Genode as Desktop OS - FOSDEM
Transcript of Genode as Desktop OS - FOSDEM
![Page 2: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/2.jpg)
Outline
1. Why another operating system?
2. Architectural principles
3. Framework for building operating systems
4. Desktop scenarios
5. Present and future
Genode as Desktop OS 2
![Page 3: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/3.jpg)
Outline
1. Why another operating system?
2. Architectural principles
3. Framework for building operating systems
4. Desktop scenarios
5. Present and future
Genode as Desktop OS 3
![Page 4: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/4.jpg)
Universal Truths
Ease of useSecurity
Utilization
ScalabilityAssurance
Accountability
Genode as Desktop OS 4
![Page 5: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/5.jpg)
Problem: Complexity
Today’s commodity OSes Exceedingly complex trusted computingbase (TCB)
TCB of an application on Linux:Kernel + loaded kernel modulesDaemonsX Server + window managerDesktop environmentAll running processes of the user
→ User credentials are exposed to millions of lines of code
Genode as Desktop OS 5
![Page 6: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/6.jpg)
Problem: Complexity
Today’s commodity OSes Exceedingly complex trusted computingbase (TCB)
TCB of an application on Linux:Kernel + loaded kernel modulesDaemonsX Server + window managerDesktop environmentAll running processes of the user
→ User credentials are exposed to millions of lines of code
Genode as Desktop OS 5
![Page 7: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/7.jpg)
Problem: Complexity
Today’s commodity OSes Exceedingly complex trusted computingbase (TCB)
TCB of an application on Linux:Kernel + loaded kernel modulesDaemonsX Server + window managerDesktop environmentAll running processes of the user
→ User credentials are exposed to millions of lines of code
Genode as Desktop OS 5
![Page 8: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/8.jpg)
Problem: Complexity (II)
Implications:
High likelihood for bugs (need for frequent security updates)
Huge attack surface for directed attacks
Zero-day exploits
Genode as Desktop OS 6
![Page 9: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/9.jpg)
Problem: Complexity (II)
Implications:
High likelihood for bugs (need for frequent security updates)
Huge attack surface for directed attacks
Zero-day exploits
Genode as Desktop OS 6
![Page 10: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/10.jpg)
Problem: Complexity (II)
Implications:
High likelihood for bugs (need for frequent security updates)
Huge attack surface for directed attacks
Zero-day exploits
Genode as Desktop OS 6
![Page 11: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/11.jpg)
Universal Truths
Ease of useSecurity
Utilization
ScalabilityAssurance
Accountability
Genode as Desktop OS 7
![Page 12: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/12.jpg)
Problem: Resource management
Pretension of unlimited resourcesLack of accounting
→ Largely indeterministic behavior→ Need for complex heuristics, schedulers
Genode as Desktop OS 8
![Page 13: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/13.jpg)
Problem: Resource management
Pretension of unlimited resourcesLack of accounting→ Largely indeterministic behavior
→ Need for complex heuristics, schedulers
Genode as Desktop OS 8
![Page 14: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/14.jpg)
Problem: Resource management
Pretension of unlimited resourcesLack of accounting→ Largely indeterministic behavior→ Need for complex heuristics, schedulers
Genode as Desktop OS 8
![Page 15: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/15.jpg)
Problem: Resource management
Pretension of unlimited resourcesLack of accounting→ Largely indeterministic behavior→ Need for complex heuristics, schedulers
Genode as Desktop OS 8
![Page 16: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/16.jpg)
Universal Truths
Ease of useSecurity
Utilization
ScalabilityAssurance
Accountability
Genode as Desktop OS 9
![Page 17: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/17.jpg)
Key technologies
Microkernels
Componentization, kernelization
Capability-based security
Virtualization
...but how to compose those?
Genode as Desktop OS 10
![Page 18: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/18.jpg)
Key technologies
Microkernels
Componentization, kernelization
Capability-based security
Virtualization
...but how to compose those?
Genode as Desktop OS 10
![Page 19: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/19.jpg)
Outline
1. Why another operating system?
2. Architectural principles
3. Framework for building operating systems
4. Desktop scenarios
5. Present and future
Genode as Desktop OS 11
![Page 20: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/20.jpg)
Idea
→ Application-specific TCB
Genode as Desktop OS 12
![Page 21: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/21.jpg)
Combined with virtualization
Genode as Desktop OS 13
![Page 22: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/22.jpg)
Object capabilities
Delegation of authority between components
Each component lives in a virtual environment
A component that possesses a capability canI Use it (invoke)I Delegate it to acquainted components
Genode as Desktop OS 14
![Page 23: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/23.jpg)
Object capabilities
Delegation of authority between components
Each component lives in a virtual environment
A component that possesses a capability canI Use it (invoke)I Delegate it to acquainted components
Genode as Desktop OS 14
![Page 24: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/24.jpg)
Object capabilities
Delegation of authority between components
Each component lives in a virtual environment
A component that possesses a capability canI Use it (invoke)
I Delegate it to acquainted components
Genode as Desktop OS 14
![Page 25: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/25.jpg)
Object capabilities
Delegation of authority between components
Each component lives in a virtual environment
A component that possesses a capability canI Use it (invoke)I Delegate it to acquainted components
Genode as Desktop OS 14
![Page 26: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/26.jpg)
Recursive system structure
Genode as Desktop OS 15
![Page 27: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/27.jpg)
Resource management
Explicit assignment of physical resources to components
Genode as Desktop OS 16
![Page 28: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/28.jpg)
Resource management (II)
Resources can be attached to sessions
Genode as Desktop OS 17
![Page 29: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/29.jpg)
Outline
1. Why another operating system?
2. Architectural principles
3. Framework for building operating systems
4. Desktop scenarios
5. Present and future
Genode as Desktop OS 18
![Page 30: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/30.jpg)
Components
Genode as Desktop OS 19
![Page 31: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/31.jpg)
Components
Genode as Desktop OS 20
![Page 32: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/32.jpg)
Components
Genode as Desktop OS 21
![Page 33: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/33.jpg)
Components
Genode as Desktop OS 22
![Page 34: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/34.jpg)
Components
Genode as Desktop OS 23
![Page 35: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/35.jpg)
Components
Genode as Desktop OS 24
![Page 36: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/36.jpg)
Outline
1. Why another operating system?
2. Architectural principles
3. Framework for building operating systems
4. Desktop scenarios
5. Present and future
Genode as Desktop OS 25
![Page 37: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/37.jpg)
Faithful virtualization (traditional)
root mode non-root mode
Guest OS
VMprocess
/dev/vboxdrvkernel
vboxdrv.ko
VMMR0 / Hypervisor
highly complex
access control?
authorized tochange the kernel
highly complex
Genode as Desktop OS 26
![Page 38: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/38.jpg)
VirtualBox as Genode subsystem
User Mode
Privileged ModeNOVA Hypervisor
Core
Init
Resource Multiplexer
UnmodifiedGuest OS
virtual CPU
virtual device
virtual RAM
VMMDevice Driver
Kernel
Genode as Desktop OS 27
![Page 39: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/39.jpg)
OS-level virtualization
Genode as Desktop OS 28
![Page 40: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/40.jpg)
OS-level virtualization
Genode as Desktop OS 28
![Page 41: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/41.jpg)
OS-level virtualization (example)
Init
Backdrop FS-ROM RAM FSNoux
Runtime
Editor
configROM
filesystem
filesystem
Genode as Desktop OS 29
![Page 42: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/42.jpg)
Multi-component applications
Init
Window managerNitpicker App
Report ROM
ROMReportDecorator Layouter
Nitpicker
Nitpicker
ROM<window -list >
...
</window -list >
ROM<hover >
...
</hover >
Report<window -layout >
...
</window -layout >
ROM<window -layout >
...
</window -layout >
Report<hover >
...
</hover >
input
Genode as Desktop OS 30
![Page 43: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/43.jpg)
Multi-component applications
Init
Window managerNitpicker App
Report ROM
ROMReportDecorator Layouter
Nitpicker
Nitpicker
ROM<window -list >
...
</window -list >
ROM<hover >
...
</hover >
Report<window -layout >
...
</window -layout >
ROM<window -layout >
...
</window -layout >
Report<hover >
...
</hover >
input
Genode as Desktop OS 30
![Page 44: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/44.jpg)
“Turmvilla” scenario
Init
NitpickerGUI
WindowManager CLI monitor
timeracpi drvacpi report romplatform drvahci drvpart blklog file terminallogrump fswifi drvps2 drvusb drvfb drvrtc drvtrace subject reporterinput mergerreport romnitpickerwm report romwmlayouterdecoratorvbox pointershared fsconfig fsconfig romromcli nit fbcli terminal
VirtualBox Noux
Genode as Desktop OS 31
![Page 45: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/45.jpg)
Rich applications
Loader
Init
AroraWeb
Browser
Init
NitpickerGUI
TCP/IP
Menu
NitpickerGUI
Virtual FramebufferLaunchpad
Testnit
Genode as Desktop OS 32
![Page 46: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/46.jpg)
Outline
1. Why another operating system?
2. Architectural principles
3. Framework for building operating systems
4. Desktop scenarios
5. Present and future
Genode as Desktop OS 33
![Page 47: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/47.jpg)
Disclaimer
Currently used by only a few enthusiasts
No package management
Limited hardware support
Not yet palatable for uninitiated end users
Genode as Desktop OS 34
![Page 48: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/48.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 49: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/49.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 50: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/50.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 51: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/51.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 52: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/52.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 53: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/53.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 54: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/54.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 55: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/55.jpg)
Ambitions
Eating our own dog food (tool chain, email, IRC...)
Capability-based desktop environment
Muen and seL4 as base platforms
RISC-V
USB Armory
Nix package manager
Collaborating with Qubes?
Genode as Desktop OS 35
![Page 56: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/56.jpg)
The Book “Genode Foundations”
GENODEOperating System Framework
FoundationsNorman Feske
http://genode.org/documentation/genode-foundations-15-05.pdf
Genode as Desktop OS 36
![Page 57: Genode as Desktop OS - FOSDEM](https://reader034.fdocuments.net/reader034/viewer/2022052004/6285b00139e033156d3384dc/html5/thumbnails/57.jpg)
Thank you
Genode OS Frameworkhttp://genode.org
Genode Labs GmbHhttp://www.genode-labs.com
Source code at GitHubhttp://github.com/genodelabs/genode
Genode as Desktop OS 37