Guest post by The just released version 18.02 of the Genode OS Framework features the first version of Sculpt, which is a Genode-based general-purpose operating system. To our knowledge, it is the first usable open-source general-purpose OS that facilitates capability-based security from the ground up.
Being currently targeted at users that are close to the project, this initial version is named Sculpt for Early Adopters (EA). It is accompanied with detailed documentation that covers everything needed to install Sculpt on a real machine. The topics include the creation of the boot image, disk preparation, wireless networking, storage, software installation and deployment, and virtualization. Along the way, many concepts that are unique to Genode are explained.
Without any doubt, most topics of Genode 18.02 were motivated by the work on Sculpt. Most importantly, the release introduces new infrastructure for installing, updating, and deploying software from within a running Genode system. The underlying concepts are very much inspired by Git and the Nix package manager, enabling the installation of multiple software versions side by side, or the ability to roll back the installation to an earlier state. Also the on-target tooling breaks with the traditional notion of package management. Instead of executing package-management steps with vast privileges, each single step, for example extracting downloaded content, is executed in a dedicated sandbox.
Besides Sculpt, the Genode release 18.02 also includes many other noteworthy improvements. E.g., the user-level networking stack received a lot of attention, the Nim programming language can now be used for implementing Genode services, there are new tracing facilities, and improved drivers support for NXP i.MX hardware. Furthermore, many 3rd-party software packages received updates. All the improvements are covered by the detailed release documentation.
I’m excited for when the Sculptor’s Cut version is released!
Wow! What an enormous effort to get to this point. Whatever the long-term success of this project, I believe it will enhance the security model for many projects.
I agree. I really think the “Year Of Sculpt” could be be a turning point, not just for Genode, but for secure computing in general. I can’t wait to get it on a tablet, as well as the desktop / server!
Despite the release notes, this runs great in QEMU/KVM if you’re not interested in virtualizing within Genode itself (or if you have nested virtualization turned on). The build process as laid out in the article runs in about 15 seconds once you clone the repository and produces a ~17MB iso. Neither of those are mistakes. The Sculpt isos are in fact supposed to be that small, and are mostly assembled from prebuilt binary packages, with the rest getting pulled in via package downloads later.
For those a bit more familiar with Genode, this release runs on the NOVA kernel rather than base-hw (no virtualization or IOMMU) or seL4 (no SMP).
I took it for a quick spin, and was impressed (as I expected).
Readers of this site shouldn’t be intimidated from giving it a try, just for fun. It only requires basic skills in the *nix command line, vim, and XML editing to follow the introduction / tutorial.
The build tools are high-level and very cleanly designed, and the documentation is very clear (the documentation quality for Genode in general is very high). The release notes recommend Ubuntu LTS for the build system, but I’ve had no problem using Debian unstable. As @tidux said, it generates a small, bootable ISO file very quickly.
Once you are in the “Sculpt” environment, you are working in a bash shell. Instead of issuing commands to do things, you edit configuration (XML) files. When the file is saved, the changes take effect immediately. It takes a little getting used to, but IMO it’s an elegant system. (As a handy shortcut, they provide several preset configuration files that you copy over the real config file, instead of hand-editing each time.)
Hardware support is a little lacking at the moment – it currently supports certain Intel chipsets. I booted it in a VirtualBox VM, using the ISO file directly, and it mostly worked (VESA display, mouse, keyboard), but I was only able to get either networking or the hard drive to work (but not both), based on the VM “Chipset” setting. I haven’t tried QEMU or KVM yet.