ARM trust zone and Wayland on Genode?

Norman Feske norman.feske at ...1...
Thu Jan 30 10:37:14 CET 2014

Hello Peter,

>     It seems like Genode's secure display windows are off to a good
> start with "Nitpicker"...  
> ...What is happening so that the Wayland display compositor will be able
> to in some way run withing the Genode OS? 

as far as I know, there is no concrete plan to bring Wayland to Genode.
It is not mentioned on our road map [1]. However, we have listed the
topic at our "challenges" page as a rough idea.


Design-wise there seem to be many similarities between nitpicker and
Wayland, but both solutions were created under different premises. For
Wayland, fluent graphics without any tearing artifacts were a big
motivation. The goal was to overcome the deficiencies of In
contrast, nitpicker was designed for security in the first place (you
can read more details in my dissertation [3]). Both goals led to a
similar design, which is a very good sign.


Personally, I think that exploring the combination of Wayland with
Genode is an interesting topic, but I am anything but sure about the
outcome. Whereas Wayland was designed for Linux, it is unclear to me how
well it fits with Genode's capability-based security model. Also, a
Wayland-based graphics stack will be significantly more complex than a
nitpicker-based one. This is because Wayland uses OpenGL as backend. So
Mesa plus the whole driver stack becomes a mandatory part of the trusted
computing base for any graphical application. In contrast, nitpicker's
trusted computing base is orders of magnitude less complex.

That said, I think this does not need to be an either-or discussion
because different users have different needs. Not everyone is picky
about a low-complexity trusted-computing base. Having the option to use
Wayland or nitpicker would be great.

As a technical precondition to take a closer look at Wayland on Genode,
we first need to address the problem to bring our version of Mesa up to
date and provide a way to use hardware-accelerated graphics. Those
topics are also important for Qt5's QML. For this reason, I raised the
point during the discussion of the road map. Even though we haven't put
it on the official road map, we still plan to work on it.

>     Where might I find more info on the efforts to run Genode within ARM
> TrustZone...

We are positively surprised about the response to our TrustZone work.
Currently, there is not much documentation available. But we will
obviously need to change that.

For practical steps of how to start experimenting with TrustZone, maybe
Stefan can give you a good starting point?

Btw, there will be talk by him at FOSDEM on Sunday in Brussels. We will
publish the slides and there may be even a video recording.

Best regards

Dr.-Ing. Norman Feske
Genode Labs ·

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

More information about the users mailing list