Prerequisite mechanism that Genode expects from a new kernel
Norman Feske
norman.feske at ...1...
Thu Jun 2 07:00:28 CEST 2011
Hi Althaf,
> specifications, however i realised its an adaptive framework. I will
> give a notion of what i had expected, well i envisioned it to be one
> like DDEkit- or Secure Userspace Execution Enviroment kit ( SUEEkit)
> over 'any' mono/micro/hypervisor kernel, though it is correct, I
> conclude from your reply that there is no solid bottom layer specification?
the Base API can be regarded as a "bottom layer specification" (its
implementation is typically less than 10KLOC) of the whole system but
there is no fixed base-internal interface. This gives each platform
maximum flexibility about how the API is implemented. Given the vast
differences of the mechanisms used, this flexibility is needed. E.g., by
comparing the ways processes are created and address spaces are managed
on Linux and L4, you will see that the respective base code has almost
nothing in common. On Linux, 'rm_session()->attach()' is implemented
locally by the calling process using mmap. In contrast, on L4, the same
API function is an RPC to core, which, in turn, manipulates the address
space on demand (using L4's map/unmap) when a page fault occurs.
> About my requirement, well i would like to adapt Genode for daily use
> (on the long run) over a stripped down linux, ie not related to current
> base-linux which only a dev / proof of concept platform than complying
> to genode policy. I actually wondered why genode port to linux was using
> sockets, than other secure linux mechanism like Shared memory and et
> al.Now i understood why. ;-).
Thanks for this very interesting insight. Is your idea in line with the
topic "Microkernelizing Linux" described on our "Challenges" Wiki page?
http://genode.org/community/wiki/Challenges
Let me suggest two pointers that we stumbled upon when we brain-stormed
this idea. First, we were pointed to Linux' "resource containers", which
promise to allow the assignment of fine-grained resource constraints to
individual processes. This looks like an interesting mechanism to
support Genode's resource-trading concept. Secondly, we were made aware
of the Capsicum project, which brings capability-based security to Linux.
http://www.cl.cam.ac.uk/research/security/capsicum/
This looks like it may fit for securing the IPC communication between
Genode processes on Linux.
Best regards
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users
mailing list