DOCSLIB.ORG

Genode As General-Purpose OS Progress Report and Demonstration

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Genode As General-Purpose OS Progress Report and Demonstration Genode as general-purpose OS progress report and demonstration Norman Feske <[email protected]> Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration2 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration3 Myths Genode as general-purpose OS progress report and demonstration4 Key technologies Microkernels Decomponentization, kernelization Capability-based security Virtualization Genode as general-purpose OS progress report and demonstration5 Genode architecture ! Application-specific TCB Genode as general-purpose OS progress report and demonstration6 Combined with virtualization Genode as general-purpose OS progress report and demonstration7 How to get there? Found a company! Genode Labs, founded in May 2008, self-funded Systems research and development Idea: Start small, build sustainable business, grow organically Team of 8 people Small yet diverse customer base Main source of income is contracting work Genode as general-purpose OS progress report and demonstration8 Components Genode as general-purpose OS progress report and demonstration9 Components Genode as general-purpose OS progress report and demonstration 10 Components Genode as general-purpose OS progress report and demonstration 11 Components Genode as general-purpose OS progress report and demonstration 12 Components Genode as general-purpose OS progress report and demonstration 13 Components Genode as general-purpose OS progress report and demonstration 14 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 15 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 16 Fundamentals - NOVA kernel IOMMU support Kernel-memory reuse Multi-processor support Genode as general-purpose OS progress report and demonstration 17 Fundamentals - Affinity management Genode as general-purpose OS progress report and demonstration 18 Fundamentals - OS infrastructure Device drivers ! essential drivers are in place (NIC, graphics, input, USB, audio, SATA) File systems I per-process virtual file system I FUSE I Rump TCP/IP I lwIP I Linux TCP/IP for gigabit networking Genode as general-purpose OS progress report and demonstration 19 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 20 Functionality Simple CLI Virtualization as a stop-gap solution I Vancouver aka Seoul I VirtualBox Noux runtime for GNU software GNU debugger Qt5 I Change from QWS to QPA I QML Genode as general-purpose OS progress report and demonstration 21 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 22 Tracing: Wish list Negligible performance overhead Kernel independence Accountability of used resources Useful level of abstraction Runtime-defined tracing policies Low-complexity implementation Online and offline analysis Genode as general-purpose OS progress report and demonstration 23 Tracing: Mechanism Genode as general-purpose OS progress report and demonstration 24 Resource management Explicit assignment of physical resources to processes Genode as general-purpose OS progress report and demonstration 25 Resource management (II) Resources can be attached to sessions Genode as general-purpose OS progress report and demonstration 26 Resource management (III) Server-side heap partitioning Genode as general-purpose OS progress report and demonstration 27 Dynamic resource balancing Not all use cases could be covered. Caches (i. e., block cache) Ballooning ! refined parent interface Genode as general-purpose OS progress report and demonstration 28 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 29 Automated tests Genode as general-purpose OS progress report and demonstration 30 Automated tests (II) Genode as general-purpose OS progress report and demonstration 31 Automated benchmarks Genode as general-purpose OS progress report and demonstration 32 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 33 Capability-based user interface User interface that matches Genode's concepts Ideas: Composed out of many small inter-changeable building blocks Data centric Capability-based Command-line and graphical interface Genode as general-purpose OS progress report and demonstration 34 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 35 Sidelines Samsung Exynos-5 (SATA 3.0, USB 3, HDMI, eMMC, NIC, DVFS) Freescale i.MX Raspberry Pi Genode as general-purpose OS progress report and demonstration 36 Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization Stability 3. What is left to be desired? 4. Sidelines 5. Road map 2014 Genode as general-purpose OS progress report and demonstration 37 Road map 2014 Capability-based user interface Custom base-hw kernel platform I MP support I Capability-based security I Virtualization 3rd-party source-code package management Improved block-level infrastructure (block cache, block encryption) Wireless networking Genode as general-purpose OS progress report and demonstration 38 Thank you Genode OS Framework http://genode.org Genode Labs GmbH http://www.genode-labs.com Source code at GitHub http://github.com/genodelabs/genode Genode as general-purpose OS progress report and demonstration 39.
Load more

Recommended publications
  • Microkernel Construction Introduction
    Microkernel Construction Introduction Nils Asmussen 04/09/2020 1 / 32 Normal Organization Thursday, 4th DS, 2 SWS Slides: www.tudos.org ! Studies ! Lectures ! MKC Subscribe to our mailing list: www.tudos.org/mailman/listinfo/mkc2020 In winter term: Microkernel-based operating systems (MOS) Various labs 2 / 32 Organization due to COVID-19 Slides and video recordings of lectures will be published Questions can be asked on the mailing list Subscribe to the mailing list! Practical exercises are planed for the end of the semester Depending on how COVID-19 continues, exercises are in person or we use some video-conferencing tool 3 / 32 Goals 1 Provide deeper understanding of OS mechanisms 2 Look at the implementation details of microkernels 3 Make you become enthusiastic microkernel hackers 4 Propaganda for OS research done at TU Dresden and Barkhausen Institut 4 / 32 Outline Organization Monolithic vs. Microkernel Kernel design comparison Examples for microkernel-based systems Vision vs. Reality Challenges Overview About L4/NOVA 5 / 32 Monolithic Kernel System Design u s Application Application Application e r k Kernel e r File Network n e Systems Stacks l m Memory Process o Drivers Management Management d e Hardware 6 / 32 Monolithic Kernel OS (Propaganda) System components run in privileged mode No protection between system components Faulty driver can crash the whole system Malicious app could exploit bug in faulty driver More than 2=3 of today's OS code are drivers No need for good system design Direct access to data structures Undocumented
    [Show full text]
  • Can Microkernels Mitigate Microarchitectural Attacks?⋆
    Can Microkernels Mitigate Microarchitectural Attacks?? Gunnar Grimsdal1, Patrik Lundgren2, Christian Vestlund3, Felipe Boeira1, and Mikael Asplund1[0000−0003−1916−3398] 1 Department of Computer and Information Science, Link¨oping University, Sweden ffelipe.boeira,[email protected] 2 Westermo Network Technologies [email protected] 3 Sectra AB, Link¨oping,Sweden Abstract. Microarchitectural attacks such as Meltdown and Spectre have attracted much attention recently. In this paper we study how effec- tive these attacks are on the Genode microkernel framework using three different kernels, Okl4, Nova, and Linux. We try to answer the question whether the strict process separation provided by Genode combined with security-oriented kernels such as Okl4 and Nova can mitigate microar- chitectural attacks. We evaluate the attack effectiveness by measuring the throughput of data transfer that violates the security properties of the system. Our results show that the underlying side-channel attack Flush+Reload used in both Meltdown and Spectre, is effective on all in- vestigated platforms. We were also able to achieve high throughput using the Spectre attack, but we were not able to show any effective Meltdown attack on Okl4 or Nova. Keywords: Genode, Meltdown, Spectre, Flush+Reload, Okl4, Nova 1 Introduction It used to be the case that general-purpose operating systems were mostly found in desktop computers and servers. However, as IoT devices are becoming in- creasingly more sophisticated, they tend more and more to require a powerful operating system such as Linux, since otherwise all basic services must be im- plemented and maintained by the device developers. At the same time, security has become a prime concern both in IoT and in the cloud domain.
    [Show full text]
  • Operating System Support for Run-Time Security with a Trusted Execution Environment
    Operating System Support for Run-Time Security with a Trusted Execution Environment - Usage Control and Trusted Storage for Linux-based Systems - by Javier Gonz´alez Ph.D Thesis IT University of Copenhagen Advisor: Philippe Bonnet Submitted: January 31, 2015 Last Revision: May 30, 2015 ITU DS-nummer: D-2015-107 ISSN: 1602-3536 ISBN: 978-87-7949-302-5 1 Contents Preface8 1 Introduction 10 1.1 Context....................................... 10 1.2 Problem....................................... 12 1.3 Approach...................................... 14 1.4 Contribution.................................... 15 1.5 Thesis Structure.................................. 16 I State of the Art 18 2 Trusted Execution Environments 20 2.1 Smart Cards.................................... 21 2.1.1 Secure Element............................... 23 2.2 Trusted Platform Module (TPM)......................... 23 2.3 Intel Security Extensions.............................. 26 2.3.1 Intel TXT.................................. 26 2.3.2 Intel SGX.................................. 27 2.4 ARM TrustZone.................................. 29 2.5 Other Techniques.................................. 32 2.5.1 Hardware Replication........................... 32 2.5.2 Hardware Virtualization.......................... 33 2.5.3 Only Software............................... 33 2.6 Discussion...................................... 33 3 Run-Time Security 36 3.1 Access and Usage Control............................. 36 3.2 Data Protection................................... 39 3.3 Reference
    [Show full text]
  • KOS - Principles, Design, and Implementation
    KOS - Principles, Design, and Implementation Martin Karsten, University of Waterloo Work In Progress - September 29, 2015 Abstract KOS is an experimental operating system kernel that is designed to be simple and accessible to serve as a platform for research, experimen- tation, and teaching. The overall focus of this project is on system-level infrastructure software, in particular runtime systems. 1 Introduction KOS (pronounce "Chaos") is an experimental operating system kernel that is designed to be simple and accessible to serve as a platform for research, ex- perimentation, and teaching. It is focused on building a nucleus kernel that provides the basic set of operating system functionality, primarily for resource mediation, that must realistically be implemented for execution in privileged mode. While being simple KOS is not simplistic and avoids taking design shortcuts that would prohibit adding more sophisticated resource management strategies later on { inside the kernel or at higher software layers. The nu- cleus kernel is augmented with several prototype subsystems typically found in an operating system to eventually support running realistic applications. The entire code base is written in C++, except for small assembler parts. The C++ code makes use of advanced language features, such as code reuse with efficient strong type safety using templates, the C++ library for data struc- ture reuse, as well as (limited) polymorphism. Existing open-source software is reused for non-nucleus subsystems as much as possible. The project is hosted at https://git.uwaterloo.ca/mkarsten/KOS 2 Motivation In principle, an operating system has two basic functions. First, it consolidates low-level hardware interfaces and provides higher-level software abstractions to facilitate and alleviate application programming.
    [Show full text]
  • Embassies: Radically Refactoring the Web Jon Howell, Bryan Parno, John R
    Embassies: Radically Refactoring the Web Jon Howell, Bryan Parno, John R. Douceur, Microsoft Research Abstract of evolving complexity. On the Internet, application Web browsers ostensibly provide strong isolation for providers, or vendors, run server-side applications over the client-side components of web applications. Unfor- which they exercise total control, from the app down tunately, this isolation is weak in practice; as browsers to the network stack, firewall, and OS. Even when ven- add increasingly rich APIs to please developers, these dors are tenants of a shared datacenter, each tenant au- complex interfaces bloat the trusted computing base and tonomously controls its software stack down to the ma- erode cross-app isolation boundaries. chine code, and each tenant is accessible only via IP. We reenvision the web interface based on the notion The strong isolation among virtualized Infrastructure-as- of a pico-datacenter, the client-side version of a shared a-Service datacenter tenants derives not from physical server datacenter. Mutually untrusting vendors run their separation but from the execution interface’s simplicity. code on the user’s computer in low-level native code con- This paper extends the semantics of datacenter rela- tainers that communicate with the outside world only via tionships to the client’s web experience. Suspending dis- IP. Just as in the cloud datacenter, the simple semantics belief momentarily, suppose every client had ubiquitous makes isolation tractable, yet native code gives vendors high-performance Internet connectivity. In such a world, the freedom to run any software stack. Since the datacen- exploiting datacenter semantics is easy: The client is ter model is designed to be robust to malicious tenants, it merely a screencast (VNC) viewer; every app runs on is never dangerous for the user to click a link and invite its vendor’s servers and streams a video of its display to a possibly-hostile party onto the client.
    [Show full text]
  • Master Thesis
    Charles University in Prague Faculty of Mathematics and Physics MASTER THESIS Petr Koupý Graphics Stack for HelenOS Department of Distributed and Dependable Systems Supervisor of the master thesis: Mgr. Martin Děcký Study programme: Informatics Specialization: Software Systems Prague 2013 I would like to thank my supervisor, Martin Děcký, not only for giving me an idea on how to approach this thesis but also for his suggestions, numerous pieces of advice and significant help with code integration. Next, I would like to express my gratitude to all members of Hele- nOS developer community for their swift feedback and for making HelenOS such a good plat- form for works like this. Finally, I am very grateful to my parents and close family members for supporting me during my studies. I declare that I carried out this master thesis independently, and only with the cited sources, literature and other professional sources. I understand that my work relates to the rights and obligations under the Act No. 121/2000 Coll., the Copyright Act, as amended, in particular the fact that the Charles University in Pra- gue has the right to conclude a license agreement on the use of this work as a school work pursuant to Section 60 paragraph 1 of the Copyright Act. In Prague, March 27, 2013 Petr Koupý Název práce: Graphics Stack for HelenOS Autor: Petr Koupý Katedra / Ústav: Katedra distribuovaných a spolehlivých systémů Vedoucí diplomové práce: Mgr. Martin Děcký Abstrakt: HelenOS je experimentální operační systém založený na mikro-jádrové a multi- serverové architektuře. Před započetím této práce již HelenOS obsahoval početnou množinu moderně navržených subsystémů zajišťujících různé úkoly v rámci systému.
    [Show full text]
  • A Multiserver User-Space Unikernel for a Distributed Virtualization System
    A Multiserver User-space Unikernel for a Distributed Virtualization System Pablo Pessolani Departamento de Ingeniería en Sistemas de Información Facultad Regional Santa Fe, UTN Santa Fe, Argentina [email protected] Abstract— Nowadays, most Cloud applications are developed application components began to be deployed in Containers. using Service Oriented Architecture (SOA) or MicroService Containers (and similar OS abstractions such as Jails [7] and Architecture (MSA). The scalability and performance of them Zones [8]) are isolated execution environments or domains is achieved by executing multiple instances of its components in in user-space to execute groups of processes. Although different nodes of a virtualization cluster. Initially, they were Containers share the same OS, they provide enough security, deployed in Virtual Machines (VMs) but, they required enough performance and failure isolation. As Containers demand computational, memory, network and storage resources to fewer resources than VMs [9], they are a good choice to hold an Operating System (OS), a set of utilities, libraries, and deploy swarms. the application component. By deploying hundreds of these Another option to reduce resource requirements is to use application components, the resource requirements increase a the application component embedded in a Unikernel [10, lot. To minimize them, usually small OSs with small memory footprint are used. Another way to reduce the resource 11]. A Unikernel is defined as “specialized, single-address- requirements is integrating the application components in a space machine image constructed by using library operating Unikernel. This article proposes a Unikernel called MUK, system” [12]. A Unikernel is a technology which integrates based on a multiserver OS, to be used as a tool to integrate monolithically network, storage, and file systems services Cloud application components.
    [Show full text]
  • State Spill in Modern Operating Systems
    A Characterization of State Spill in Modern Operating Systems Kevin Boos, Emilio Del Vecchio, and Lin Zhong Rice University fkevinaboos, edd5, [email protected] Abstract states change and propagate throughout the system, showing that modularity is necessary but insufficient. For example, Understanding and managing the propagation of states in several process migration works have cited “residual depen- operating systems has become an intractable problem due dencies” that remain on the source system as an obstacle to to their sheer size and complexity. Despite modularization post-migration correctness on the target system [38, 55, 34]. efforts, it remains a significant barrier to many contemporary Fault isolation and fault tolerance literature has long realized computing goals: process migration, fault isolation and the undesirable effects of fate sharing among software mod- tolerance, live update, software virtualization, and more. ules as well as the difficulty of restoring a process or whole Though many previous OS research endeavors have achieved machine statefully after a failure, due to the sprawl of states these goals through ad-hoc, tedious methods, we argue that spread among different system components [28, 26, 52, 51]. they have missed the underlying reason why these goals are Live update and hot-swapping research has long sought to overcome the state maintenance issues and inter-module de- so challenging: state spill. pendencies that plague their implementations when transi- State spill occurs when a software entity’s state undergoes tioning from an old to a new version, forcing developers to lasting changes as a result of a transaction from another entity. write complex state transfer functions [7, 25, 27, 48, 5].
    [Show full text]
  • FOSDEM 2018 Schedule
    FOSDEM 2018 - Saturday 2018-02-03 (1/15) Janson K.1.105 (La H.2215 (Ferrer) H.1301 (Cornil) H.1302 (Depage) H.1308 (Rolin) H.1309 (Van Rijn) H.2111 Fontaine)… 09:30 Welcome to FOSDEM 2018 09:45 10:00 Consensus as a Service 10:15 10:30 The path to Data-plane The State of Go video - It's a lot more micro-services than just a HTML5 tag 10:45 11:00 Next Generation Python 3: 10 years later OpenDaylight as a De-mystifying Advanced Go debugging Internet Initiative Platform for Network contributing to with Delve Programmability PostgreSQL 11:15 11:30 Ligato: a platform for Networking deepdive Rendering of subtitles in development of cloud- HTML5 with imscJS native VNFs 11:45 12:00 Unix Architecture Surviving in an Open Easy GnuPG Networking-VPP PostgreSQL -- A Crash Testing and Automation An update on VLC and Evolution from the 1970 Source Niche: the Course in the Era of Containers the VideoLAN PDP-7 to the 2018 Pythran case community FreeBSD 12:15 BulletinBoard DHT and wireguard-p2p 12:30 ONAP – A road to Upspin and a future of Kodi v18 features and network automation ↴ the Internet ↴ improvements ↴ Nakadi Event Broker ↴ 12:45 FOSDEM 2018 - Saturday 2018-02-03 (2/15) H.2213 H.2214 H.3227 H.3228 AW1.120 AW1.121 AW1.125 AW1.126 09:30 09:45 10:00 10:15 10:30 A real life story about Cypher: An evolving Status of the Apache CANCELLED Simulating Arrival & Informal Everything is a device! product testing with query language for ODF Toolkit (incubating) Multilevel Caches in Discussions robotframework property graphs Cachegrind 10:45 Working in the ODF
    [Show full text]
  • Genode Operating System Framework Platforms
    GENODE Operating System Framework 21.05 Platforms Norman Feske Contents Contents 1 Introduction3 2 Porting Genode to a new SoC4 2.1 Preparatory steps................................9 2.1.1 Licensing considerations........................9 2.1.2 Selecting a suitable SoC........................ 10 2.1.3 Start by taking the known-good path................ 11 2.1.4 Setting up an efficient development workflow........... 12 2.2 Getting acquainted with the target platform................. 14 2.2.1 Getting a first impression....................... 15 2.2.2 The U-Boot boot loader........................ 19 2.3 Bare-metal serial output............................ 24 2.4 Kernel skeleton................................. 34 2.4.1 A tour through the code base..................... 34 2.4.2 A new home for the board support.................. 41 2.4.3 Getting to grips using meaningful numbers............. 48 2.4.4 A first life sign of the kernel...................... 55 2.5 Low-level debugging.............................. 57 2.5.1 Option 1: Walking the source code.................. 58 2.5.2 Option 2: One step of ground truth at a time............ 60 2.5.3 Option 3: Backtraces.......................... 62 2.6 Excursion to the user land........................... 64 2.7 Device access from the user level....................... 73 2.7.1 Using a GPIO pin for sensing a digital signal............ 74 2.7.2 Driving an LED via a GPIO pin.................... 81 2.7.3 Responding to device interrupts................... 84 2.8 One Platform driver to rule them all..................... 90 2.8.1 Platform driver............................. 90 2.8.2 Session interfaces for accessing pins................. 95 2.8.3 PIO device driver............................ 96 2.8.4 Dynamic configuration testing...................
    [Show full text]
  • General-Purpose Computing with Virtualbox on Genode/NOVA
    General-purpose computing with VirtualBox on Genode/NOVA Norman Feske <[email protected]> Outline 1. VirtualBox 2. NOVA microhypervisor and Genode 3. Transplantation of VirtualBox to NOVA 4. Demo 5. War stories 6. Project Turmvilla 7. The Book “Genode Foundations” General-purpose computing with VirtualBox on Genode/NOVA2 Outline 1. VirtualBox 2. NOVA microhypervisor and Genode 3. Transplantation of VirtualBox to NOVA 4. Demo 5. War stories 6. Project Turmvilla 7. The Book “Genode Foundations” General-purpose computing with VirtualBox on Genode/NOVA3 Architecture overview config, status SVC VM xpcom VM process xpcom process IPCD xpcom xpcom VBoxManage VirtualBox Application /dev/vboxdrv /dev/vboxdrv General-purpose computing with VirtualBox on Genode/NOVA4 Starting up a VM process VM process open /dev/vboxdrv kernel vboxdrv.ko General-purpose computing with VirtualBox on Genode/NOVA5 VM process running root mode non-root mode VM process load VMMR0 /dev/vboxdrv kernel vboxdrv.ko VMMR0 / Hypervisor General-purpose computing with VirtualBox on Genode/NOVA6 Entering the Guest OS root mode non-root mode VM process ioctrl VM RUN /dev/vboxdrv Guest OS kernel vboxdrv.ko world switch General-purpose computing with VirtualBox on Genode/NOVA7 Flow of a virtualization event root mode non-root mode VM process VM RUN returns /dev/vboxdrv Guest OS kernel vboxdrv.ko no yes VMMR0 ? world switch General-purpose computing with VirtualBox on Genode/NOVA8 root mode non-root mode VM process /dev/vboxdrv Guest OS kernel highly complex vboxdrv.ko VMMR0
    [Show full text]
  • Genode Operating System Framework Foundations
    GENODE Operating System Framework 15.05 Foundations Norman Feske Contents Contents 1. Introduction9 1.1. Operating-system framework......................... 14 1.2. Licensing and commercial support...................... 16 1.3. About this document.............................. 17 I. Foundations 18 2. Getting started 19 2.1. Obtaining the source code........................... 20 2.2. Source-tree structure.............................. 21 2.3. Using the build system............................. 24 2.4. A simple system scenario........................... 26 2.5. Hello world................................... 29 2.5.1. Using a custom source-code repository............... 29 2.5.2. Source code and build description.................. 29 2.5.3. Building the component........................ 30 2.5.4. Defining a system scenario...................... 31 3. Architecture 33 3.1. Capability-based security........................... 35 3.1.1. Capability spaces, object identities, and RPC objects........ 35 3.1.2. Delegation of authority and ownership............... 36 3.1.3. Capability invocation......................... 37 3.1.4. Capability delegation through capability invocation........ 40 3.2. Recursive system structure........................... 42 3.2.1. Component ownership......................... 42 3.2.2. Tree of components........................... 43 3.2.3. Services and sessions.......................... 43 3.2.4. Client-server relationship....................... 46 3.3. Resource trading................................ 50 3.3.1. Resource
    [Show full text]