mirror of
https://github.com/genodelabs/genode.git
synced 2025-01-18 10:46:25 +00:00
Genode OS Framework
armcpluspluscppframeworkgenodegoahypervisorlinuxmicrokernelnovaobject-capabilitiesoperating-systemosdevriscvsculpt-ossel4virtualizationx86
aeb65d6b1b
* ARM support and detaching from Ada/SPARK
* Remove all CBE-related code - especially the Ada/SPARK-based CBE library.
* We have no means or motivation of further maintaining big projects in
Ada/SPARK (the core Genode team is native to C++).
* The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
important architecture for Genode. This would mean extra commitment in
Ada/SPARK.
* We realize that block encryption more and more becomes a fundamental
feature of Genode systems.
* Implement a new block encryption library named Tresor that is inspired by
the design and feature set of the former CBE library and that is entirely
C++ and part of the Genode gems repository.
* The Tresor block encryption is backwards-compatible with the on-disk
data layout of the former CBE block encryption.
* Except from the snapshot management and the "dump" tool, the Tresor
block encryption provides the same feature set as the former CBE block
encryption and accepts the same user requests at the level of the
Tresor library API.
* So far, the Tresor block encryption does not support the creation of
user-defined snapshots.
* In contrast to the former CBE, the Tresor ecosystem has
no "dump" tool beause with the CBE library it turned out to be rarely of
use.
* In contrast to the Block back-end of the CBE "init" tool, the Tresor
"init" tool uses a File System back-end.
* The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.
* The Tresor-VFS plugin in general is similar to the former CBE VFS but
has a slightly different API when it comes to re-keying and re-sizing.
Each of these operations now is controlled via two files. The first
file is named <operation> and the user writes the start command to it.
The user must then read this file once in order to drive the operation.
The read returns the result of the operation, once it is finished.
The second file is named <operation>_progress and can be watched and
read for obtaining the progress of the operation as percentage.
* The file vault is adapted to use the new Tresor ecosystem
instead of the former CBE ecosystem and thereby also gains ARM support.
* The former CBE tester and CBE VFS-tests are replaced by equivalent
Tresor variants and are now run on ARM as well (testing with a persistent
storage back-end is supported only when running on Linux).
* So far, the new Tresor block encryption has no internal cache for meta
data blocks like the former CBE.
* Add config/report user interface
* Add a second option for the administration front end to the file vault
named "config and report". With this front end the File Vault communicates
with the user via XML strings. A ROM session is requested for user input
and a Report session for user output. The front end type must be set at
startup via the component config and is a static setting. The graphical
front end that was used up to now is named "menu view" and remains the
default.
* The File Vault can now reflect its internal state and user input ("config
and report" mode only) at the LOG session via two new static config
attributes "verbose_state" and "verbose_ui_config" (both defaulting to
"no").
* The Shutdown button in "menu view" mode is replaced with a Lock button. The
new button doesn't terminate the File Vault but merely lock the encrypted
container and return to a cleared passphrase input. The same transition is
also provided in "config and report" mode.
* The file_vault.run script is replaced with file_vault_menu_view.run and
file_vault_cfg_report.run that address the two front end modes. In contrast
to the former script, which is interactive, the latter script is suitable
for automatic testing.
* There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
the same as file_vault_cfg_report.run but uses the File Vault package and
can be executed with the Depot Autopilot. The new test package is added to
the default test list of depot_autopilot.run
* The File Vault README is updated to the new version of the component and
has gained a chapter "functional description".
* Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault.
* The new Tresor software Trust Anchor has an optional deterministic mode in
which it replaces the normally randomized symmetric keys with 0. This mode
comes in handy for debugging. However, it should never be activated in
productive systems. When activated, the user is warned extensively on the
LOG that this system mode is insecure.
Ref #4819
|
||
|---|---|---|
| doc | ||
| repos | ||
| tool | ||
| .gitignore | ||
| LICENSE | ||
| README | ||
| VERSION | ||
=================================
Genode Operating System Framework
=================================
This is the source code of Genode, which is a framework for creating
component-based operating systems. It combines capability-based security,
microkernel technology, sandboxed device drivers, and virtualization with
a novel operating system architecture. For a general overview about the
architecture, please refer to the project's official website:
:Website for the Genode OS Framework:
[https://genode.org/documentation/general-overview]
Genode-based operating systems can be compiled for a variety of kernels: Linux,
L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, seL4, and a custom "hw"
microkernel for running Genode without a 3rd-party kernel. Whereas the Linux
version serves us as development vehicle and enables us to rapidly develop the
generic parts of the system, the actual target platforms of the framework are
microkernels. There is no "perfect" microkernel - and neither should there be
one. If a microkernel pretended to be fit for all use cases, it wouldn't be
"micro". Hence, all microkernels differ in terms of their respective features,
complexity, and supported hardware architectures.
Genode allows for the use of each of the supported kernels with a rich set of
device drivers, protocol stacks, libraries, and applications in a uniform way.
For developers, the framework provides an easy way to target multiple different
kernels instead of tying the development to a particular kernel technology. For
kernel developers, Genode contributes advanced workloads, stress-testing their
kernel, and enabling a variety of application use cases that would not be
possible otherwise. For users and system integrators, it enables the choice of
the kernel that fits best with the requirements at hand for the particular
usage scenario.
Documentation
#############
The primary documentation is the book "Genode Foundations", which is available
on the front page of the Genode website:
:Download the book "Genode Foundations":
[https://genode.org]
The book describes Genode in a holistic and comprehensive way. It equips you
with a thorough understanding of the architecture, assists developers with the
explanation of the development environment and system configuration, and
provides a look under the hood of the framework. Furthermore, it contains the
specification of the framework's programming interface.
The project has a quarterly release cycle. Each version is accompanied with
detailed release documentation, which is available at the documentation
section of the project website:
:Release documentation:
[https://genode.org/documentation/release-notes/]
Directory overview
##################
The source tree is composed of the following subdirectories:
:'doc':
This directory contains general documentation along with a comprehensive
collection of release notes.
:'repos':
This directory contains the source code, organized in so-called source-code
repositories. Please refer to the README file in the 'repos' directory to
learn more about the roles of the individual repositories.
:'tool':
Source-code management tools and scripts. Please refer to the README file
contained in the directory.
Additional hardware support
###########################
The framework supports a variety of hardware platforms such as different ARM
SoC families via supplemental repositories.
:Repositories maintained by Genode Labs:
[https://github.com/orgs/genodelabs/repositories]
Additional community-maintained components
##########################################
The components found within the main source tree are complemented by a growing
library of additional software, which can be seamlessly integrated into Genode
system scenarios.
:Genode-world repository:
[https://github.com/genodelabs/genode-world]
Community blog
##############
Genodians.org presents ideas, announcements, experience stories, and tutorials
around Genode, informally written by Genode users and developers.
:Genodians.org:
[https://genodians.org]
Contact
#######
The best way to get in touch with Genode developers and users is the project's
mailing list. Please feel welcome to join in!
:Genode Mailing Lists:
[https://genode.org/community/mailing-lists]
Commercial support
##################
The driving force behind the Genode OS Framework is the German company Genode
Labs. The company offers commercial licensing, trainings, support, and
contracted development work:
:Genode Labs website:
[https://www.genode-labs.com]