and processing time. Genode's designated role is to supplement microkernels with a scalable and secure user-level OS architecture. In contrast to microkernels, separation kernels disregard dynamic resource management from their scope. All physical resources are statically assigned to a fixed set of partitions at system-integration time and remain unchanged over the lifetime of the system. The flexibility of microkernels is traded for the benefit of further complexity reduction. Their low complexity of just a few thousand lines of code make separation kernels appealing for high-assurance computing. On the other hand, their static nature imposes limitations on their application areas.

Muen as a representative of separation kernels is special in two ways. First, whereas most separation kernels are proprietary software solutions, Muen is an open-source project. Second, the kernel is implemented in the safe SPARK programming language, which is able to formally verify the absence of implementation bugs such as buffer overflows, integer-range violations, and exceptions. Thanks to the close collaboration between the Muen developers and the Genode community, the assurance of the Muen separation kernel can now be combined with the rich component infrastructure provided by Genode. From Genode's perspective, Muen is another architecture for their custom base-hw kernel. In fact, with Genode on Muen, a microkernel-based system is running within the static boundaries of one Muen partition. This way, the component isolation enforced by the base-hw kernel and the static isolation boundaries enforced by Muen form two lines of defense for protecting security-critical system functions from untrusted code sandboxed within a Genode subsystem.

The second major theme of the current release is the use of Genode as the day-to-day operating system by its developers. Since the beginning of June, one of the core developers is exclusively working with a Genode/NOVA-based system. The key element is VirtualBox with its powerful guest-host integration features. It allows for an evolutionary transition from Linux-centric work flows to the use of native Genode applications. Network connectivity is provided by the Intel wireless stack ported from the Linux kernel. File-system access is based on NetBSD's rump kernels. For using command-line based GNU software directly on Genode, the Noux runtime environment comes in handy. The daily use of Genode as general-purpose OS motivated many recent developments, ranging from the management of kernel memory in NOVA, over new system monitoring facilities, SMP guest support in VirtualBox, to user-facing improvements of the GUI stack. These and many more topics are covered by the comprehensive release documentation.

Contiki 3.0 released

Thom Holwerda 2015-08-26 OS News 3 Comments

Today the Contiki team announced the release of Contiki 3.0, the latest version of the open source IoT operating system! The 3.0 release is a huge step up from the 2.x branch and brings support for new and exciting hardware, a set of new network protocols, a bunch of improvements in the low-power mesh networking protocols, along with a large number of general stability improvements.

Introducing Qubes OS live USB edition

Thom Holwerda 2015-08-11 OS News 1 Comment

We have built and uploaded the first ever working Qubes Live USB image! It's based on the recently released 3.0-rc2 release. Now you should be able to run and try Qubes OS of any laptop without needing to install it anywhere!

We've talked about Qubes before, but since it's been a while, here's a quick primer:

Qubes is an open-source operating system designed to provide strong security for desktop computing using Security by Compartmentalization approach. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers.

This new live USB image should make it a lot easier to give Qubes a go.

On Hurd, Linux and cross-compiling a GNU Hurd toolchain

Thom Holwerda 2015-07-28 OS News 2 Comments

This article is both a tutorial, a war story and a conceptual introduction to GNU Hurd in which I set up a cross-toolchain, and give a colorful tour through some rough edges of the GNU build system. My host system is Slackware Linux 14.1 (running on -current), i686 - which I find preferable due to its highly vanilla nature, running software almost entirely without distro-specific patching.