“Genode”的意思、由来-开放百科全书

Genode^[4]^[5]^[6] is a free and open-source operating system framework consisting of a microkernel abstraction layer and a collection of userspace components. The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such as Unix. The characteristic design philosophy is that a small trusted computing base is of primary concern in a security oriented OS.

Genode can be used as a basis for a desktop^[7]^[8] or tablet^[9] OS or as a virtual machine monitor for guest operating systems. The framework has been used as trusted component of secure virtualization systems for both x86^[10] and ARM.^[11]

The small codebase of Genode makes it a flexible alternative to more complex Unix-derived operating systems. For this reason the framework has been used as a base system for research in such fields as virtualization,^[12] inter-process communication,^[13] IP stack isolation,^[14]^[15] monitoring,^[16] and software development.^[17]^[18]

History

Genode was first conceived as the Bastei OS Architecture^[19] research report at the Technical University of Dresden. The focus of the report was to determine the practicality of a component-based OS using capability-based security. This report was motivated in part by research into L4 microhypervisors^[20] conducted during the same period. Following the success of an early prototype, the authors of the report founded the company Genode Labs to develop Bastei as the Genode OS Framework.

Releases

The project is developed publicly as an open source project released under the terms of the GNU Affero General Public License with a commercial entity offering alternative licensing. Releases are scheduled at three-month intervals to make changes to the OS ABI and APIs and issue documentation. The OS framework is available in source code form and following the 18.02 release a general purpose derivative called Sculpt is provided with on-target binary deployment.

Architectural features

Genode builds on the general philosophy of microkernels{{snd}} the smaller and simpler the code, the easier it is to verify for trustworthiness and correctness. Genode extends this philosophy to userspace by composing complex applications from small components. Each component exists in a strict hierarchy of parent-child relationships. Any component acting as a parent may apply resource and inter-process communication (IPC) access policies to its children. This hierarchical system layout yields intuitive partitioning and privilege deescalation as specialized subsystems are nested within more general subsystems, mitigating the confused deputy problem endemic to centralized or superuser system policy.

The framework is designed to be hosted by microkernels, however the features of any given microkernel fall mostly within a common set, and monolithic kernels implement a superset of those features. Abstracting these features allows Genode to act as userland for variety of L4 microkernels^[21]^[22] as well as Linux.

Criticism

C++

Genode is often criticized for the choice of its implementation language, C++ (a few other operating systems implemented in C++ include BeOS, Fuchsia, Ghost, Haiku, IncludeOS, OSv, Palm OS, ReactOS, Syllable, and all the major browser engines). This critique usually asserts that C++ is a poor choice for implementing system libraries and APIs because of the inherent complexity of C++ and the difficulty in analyzing code for correct behavior. While Genode does make use of multiple inheritance and templates in its system library, the use of the C++ Standard Library is not allowed and language features that rely on implicit global state, such as thread-local storage and the global allocator, have been removed from the language runtime. Comprehensive static analysis of C++ is not possible, however, the Genode project publishes unit tests for empirical analysis.

XML

Genode components consume and publish state using structured data serialized in XML, in contrast to the plain text model of UNIX derivatives. XML is widely criticized for its complex features, inefficient representation, and the relative difficulty in manually editing XML documents. The Genode framework makes use of XML in effectively all of its components because XML is easily parsed and generated programmatically while still being possible to understand and edit manually. The dialect used by Genode is a simple subset of the full XML language, however new users often report editing XML documents as tedious and error-prone. Not relying on any unique features of XML, the Genode data markup language could be replaced by something simpler, such as JSON or sexps, however no migration plans have been announced.

Local namespacing

Genode is without any practical global namespaces, there is no global file-system or registries of processes or IPC endpoints. This is in contrast to systems such as UNIX which feature a ubiquitous file-system and allow a superuser context to arbitrarily manage any process within the system. Explicitly declaring the permissions and routing of components may be perceived as labor intensive relative to UNIX. However, compartmentalization of administration allows subsystems to be managed by mutually untrusted administrators on the same machine without resorting to virtualization, a common isolation method.

Sculpt

The Genode project publishes a desktop operating system called "Sculpt" that targets contemporary consumer laptops.^[23] Sculpt is a small base system with automatic device detection and configuration, some GUI control interfaces, and frontends to the Genode package manager. The system does not feature a full desktop environment, but requires users to deploy virtual machines hosting traditional OSes for a fully featured desktop. Sculpt is distinguished from the Genode operating system framework in that it relies heavily on dynamic reconfiguration using privileged control components in opposition to specialized systems with static policies.

See also

References

1. ^{{cite web|url=https://genode.org/download/latest-release|title=Genode OS Framework latest release}}
2. ^{{cite web|url=https://www.rambus.com/blogs/genode-os-adds-risc-v-support-2/|title=Genode OS adds RISC-V support}}
3. ^{{cite web |last1=Larabel |first1=Michael |title=Genode Is Developing A GPU Multiplexer For Intel Graphics Hardware |url=https://www.phoronix.com/scan.php?page=news_item&px=Genode-GPU-Multiplexer |website=Phoronix}}
4. ^{{cite web |title=Introduction of the Genode OS Framework |url=https://archive.fosdem.org/2012/schedule/event/microkernel_intro_genode.html |website=archive.fosdem.org/2012}}
5. ^{{cite web |title=L4 Based Operating Systems |url=http://l4hq.org/projects/os/ |website=L4hq.org}}
6. ^{{cite web |last1=Larabel |first1=Michael |title=Redox OS, MINIX, Hurd & Genode Had Their Time At FOSDEM Too |url=https://www.phoronix.com/scan.php?page=news_item&px=FOSDEM-2017-Other-OSes |website=Phoronix}}
7. ^{{cite web |last1=Baader |first1=Hans-Joachim |title=Genode 2018.2 mit Sculpt OS |url=http://www.pro-linux.de/news/1/25685/genode-20182-mit-sculpt-os.html |website=pro-linux.de}}
8. ^{{cite web |last1=Larabel |first1=Michael |title=Sculpt Aims To Be A General-Purpose OS Built Atop Genode |url=https://www.phoronix.com/scan.php?page=news_item&px=Sculpt-OS}}
9. ^{{Cite web|url=https://allsoftwaresucks.blogspot.com/2013/05/porting-genode-to-commercial-hardware.html|title=Porting Genode to commercial hardware|last=Tarasikov|first=Alexander|date=2013-05-11|website=allsoftwaresucks.blogspot.com|archive-url=|archive-date=|dead-url=|access-date=}}
10. ^{{cite web |title=Muen - An x86/64 Separation Kernel for High Assurance |url=https://muen.codelabs.ch/}}
11. ^{{cite web |last1=Williams |first1=John |title=Inspecting data from the safety of your trusted execution environment |url=https://www.blackhat.com/docs/ldn-15/materials/london-15-Williams-Inspecting-Data-From-The-Safety-Of-Your-Trusted-Execution-Environment-wp.pdf}}
12. ^{{cite web |title=Embassies: Radically Refactoring the Web |url=https://www.usenix.org/system/files/conference/nsdi13/nsdi13-final85.pdf |publisher=USENIX}}
13. ^{{cite web |last1=Martin Wegner, Sönke Holthusen |title=Contract Specification and language |url=http://ccc-project.org/december-11th-2014-contract-specification-and-language/ |website=ccc-project.org|date=2014-12-11 }}
14. ^{{cite web|url=http://ccc-project.org/january-11th-2016-the-secure-communication-module-of-ccc/|title=The Secure Communication Module of CCC|last1=Hamad|first1=Mohammad|date=2016-01-06|website=ccc-project.org|archive-url=|archive-date=|dead-url=|access-date=}}
15. ^{{Cite web|url=https://www.cs.hs-rm.de/~kaiser/events/ospert16/pdf/ospert16-p6.pdf|title=A communication framework for distributed access control in microkernel-based systems|last=Hamad|first=Mohammad|date=|website=|archive-url=|archive-date=|dead-url=|access-date=}}
16. ^{{Cite web|url=http://www.jatit.org/volumes/Vol38No2/9Vol38No2.pdf|title=A MICROKERNEL BASED SECURE OPERATING SYSTEM USING GENODE FRAMEWORK|last=B.PRUTHIVIRAJ, G.S.MADHUSUTHUN, S.VIJAYASARATHY, K.CHAKRAPANI|date=|website=jatit.org|archive-url=|archive-date=|dead-url=|access-date=}}
17. ^{{cite web |last1=Hähne |first1=Ludwig |title=Empirical Comparison of SCons and GNU Make |url=http://www.genode-labs.com/publications/scons-vs-make-2008.pdf}}
18. ^{{cite web |last1=Millo-Sánchez, Reinier & Paz Rodríguez, Waldo & Fajardo-Moya, Alexis |title=Genode OS Framework, un framework para el desarrollo de sistemas embebidos |url=https://www.researchgate.net/publication/283506872 |website=ResearchGate}}
19. ^{{cite web|url=http://os.inf.tu-dresden.de/papers_ps/bastei_design.pdf|title=TU Dresden technical report TUD-FI06-07}}
20. ^{{cite web|url=http://hypervisor.org/|title=NOVA Microhypervisor}}
21. ^{{cite web |title=L4 Based Operating Systems |url=http://l4hq.org/projects/os/ |website=L4hq.org}}
22. ^{{cite web |title=SeL4 Community Projects |url=https://docs.sel4.systems/CommunityProjects |website=sel4.systems}}
23. ^{{cite web|url=https://genode.org/documentation/release-notes/18.02#Sculpt_for_Early_Adopters|title=Release notes 18.02}}