Hi everyone,
I'm new to the genode mailing list, so before I start asking questions, I would want to introduce myself. I'm a software developer and entrepreneur and I'm looking for the right tools to build a new product. It will be a cloud platform which focuses on security and privacy. Now, I'm interested in whether Genode could help me with that, and so I would be very thankful if you could help me with the questions I have so far.
My first question is whether there is a resource multiplexer for a TPM in Genode? Is there something equivalent to the Virtual Trusted Platform Module in Xen? [1]
My second question is how Genode can communicate with a system that is running inside a NOVA hypervisor. Let's say I want to run an unmodified Linux kernel on top of NOVA. Is there some kind of kernel module for Linux that acts as a client/server to some server/client running somewhere else in Genode? In other words, how can RPC be passed into and out of the Linux user space?
My next question is how difficult it is to write Genode applications in Haskell. Is there an environment which can run Haskell applications, something similar to the Haskell Lightweight Virtual Machine for Xen? [2]
My last question is about the GPL licensing of the Genode OS framework. What licensing requirements are there for the Genode applications? Do they have to be released under a GPL compatible license as well, or can that be closed source components?
To put these question into relation, a few words about the software architecture that I have in mind. I want to run Genode at the lowest layer, and then run isolated, normal Linux systems on top of the NOVA hypervisor. The Linux systems should be controlled and managed by a Haskell application that is running directly on Genode and communicates with Linux user space programs through RPC. The PRC for the Linux user space applications should be somehow fed through NOVA and the Linux kernel. The Haskell application might not be available as open source, so that is where the last question is coming from.
I would very much appreciate to hear about your thoughts.
Many thanks in advance, Thomas
[1] http://wiki.xen.org/wiki/Virtual_Trusted_Platform_Module_(vTPM) [2] https://github.com/GaloisInc/HaLVM
I myself am not familiar enough with Genode to answer all your questions, but I can answer the GPL question and give you some security advice. The GPL will let you run closed-source applications on top of Genode like they will on Linux, with the condition that you don't use any GPL-licensed libraries. Unfortunately, given that you will have to link to Genode's core library, the GPL will be an issue (and even the LGPL would for Genode in its current state), but I would bet that Genode Labs would be very willing to give you a license that will deal with that issue. If you are providing cloud storage as well as cloud computing, I would recommend that you encrypt the stored data (including file names) itself such that the user's password is required to decrypt it. That would make security-concerned users much more comfortable with using your storage, since they would know that you can't read their data. Also, non-browser interfaces are more trustworthy than browser-based ones, since web browsers are subject to phishing and the like. On Nov 11, 2014 2:09 AM, "Thomas Strobel" <ts468@...270...> wrote:
Hi everyone,
I'm new to the genode mailing list, so before I start asking questions, I would want to introduce myself. I'm a software developer and entrepreneur and I'm looking for the right tools to build a new product. It will be a cloud platform which focuses on security and privacy. Now, I'm interested in whether Genode could help me with that, and so I would be very thankful if you could help me with the questions I have so far.
My first question is whether there is a resource multiplexer for a TPM in Genode? Is there something equivalent to the Virtual Trusted Platform Module in Xen? [1]
My second question is how Genode can communicate with a system that is running inside a NOVA hypervisor. Let's say I want to run an unmodified Linux kernel on top of NOVA. Is there some kind of kernel module for Linux that acts as a client/server to some server/client running somewhere else in Genode? In other words, how can RPC be passed into and out of the Linux user space?
My next question is how difficult it is to write Genode applications in Haskell. Is there an environment which can run Haskell applications, something similar to the Haskell Lightweight Virtual Machine for Xen? [2]
My last question is about the GPL licensing of the Genode OS framework. What licensing requirements are there for the Genode applications? Do they have to be released under a GPL compatible license as well, or can that be closed source components?
To put these question into relation, a few words about the software architecture that I have in mind. I want to run Genode at the lowest layer, and then run isolated, normal Linux systems on top of the NOVA hypervisor. The Linux systems should be controlled and managed by a Haskell application that is running directly on Genode and communicates with Linux user space programs through RPC. The PRC for the Linux user space applications should be somehow fed through NOVA and the Linux kernel. The Haskell application might not be available as open source, so that is where the last question is coming from.
I would very much appreciate to hear about your thoughts.
Many thanks in advance, Thomas
[1] http://wiki.xen.org/wiki/Virtual_Trusted_Platform_Module_(vTPM) [2] https://github.com/GaloisInc/HaLVM
Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.cl... _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hi Thomas,
welcome to the mailing list!
I'm new to the genode mailing list, so before I start asking questions, I would want to introduce myself. I'm a software developer and entrepreneur and I'm looking for the right tools to build a new product. It will be a cloud platform which focuses on security and privacy. Now, I'm interested in whether Genode could help me with that, and so I would be very thankful if you could help me with the questions I have so far.
My first question is whether there is a resource multiplexer for a TPM in Genode? Is there something equivalent to the Virtual Trusted Platform Module in Xen? [1]
No. There does not even exist an interface for TPM functionality within Genode yet.
My second question is how Genode can communicate with a system that is running inside a NOVA hypervisor. Let's say I want to run an unmodified Linux kernel on top of NOVA. Is there some kind of kernel module for Linux that acts as a client/server to some server/client running somewhere else in Genode? In other words, how can RPC be passed into and out of the Linux user space?
There exists no generic solution for passing RPCs between the Genode world and the guest OS world. Since Genode is able to run on both NOVA and Linux, however, it might be theoretically possible to bridge this gap. I think this would be an interesting research topic.
The classical (and less risky) approach would be to expose the needed Genode functionality via a virtual device to the guest OS and install a driver in the guest OS kernel that provides a suitable interface to the guest user land.
My next question is how difficult it is to write Genode applications in Haskell. Is there an environment which can run Haskell applications, something similar to the Haskell Lightweight Virtual Machine for Xen? [2]
Even though the idea to run raw Haskell programs directly on Genode is intriguing (it is even mentioned in our "Challenges" page [1]), we have not pursued any development. If you decide to move into this direction, I'd be glad to support you.
[1] http://genode.org/about/challenges
My last question is about the GPL licensing of the Genode OS framework. What licensing requirements are there for the Genode applications? Do they have to be released under a GPL compatible license as well, or can that be closed source components?
The regular GPL version of Genode does not accommodate proprietary components. However, Genode Labs offers Genode under commercial licensing terms [2], which would be the way to go in your situation:
[2] http://genode.org/commercial-support
I would very much appreciate to hear about your thoughts.
Thank you for the good introduction of your plans. I am happy about your interest and would be delighted to support your undertaking to combine Haskell with Genode.
Best regards Norman
Hey guys,
On Wed, 12 Nov 2014 09:43:36 +0100 Norman Feske <norman.feske@...1...> wrote:
My next question is how difficult it is to write Genode applications in Haskell. Is there an environment which can run Haskell applications, something similar to the Haskell Lightweight Virtual Machine for Xen? [2]
Even though the idea to run raw Haskell programs directly on Genode is intriguing (it is even mentioned in our "Challenges" page [1]), we have not pursued any development. If you decide to move into this direction, I'd be glad to support you.
I just want to let you know, that I really like the idea of running Haskell applications on Genode. I assume this boils done to porting the RTS. Moreover, I'd prefer an integrated approach that also allows accessing RPC interfaces from within Haskell applications. I don't have much experience with Haskell (yet) but the Foreign Function Interface (FFI) [1] looks quite promising for this purpose. There is also an FFI generator for C++ [2]. Let me know if you are going to pursue this challenge.
[1] https://www.haskell.org/haskellwiki/FFI_Introduction [2] https://github.com/wavewave/fficxx
Cheers Johannes
Hi Norman, Johannes and Nobody III,
thank you very much for your explanations, your interest and your feedback!
Also, thanks for the offer to support me with running Haskell programs directly on Genode.
Considering the amount of work that would be needed, I think I don't have the resources for that at the moment. I will stay with Xen as hypervisor for now.
Out of interest, is there a way to merge Genode and Xen? Xen allows dom0 disaggregation where device drivers are packed with a server backend in unprivileged, isolated VMs, which seems very similar to resource multiplexers in Genode I think. QEMU is also separated into individual VMs for each guest OS. The complexity of dom0 reduces at the same time, so it seems as Xen would be moving towards a micro kernel approach as well? A clear difference for me is that e.g. Genode allows a better capability and resource management at the moment.
So in your opinion, where do you see clear differences between Genode and the future Xen?
Would it be possible to bring the advantages of Genode over to Xen?
Would it be possible to run Xen enabled applications directly on the Genode framework?
I'm just curious because I think that Xen has a lot of momentum in industry at the moment, and I wonder whether Genode can benefit from that.
Best regards Thomas
On 11/12/2014 09:43 AM, Norman Feske wrote:
Hi Thomas,
welcome to the mailing list!
I'm new to the genode mailing list, so before I start asking questions, I would want to introduce myself. I'm a software developer and entrepreneur and I'm looking for the right tools to build a new product. It will be a cloud platform which focuses on security and privacy. Now, I'm interested in whether Genode could help me with that, and so I would be very thankful if you could help me with the questions I have so far.
My first question is whether there is a resource multiplexer for a TPM in Genode? Is there something equivalent to the Virtual Trusted Platform Module in Xen? [1]
No. There does not even exist an interface for TPM functionality within Genode yet.
My second question is how Genode can communicate with a system that is running inside a NOVA hypervisor. Let's say I want to run an unmodified Linux kernel on top of NOVA. Is there some kind of kernel module for Linux that acts as a client/server to some server/client running somewhere else in Genode? In other words, how can RPC be passed into and out of the Linux user space?
There exists no generic solution for passing RPCs between the Genode world and the guest OS world. Since Genode is able to run on both NOVA and Linux, however, it might be theoretically possible to bridge this gap. I think this would be an interesting research topic.
The classical (and less risky) approach would be to expose the needed Genode functionality via a virtual device to the guest OS and install a driver in the guest OS kernel that provides a suitable interface to the guest user land.
My next question is how difficult it is to write Genode applications in Haskell. Is there an environment which can run Haskell applications, something similar to the Haskell Lightweight Virtual Machine for Xen? [2]
Even though the idea to run raw Haskell programs directly on Genode is intriguing (it is even mentioned in our "Challenges" page [1]), we have not pursued any development. If you decide to move into this direction, I'd be glad to support you.
[1] http://genode.org/about/challenges
My last question is about the GPL licensing of the Genode OS framework. What licensing requirements are there for the Genode applications? Do they have to be released under a GPL compatible license as well, or can that be closed source components?
The regular GPL version of Genode does not accommodate proprietary components. However, Genode Labs offers Genode under commercial licensing terms [2], which would be the way to go in your situation:
[2] http://genode.org/commercial-support
I would very much appreciate to hear about your thoughts.
Thank you for the good introduction of your plans. I am happy about your interest and would be delighted to support your undertaking to combine Haskell with Genode.
Best regards Norman
Hi Thomas,
Considering the amount of work that would be needed, I think I don't have the resources for that at the moment. I will stay with Xen as hypervisor for now.
no problem. :-)
Out of interest, is there a way to merge Genode and Xen? Xen allows dom0 disaggregation where device drivers are packed with a server backend in unprivileged, isolated VMs, which seems very similar to resource multiplexers in Genode I think. QEMU is also separated into individual VMs for each guest OS. The complexity of dom0 reduces at the same time, so it seems as Xen would be moving towards a micro kernel approach as well? A clear difference for me is that e.g. Genode allows a better capability and resource management at the moment.
So in your opinion, where do you see clear differences between Genode and the future Xen?
I think the main difference are the starting points of both projects. Xen is a hypervisor platform in the first place and seems to gradually move towards componentization wherever it seems sensible. In contrast, Genode is designed as component-based operating system that happens to also support virtualization. Compared to the approaches I know from Xen, the granularity of Genode's componentization is extremely fine. In fact, there are over 100 components that can be combined to compose systems out of. From the security point of view, the most distinctive characteristic of Genode is a much lower TCB complexity. A Xen-based system has to rely on the complex Xen hypervisor and the Linux system that runs as Dom0. In contrast, Genode-based systems do not require a DomU at all and can run on kernels that are as small as 10,000 lines of code (NOVA). This makes the trusted computing base of such systems orders of magnitude less complex.
Would it be possible to bring the advantages of Genode over to Xen?
I believe so. In principle, I could envision three approaches:
* Supporting Xen as a kernel for Genode and use Xen's domains as Genode's protection domains. However, this would require a significant amount of work and the chance for creating synergies between the Xen community and Genode is very little. Also, I do not see any technical advantage of using Xen as kernel over NOVA.
* Using Genode as a replacement of Dom0. This would benefit Xen by drastically reducing the TCB complexity of Xen-based systems compared to the current use of Linux. The main problem here is moving the existing Xen tools from Linux to Genode. There must be a clear incentive to do that.
* Using Genode as a DomU. Instead of using multiple MiniOSes for executing components, Genode could be used to host components and let them interact with each other. Still, selected functionalities could reside in separate VMs. So there would be a migration path. To kick off work in this direction, the NOVA version of Genode could be used in a DomU as is. Then, a set of user-level device drivers for Xen's inter-domain communication facilities must be developed to connect the Genode world with the Xen world.
Would it be possible to run Xen enabled applications directly on the Genode framework?
Could you please be more specific about the applications you refer to?
Cheers Norman
Hi Thomas,
2014-11-11 12:08 GMT+03:00 Thomas Strobel <ts468@...270...>:
My next question is how difficult it is to write Genode applications in Haskell. Is there an environment which can run Haskell applications, something similar to the Haskell Lightweight Virtual Machine for Xen? [2]
A few words about Haskell in Genode.
I tried to use Haskell in Genode earlier this year. As the compiler I used AJHC [1]. This compiler translate code in Haskell to C code and easy integrated to Genode's build system. For using AJHC in Genode must be ported his runtime. Looks work for simple applications. To call a Genode's functions can be used a C-wrapper. It is suitable for writing client applications. But I encountered a limitation of the compiler to call Haskell functions from C/C++ code that is required for writing server applications. Perhaps these problems can be solved, but I don't have enough experience in Haskell.
-
Ivan Loskutov -
Johannes Schlatow -
Nobody III -
Norman Feske -
Thomas Strobel