Genode is a

free and open-source software Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

(OS) framework consisting of a

microkernel In computer science, a microkernel (often abbreviated as μ-kernel) is the near-minimum amount of software that can provide the mechanisms needed to implement an operating system (OS). These mechanisms include low-level address space management, ...

abstraction layer and a set of

user space A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...

components. The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such as

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...

. The characteristic design philosophy is that a small trusted computing base is of primary concern in a security-oriented OS. Genode can be used as a basis for a

desktop computer A desktop computer (often abbreviated desktop) is a personal computer designed for regular use at a single location on or near a desk due to its size and power requirements. The most common configuration has a case that houses the power supply ...

or tablet OS or as a

virtual machine monitor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...

for guest operating systems. The framework has been used as a trusted component of secure

virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, stor ...

systems for both

x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...

and

ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between th ...

. The small

codebase In software development, a codebase (or code base) is a collection of source code used to build a particular software system, application, or software component. Typically, a codebase includes only human-written source code files; thus, a codeb ...

of Genode makes it a flexible alternative to more complex Unix-derived operating systems. For this reason the framework has been used as a base system for research in such fields as virtualization,

inter-process communication In computer science, inter-process communication or interprocess communication (IPC) refers specifically to the mechanisms an operating system provides to allow the processes to manage shared data. Typically, applications can use IPC, categori ...

, IP stack isolation, monitoring, and

software development Software development is the process of conceiving, specifying, designing, programming, documenting, testing, and bug fixing involved in creating and maintaining applications, frameworks, or other software components. Software development invol ...

History

Genode was first conceived as the Bastei OS Architecture research report at the Technical University of Dresden (

TU Dresden TU Dresden (for german: Technische Universität Dresden, abbreviated as TUD and often wrongly translated as "Dresden University of Technology") is a public research university, the largest institute of higher education in the city of Dresden, th ...

). The focus of the report was to determine the practicality of a component-based OS using

capability-based security Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that refer ...

. This report was motivated in part by research into L4 microhypervisors conducted during the same time. Following the success of an early prototype, the authors of the report founded the company Genode Labs to develop Bastei as the Genode OS Framework.

Releases

The project is developed publicly as an open source project released under the terms of the

GNU Affero General Public License The GNU Affero General Public License (GNU AGPL) is a free, copyleft license published by the Free Software Foundation in November 2007, and based on the GNU General Public License, version 3 and the Affero General Public License. The Free So ...

with a commercial entity offering alternative licensing. Releases are scheduled at three-month intervals to make changes to the system

application binary interface In computer software, an application binary interface (ABI) is an interface between two binary program modules. Often, one of these modules is a library or operating system facility, and the other is a program that is being run by a user. An ' ...

(ABI),

application programming interface An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how t ...

(API), and issue documentation. The OS framework is available in source code form and following the 18.02 release a general purpose derivative named

Sculpt Sculpt may be: *a verb meaning 'to sculpture Sculpture is the branch of the visual arts that operates in three dimensions. Sculpture is the three-dimensional art work which is physically presented in the dimensions of height, width and de ...

is provided with on-target binary deployment.

Architectural features

Genode builds on the general philosophy of microkernels: the smaller and simpler the code, the easier it is to verify for trustworthiness and correctness. Genode extends this philosophy to user space by composing complex applications from small components. Each component exists in a strict hierarchy of parent-child relationships. Any component acting as a parent may apply resource and

(IPC) access policies to its children. This hierarchical system layout yields intuitive partitioning and privilege deescalation as specialized subsystems are nested within more general subsystems, mitigating the

confused deputy problem In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deput ...

endemic to centralized or

superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of t ...

system policy. The framework is designed to be hosted by microkernels, however the features of any given microkernel fall mostly within a common set, and

monolithic kernel A monolithic kernel is an operating system architecture where the entire operating system is working in kernel space. The monolithic model differs from other operating system architectures (such as the microkernel architecture) in that it alone ...

s implement a superset of those features. Abstracting these features allows Genode to act as user space for a variety of L4 microkernels, and Linux.

Criticism

C++

Genode is often criticized for the choice of its implementation language,

C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...

(a few other operating systems implemented in C++ include

BeOS BeOS is an operating system for personal computers first developed by Be Inc. in 1990. It was first written to run on BeBox hardware. BeOS was positioned as a multimedia platform that could be used by a substantial population of desktop users a ...

Fuchsia ''Fuchsia'' () is a genus of flowering plants that consists mostly of shrubs or small trees. The first to be scientifically described, '' Fuchsia triphylla'', was discovered on the Caribbean island of Hispaniola (Haiti and the Dominican Republi ...

Ghost A ghost is the soul or spirit of a dead person or animal that is believed to be able to appear to the living. In ghostlore, descriptions of ghosts vary widely from an invisible presence to translucent or barely visible wispy shapes, to rea ...

Haiku is a type of short form poetry originally from Japan. Traditional Japanese haiku consist of three phrases that contain a ''kireji'', or "cutting word", 17 '' on'' (phonetic units similar to syllables) in a 5, 7, 5 pattern, and a ''kigo'', or se ...

IncludeOS IncludeOS is a minimal, open source, unikernel operating system for cloud services and IoT. IncludeOS allows users to run C++ applications in the cloud without any operating system. IncludeOS adds operating system functionality to an application ...

, OSv,

Palm OS Palm OS (also known as Garnet OS) was a mobile operating system initially developed by Palm, Inc., for personal digital assistants (PDAs) in 1996. Palm OS was designed for ease of use with a touchscreen-based graphical user interface. It is provi ...

ReactOS ReactOS is a free and open-source operating system for amd64/i686 personal computers intended to be binary-compatible with computer programs and device drivers made for Windows Server 2003 and later versions of Windows. ReactOS has been noted a ...

Syllable A syllable is a unit of organization for a sequence of speech sounds typically made up of a syllable nucleus (most often a vowel) with optional initial and final margins (typically, consonants). Syllables are often considered the phonological "bu ...

, and

Symbian Symbian is a discontinued mobile operating system A mobile operating system is an operating system for mobile phones, tablets, smartwatches, smartglasses, or other non-laptop personal mobile computing devices. While computers such as typic ...

). This critique usually asserts that C++ is a poor choice for implementing system libraries and APIs because of the inherent complexity of C++ and the difficulty in analyzing code for correct behavior. While Genode does make use of multiple inheritance and templates in its system library, the use of the

C++ Standard Library The C standard library or libc is the standard library for the C programming language, as specified in the ISO C standard. ISO/IEC (2018). '' ISO/IEC 9899:2018(E): Programming Languages - C §7'' Starting from the original ANSI C standard, it was ...

is not allowed and language features that rely on implicit global state, such as

thread-local storage Thread-local storage (TLS) is a computer programming method that uses static or global memory local to a thread. While the use of global variables is generally discouraged in modern programming, legacy operating systems such as UNIX are designed ...

and the global allocator, have been removed from the language runtime. Comprehensive static analysis of C++ is not possible. However, the Genode project publishes unit tests for empirical analysis.

XML

Genode components consume and publish state using structured data serialized in

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable ...

, in contrast to the plain text model of Unix derivatives. The Genode framework makes use of XML in effectively all of its components because XML is easily parsed and generated programmatically while still being possible to understand and edit manually.

Local namespacing

Genode lacks any practical global

namespace In computing, a namespace is a set of signs (''names'') that are used to identify and refer to objects of various kinds. A namespace ensures that all of a given set of objects have unique names so that they can be easily identified. Namespaces ...

; there is no global

file system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...

or registry of processes or IPC endpoints. This is in contrast to systems such as Unix which feature a ubiquitous file system and allow a superuser context to arbitrarily manage any process within the system. Explicitly declaring the permissions and routing of components may be perceived as labor-intensive relative to Unix. However, compartmentalizing administration allows subsystems to be managed by mutually untrusted

system administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to en ...

s on the same machine without resorting to virtualizing, a common isolation method.

Sculpt

The Genode project publishes a desktop operating system named ''Sculpt'' that targets contemporary consumer

laptop A laptop, laptop computer, or notebook computer is a small, portable personal computer (PC) with a screen and alphanumeric keyboard. Laptops typically have a clam shell form factor with the screen mounted on the inside of the upper li ...

s. Sculpt is a small base system with automatic device detection and configuration, some GUI control interfaces, and frontends to the Genode package manager. The system does not feature a full desktop environment, but requires users to deploy

virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...

s hosting traditional OSes for a fully featured desktop. Sculpt is distinguished from the Genode operating system framework in that it relies heavily on dynamic reconfiguration using privileged control components in contrast to specialized systems with static policies.

References

External links

; Official websites * ; Research projects
KV-Cache: A Scalable High-Performance Web-Object Cache for Manycore

TrApps: Secure Compartments in the Evil Cloud

Development of an Embedded Platform for Secure CPS Services

Secure-OS project of IIT Madras

Kernel isolation of a Capability-based security Operating System

Mobile Device Security with ARM TrustZone
{{Operating systems ARM operating systems Capability systems Free software operating systems Free software programmed in C++ Microkernel-based operating systems Operating system security X86 operating systems X86-64 operating systems