With version 16.02, the Genode OS Framework moves beyond x86 and ARM CPUs and embraces the emerging open-source RISC-V hardware architecture. Furthermore, the release comes with the new ability to securely assign USB devices to virtual machines, and updates the Muen separation kernel and the seL4 microkernel.
Today’s x86 and ARM-based commodity platforms have become increasingly opaque and infested with proprietary firmware. With new platforms becoming ever more complex and being equipped with mandatory companion processors like Intel’s Management Engine, the trustworthiness of mainstream hardware becomes more and more uncertain. If those parts of the system become compromised, even a perfectly secure OS cannot protect the user’s privacy and security. It goes without saying that this development is a strong concern of privacy advocates. The article Intel x86 considered harmful by Joanna Rutkowska substantiates those concerns extremely well.
RISC-V is a possible answer to the call for trustworthy hardware. In contrast to the CPUs of current-generation hardware, RISC-V is an open-source CPU architecture. The idea of open-source CPUs is not new. There exist numerous softcore CPUs like LatticeMico32 or OpenRISC. But in contrast to those projects, which are primarily targeted at FPGA platforms, RISC-V is designed to scale from deeply embedded systems to 64-bit general-purpose platforms. The prospect of a scalable and trustworthy hardware architecture motivated the Genode project to take a closer look. In the just-released version 16.02, RISC-V has been added as a supported architecture to Genode’s custom base-hw kernel. Since the hardware is still in flux, the scope of the support is still somewhat limited. But Genode is already able to run on the official Spike simulator as well as on RISC-V as a synthesized FPGA softcore.
Besides the added RISC-V support, the second highlight of the current release is the new ability to securely assign USB devices to VirtualBox instances running on top of the NOVA kernel. With this feature, Genode becomes able to accommodate many typical desktop-OS work flows like transferring data via USB sticks, or obtaining pictures from a digital camera. Under the hood, the implementation is quite interesting as it successfully transplants the xHCI device model of Qemu to VirtualBox.
The third focus of version 16.02 is the update of the Muen and seL4 kernels. The Muen separation kernel has been updated to version 0.7, which greatly improves the interoperability with Genode’s tooling. In fact, Muen can now be targeted with the same work flows as employed for all the other kernels. Genode’s support for the seL4 kernel is still a rather experimental line of work. In this respect, the update to the kernel version 2.1 posed a number of interesting challenges with respect to the kernel-resource management. This discussion along with details about the many more improvements of the current release is covered in the official release documentation.
There is a new hope:
An open RISC-V is a good idea.
There is another:
The POWER based open-to-the-firmware workstation isn’t performing badly at all … https://www.phoronix.com/scan.php?page=news_item&px=Talos-Secure-Wor…
The prophecies foretell that a young upstart will restore balance for the force, I mean privacy and security….
So long as the force doesn’t awaken it’s fine with me.
Many thanks, as usual, to the Genode team! It seems like you make improvements faster than I can read about them. ;^)
The improved VMM USB interface is an important feature. And the RISC-V support is very timely, as the search for secure(able) hardware intensifies. Very interesting, indeed!
Softcore?
We have to invent a new jargon. That one carries a bad connotation today.
I thought nowadays we only have hard en harder core in that area?
SoftCore RISC. Noyce.
Nice article. Two decent articles in under one month that have some substance to them rather than yet-another-phone-article.
Compliments!
Genode is positively the most interesting non-Linux OS covered. It’s on the ball of what a future OS needs to be in terms of security and stability, and it’s based off of work that overcomes the overhead issue usually imputed to microkernels. I’m glad they’re addressing accessibility, because I want to see it become an option for user-facing laptops and tablets sooner than later. We all need secure, open foundations for our technology.
I agree with everything you said, except that IMHO Genode is more interesting than Linux, because they are doing important research from the ground up, rather than just making incremental improvements.
1
Browser: Mozilla/4.0 (compatible; Synapse)