Hi Neal,
thanks for tuning-in on the Genode mailing list! :-)
Is the intention that the base-hw remain experimental? Or, is the long-term plan to make it a proper microkernel? From what you say here, it sounds like I shouldn't consider base-hw as a potential microkernel. Martin, however, seems to suggest it will become a viable target in the near future.
Sure, base-hw is definitely planned to become a proper platform. But the word "kernel" does not really express well the role of base-hw. Let me explain:
Base-hw was born out of the observation that classical L4-based systems carry quite significant redundancies between the microkernel and roottask as both kernel and roottask have to keep track of how resources are assigned to processes. I.e., the kernel contains a mapping data base and page tables, but roottask also keeps records of how memory pages are used by user-level processes. The same story can be told of other kernel objects such as threads and protection domains.
The crux is that both kernel and roottask are mandatory parts of the trusted computing base. On typical L4-based systems, the code for those parts amounts to 20,000+ LOC (10+ KLOC kernel plus 10 KLOC roottask). This observation led us to the idea to merge both kernel and Genode's roottask (core) into one program. In this design, the "kernel" is not a self-sustaining piece of software but a mere library that provides back-end functionality for roottask. I.e., it performs no allocations and becomes active only when called by the roottask code (via one of the roottask-local system calls) or by IPC operations. All the dynamic (and complicated) stuff like memory management is handled by roottask code using Genode's user-level abstractions. The outcome of this experiment is that the combined program (base-hw core) comprises about 13,000 LOC, indicating that the approach is able to drastically reduce the mandatory parts of the trusted computing base.
As of now, we don't recommend the use of base-hw in serious settings because it is still in flux. That said, Genode hides the peculiarities of the particular kernels. Because hopping between kernels (such as base-hw and Fiasco.OC) is almost seamless, there is no need to pick a kernel upfront when starting the development of a Genode-based system. Just pick the most convenient kernel to start with. At the API level, Genode is capability-based. So developers using the API effectively develop components for a capability-based system. Once kernel-protected capabilities become available in base-hw, this change will be transparent to users of the API.
Regardless of the state of base-hw, if you desire a Genode base platform with kernel-protected capabilities today, you can use Fiasco.OC (ARM, x86) or NOVA (x86) right away.
Regards Norman