Genode is a novel OS architecture that aims to improve software safety by applying a strict organizational structure to all software components including device drivers, system services, and applications. Within the Genode project, the Operating System framework is an open-source tool kit for building highly secure component-based operating systems, whereas Sculpt is a pre-built distribution for personal computers and smartphones. Genode is frequently used in academia for computer science research.

History

Genode was first conceived as the Bastei OS Architecture research report at the Technical University of Dresden (

TU Dresden TU Dresden (for , abbreviated as TUD), also as the Dresden University of Technology, is a public research university in Dresden, Germany. It is the largest institute of higher education in the city of Dresden, the largest university in Saxony a ...

). The focus of the report was to determine the practicality of a component-based OS using

capability-based security Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that ref ...

. This work was influenced by concurrent research at Dresden into virtualisation and microkernels which would itself mature into the NOVA microhypervisor subsequently adopted as the Sculpt kernel. Following the success of an early prototype, the authors of the report founded the company Genode Labs to develop Bastei as the Genode OS Framework.

Overview

Genode OS framework is a tool kit for building highly secure special-purpose operating systems. It scales from embedded systems with as little as 4 MB of memory to highly dynamic general-purpose workloads.

Design concepts

The system is based on a recursive structure. Each program is executed in a dedicated sandbox and gets granted only those access rights and resources that are required to fulfill its specific purpose. Programs can create and manage sub-sandboxes out of their own resources, thereby forming hierarchies where policies can be applied at each level. The framework provides mechanisms to let programs communicate with each other and trade their resources, but only in strictly-defined manners. Thanks to this rigid regime, the attack surface of security-critical functions can be reduced by orders of magnitude compared to contemporary operating systems. The framework aligns the construction principles of microkernels with Unix philosophy. In line with Unix philosophy, Genode is a collection of small building blocks, out of which sophisticated systems can be composed. But unlike Unix, those building blocks include not only applications but also all classical OS functionalities including kernels, device drivers, file systems, and protocol stacks.

Features

CPU architectures

Genode supports the x86 (32 and 64 bit), ARM (32 and 64 bit), and RISC-V (64 bit) CPU architectures. On x86, modern architectural features such as IOMMUs and hardware virtualization can be utilized. On ARM, Genode is able to take advantage of TrustZone and virtualization technology.

Kernels

Genode can be deployed on a variety of different kernels including most members of the

L4 microkernel family L4 is a family of second-generation microkernels, used to implement a variety of types of operating systems (OS), though mostly for Unix-like, ''Portable Operating System Interface'' (POSIX) compliant types. L4, like its predecessor microkernel ...

(NOVA, seL4, Fiasco.OC, OKL4 v2.1, L4ka::Pistachio, L4/Fiasco). Furthermore, it can be used on top of the

Linux kernel The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...

kernel to attain rapid development-test cycles during development. Additionally, the framework is accompanied with a custom microkernel that has been specifically developed for Genode and thereby further reduces the complexity of the trusted computing base compared to other kernels.

Virtualization

Genode supports virtualization at different levels: * Using NOVA or Genode's custom kernel, faithful virtualization via

VirtualBox Oracle VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and InnoTek VirtualBox) is a hosted hypervisor for x86 virtualization developed by Oracle Corporation. VirtualBox was originally created by InnoTek Systemberatung GmbH, which was ac ...

allows for the execution of unmodified guest operating systems as Genode subsystems. Alternatively, the Seoul virtual machine monitor can be used to run unmodified Linux-based guest OSes. * On ARM, Genode can be used as TrustZone monitor, or as a virtual machine monitor that facilitates ARM's virtualization extensions.

Building blocks

The Framework consists of hundreds of ready-to-use components such as: * Device drivers for most common PC peripherals including networking, storage, display, USB, PS/2, Intel wireless, Intel GPUs, and audio. * Device drivers for a variety of ARM-based SoCs, in particular the NXP i.MX family. * A GUI stack including a low-complexity GUI server, window management, and widget toolkits such as Qt. * Networking components such as TCP/IP stacks and packet-level network services. * Applications based on the POSIX interface, including GNU coreutils, bash, GCC, binutils, and findutils.

Releases

Genode is offered as

free and open source software Free and open-source software (FOSS) is software available under a Software license, license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term ...

with commercial licencing available on request.

OS Framework

Updates are released quarterly. Development follows a roadmap for each year with longer term aspirations listed separately.

Sculpt

Pre-built general purpose operating system for commodity PC hardware and the PinePhone. As Genode Labs' in-house distribution Sculpt is used daily by the Genode developers. The design of the user interface is guided by the underlying design philosophy of Genode and thus diverges from mainstream convention. This approach is typified by "Leitzentrale", an interactive chart of the system components, accessible at any time. A sizeable library applications have been ported to Sculpt from

KDE KDE is an international free software community that develops free and open-source software. As a central development hub, it provides tools and resources that enable collaborative work on its projects. Its products include the KDE Plasma gra ...

. The name "Sculpt" derives from the intention for users to sculpt their own desktop incorporating only their desired components.

Documentation

Genode Labs maintain extensive documentation of their products. The master reference is "Genode Foundations" which provides a holistic description of the Framework and is revised annually. This is supported by "Genode Applications" which covers developing and porting applications to Genode, and "Genode Platforms" which deals with low level and hardware related topics.

Reception

Genode acknowledge that the unorthodox interface of Sculpt may intimidate some users. Bryan Lunduke regards Sculpt as the "weirdest" contemporary operating system.

References

External links

; Official websites *
Genodians (Genode community blog)Genode Labs
; Research projects
KV-Cache: A Scalable High-Performance Web-Object Cache for ManycoreTrApps: Secure Compartments in the Evil CloudDevelopment of an Embedded Platform for Secure CPS ServicesSecure-OS project of IIT MadrasKernel isolation of a Capability-based security Operating SystemMobile Device Security with ARM TrustZone
{{Operating systems ARM operating systems Capability systems Free software operating systems Free software programmed in C++ Microkernel-based operating systems Operating system security IA-32 operating systems X86-64 operating systems