Hello Jean-Adrien,
thank you very much for your enthusiastic posting. I'm happy that you
hold our project in such high regard.
You are presenting a firework of ideas! Please see my comments below.
First, I will fix issues I have with my test machine to run Sculpt fully
featured. Currently,
networking via Wifi is not possible. Other difficulties may come after
improving connectivity
support.
Don't hesitate to post your hardware configuration (e.g., the model of
the Wifi card) here. Maybe, someone else has already taken steps to
enable it?
Then during my spare time, I would like to join efforts on support for Xen or
Virt. Layer
for Qube, adjusting myself to ongoing plans, if any exist?
Even though we brainstormed ideas to bring both projects closer
together, I am not aware of any concrete efforts under way.
Following the "Roadmap 2023" discussion and after having a recent look at "Futur
Challenges" [1]
on the website, it is with lots of excitement that I found many subjects very
close to my
interests. Here are the topics:
1. Character device drivers as VFS plugins
I proposed, some time ago [2], an SPI driver. The commits never made it to the
staging branch
because of the interfacing / "quality". Over time, at Gapfruit, we gained
experience using the SPI bus,
but only with TPMs. We recently refactored it into a VFS plugin for easier
interfacing with libraries
such as WolfTPM and TPM TSS. I believe BUS drivers such as I2C and SPI could be
unified behind a standard
"character device" VFS plugin interface. Can that benefit the community? I can
put some effort into
improving and contributing those commits.
I very much appreciate your suggestion. Personally, my experience in
these areas (TPMs, SPI) is quite limited. But the option of plugging
character-device drivers into a generic VFS character-device plugin
sounds attractive.
Maybe this character-device interface could be designed such that the
actual driver code can be operated both in a free-standing fashion
(e.g., hosted inside a VFS-less component) as well as embedded in a VFS
plugin? So the character driver would actually be a "VFS plugin plugin".
That would be great!
2. Genode as virtualization layer for Qubes OS
...
It brings so many questions to my mind.
First, does full support for a hypervisor such as Xen need to find
its way to Genode? Or is base-nova already a viable candidate?
From a security perspective, NOVA is preferable over Xen because NOVA's
attack surface is more than an order of magnitude smaller, and
Genode/NOVA does not require a Dom0 at all. I got the impression that
some Qubes developers found prospect of replacing Xen by a
microhypervisor (like NOVA) quite intriguing.
On the other hand, we have to keep in mind that Genode/NOVA currently
still lacks a few convenience features like suspend/resume. This,
however, will be addressed throughout this year.
Speaking of hypervisor candidates, there is current work in progress to
enable the use of Genode's base-hw microkernel as hypervisor on x86 as
well. So this may become a further option.
Are all necessary building blocks for AppVM message passing present within
Genode?
I think this was the point where our past brainstorming got stuck.
If I remember right, Qubes uses Xen's event channels and shared memory
as inter-VM-transport mechanism. VirtualBox on Genode offers quite many
host-guest integration features, but none seemed to perfectly align with
the needs of Qubes. There were multiple options to explore. But the
exploration never really happened.
Which approach would you privilege first for investigation?
I think that it would be best to pick up the existing discussion [1] and
interview Marek Górecki so that he can share his views and ideas.
[1]
https://forum.qubes-os.org/t/qubes-os-based-on-the-genode-os-framework/11735
The biggest question seems to be how to map the Qubes middleware to the
mechanisms available under VirtualBox.
If Xen, support for Genode in a Dom0 scenario first?
To me this sounds quite distracting when considering the following topics.
- One will have to convince Genode to run under Xen.
- One will need to host the VM management functionality on Genode,
which comes down to a huge porting effort.
- Once succeeded, there is still no clear migration path away from
Xen.
I would probably not pick this way.
Or, as an AppVM first, focussing on Qube RPC mechanism support? (I am
aware of Xen DomU support, but I do not have all details in mind)
Currently, those questions might be off-topic. Overall, it seems a
significant challenge.
That's probably a rather lower-hanging fruit regarding the combination
of both projects (compared to the other directions). But on the other
hand, it does not add a huge value to either project.
From Qubes' perspective, there are already unikernels like MirageOS
that satisfy the desire for low-complexity AppVMs. Genode would not
solve a real problem here.
From Genode's perspective, the Qubes middleware interfaces can only be
used on top of Qubes/Xen. But replacing Genode's regular use of a
microhypervisor like NOVA by Xen is not attractive.
Therefore, this topic may be best pursued by a regular Qubes user as an
experiment, just out of curiosity if it is possible to integrate Genode
into a familiar environment, without expecting a measurable impact on
either project.
3. Xen as "Kernel" for Genode
My ultimate goal here would be to have a pure minimal Genode-based OS in Dom0
for only managing guests' VM.
Last summer, by curiosity related to 2), I started investigating necessary
changes to the build system for building Xen as a port
and generating a boot image using Xen with a Genode base-hw minimal scenario as
Dom0. I was able to set up
the port, successfully building Xen and booting it, but with a minimal Linux as
Dom0 instead of a chosen
Genode scenario "run/log," e.g.
I still need to reach my goal. The real work only begins now. My primary
technical motivation was working on
low-level mechanisms to manage DomU(s) and enable RPC from one DomU to the
other. I lost interest over time because I needed
to be more confident in its relevance and missed lots of knowledge.
At that time, I was unaware of the work of Julian Stecklina. I would
be interested in looking into it! Is it publicly available?
Wow, this was more than 15 years ago. I'm not aware of any remaining
public traces of this work. Have you tried contacting Julian about it?
Another topic I was very interested in is initiatives like Spunky [3]. I am not
making it a point as this is not
to take as seriously as the others. With the gain of popularity from languages
like, e.g. Rust. Is there any
plan or similar initiative in that regard?
I have to confess that Spunky is currently on ice [1].
[1] https://github.com/genodelabs/genode/issues/3308#issuecomment-1235217730
This year's road map will revive Genode's foray with Rust. But this
time, we will explore it by starting with the application level (Rust
atop Genode's POSIX support). The goal is to make it very easy to
compile Rust software for Genode using the Goa tool. So we can gradually
familiarize ourselves with the benefits of the language without
introducing any friction.
The other direction you mentioned - replacing C++ of the base framework
with something else - is outside the scope of 2023. Given the rationale
of [1], I think we should not seek salvation in alternatives right now
but focus on tangible evolutionary improvements while using C++, like
replacing exceptions with the 'Attempt' pattern [2], and further
tightening the base API.
[2] https://genodians.org/nfeske/2021-11-26-attempt-no-exceptions
I would be up to start one as a pet project. I am interested in
trying this out with the Zig programming language [4]. My motivation
for such a language comes from a Youtuber I appreciate [5]. He made
an interesting video on memory safety within different languages [6].
I do not have any strong opinion on "C++ vs any other lang" topics.
If you have other languages in mind, please let me know!
Have you considered integrating support for alternative languages like
zig into Goa [3]?
[3] https://github.com/nfeske/goa
Finally, thank you all for your supportive, kind and professional
attitude! Since I started working with the Genode OS Framework, it
has always been a pleasure to read from and interact with any of you.
I am relatively junior to OS development. Thanks to my co-workers and
following daily discussions on this mailing list, I learned a lot!
Thank you for sharing your many interests and ideas! I take your email
as a big compliment. :-)
Cheers
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
https://www.genode-labs.com · https://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
_______________________________________________
Genode users mailing list
[email protected]
https://lists.genode.org/listinfo/users
