Genode OS framework is a tool kit for building highly secure special-purpose operating systems. It scales from embedded systems with as little as 4 MB of memory to highly dynamic general-purpose workloads.
Design concepts The system is based on a recursive structure. Each program is executed in a dedicated
sandbox and gets granted only those access rights and resources that are required to fulfill its specific purpose. Programs can create and manage sub-sandboxes out of their own resources, thereby forming hierarchies where policies can be applied at each level. The framework provides mechanisms to let programs communicate with each other and trade their resources, but only in strictly defined manners. Thanks to this rigid regime, the attack surface of security-critical functions can be reduced by orders of magnitude compared to contemporary operating systems. The framework aligns the construction principles of microkernels with
Unix philosophy. In line with Unix philosophy, Genode is a collection of small building blocks, out of which sophisticated systems can be composed. But unlike Unix, those building blocks include not only applications but also all classical OS functionalities including
kernels, device drivers,
file systems, and
protocol stacks.
Features CPU architectures Genode supports the
x86 (32 and 64 bit),
ARM (32 and 64 bit), and
RISC-V (64 bit) CPU architectures. On x86, modern architectural features such as
IOMMUs and
hardware virtualization can be utilized. On ARM, Genode is able to take advantage of TrustZone and virtualization technology.
Kernels Genode can be deployed on a variety of different kernels including most members of the
L4 microkernel family (NOVA, seL4, Fiasco.OC, OKL4 v2.1, L4ka::Pistachio, L4/Fiasco). Furthermore, it can be used on top of the
Linux kernel kernel to attain rapid development-test cycles during development. Additionally, the framework is accompanied with a custom microkernel that has been specifically developed for Genode and thereby further reduces the complexity of the trusted computing base compared to other kernels.
Virtualization Genode supports virtualization at different levels: • Using NOVA or Genode's custom kernel, faithful virtualization via
VirtualBox allows for the execution of unmodified guest operating systems as Genode subsystems. Alternatively, the Seoul
virtual machine monitor can be used to run unmodified Linux-based guest OSes. • On ARM, Genode can be used as TrustZone monitor, or as a virtual machine monitor that facilitates ARM's virtualization extensions.
Building blocks The Framework consists of hundreds of ready-to-use components such as: • Device drivers for most common PC peripherals including networking, storage, display,
USB,
PS/2, Intel wireless, Intel
GPUs, and audio. • Device drivers for a variety of ARM-based
SoCs, in particular the NXP
i.MX family. • A
GUI stack including a low-complexity GUI server,
window management, and
widget toolkits such as
Qt. • Networking components such as
TCP/IP stacks and
packet-level network services. • Applications based on the
POSIX interface, including
GNU coreutils,
bash,
GCC,
binutils, and
findutils. ==Releases==