Hi Neal, thanks for tuning-in on the Genode mailing list! :-)
> Is the intention that the base-hw remain experimental? Or, is the > long-term plan to make it a proper microkernel? From what you say > here, it sounds like I shouldn't consider base-hw as a potential > microkernel. Martin, however, seems to suggest it will become a > viable target in the near future. Sure, base-hw is definitely planned to become a proper platform. But the word "kernel" does not really express well the role of base-hw. Let me explain: Base-hw was born out of the observation that classical L4-based systems carry quite significant redundancies between the microkernel and roottask as both kernel and roottask have to keep track of how resources are assigned to processes. I.e., the kernel contains a mapping data base and page tables, but roottask also keeps records of how memory pages are used by user-level processes. The same story can be told of other kernel objects such as threads and protection domains. The crux is that both kernel and roottask are mandatory parts of the trusted computing base. On typical L4-based systems, the code for those parts amounts to 20,000+ LOC (10+ KLOC kernel plus 10 KLOC roottask). This observation led us to the idea to merge both kernel and Genode's roottask (core) into one program. In this design, the "kernel" is not a self-sustaining piece of software but a mere library that provides back-end functionality for roottask. I.e., it performs no allocations and becomes active only when called by the roottask code (via one of the roottask-local system calls) or by IPC operations. All the dynamic (and complicated) stuff like memory management is handled by roottask code using Genode's user-level abstractions. The outcome of this experiment is that the combined program (base-hw core) comprises about 13,000 LOC, indicating that the approach is able to drastically reduce the mandatory parts of the trusted computing base. As of now, we don't recommend the use of base-hw in serious settings because it is still in flux. That said, Genode hides the peculiarities of the particular kernels. Because hopping between kernels (such as base-hw and Fiasco.OC) is almost seamless, there is no need to pick a kernel upfront when starting the development of a Genode-based system. Just pick the most convenient kernel to start with. At the API level, Genode is capability-based. So developers using the API effectively develop components for a capability-based system. Once kernel-protected capabilities become available in base-hw, this change will be transparent to users of the API. Regardless of the state of base-hw, if you desire a Genode base platform with kernel-protected capabilities today, you can use Fiasco.OC (ARM, x86) or NOVA (x86) right away. Regards Norman -- Dr.-Ing. Norman Feske Genode Labs http://www.genode-labs.com · http://genode.org Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Genode-main mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/genode-main
