-
Migration of incompatible File Vault containers
The File Vault is a graphical tool for creating and managing encrypted file containers in Genode. The first official version was published with Sculpt 21.03b. Since then, the File Vault is part of the basic tooling for Sculpt. Continue...
-
Genode at the FOSDEM 2023
Last week, I returned from the FOSDEM 2023 in Brussels and it was a great joy for me after all these years to finally see a real-live FOSDEM again. Besides belgian fries and sweetened mate tea, one could once again get a taste of Genode at the conference. This year, the OS framework received 3 presentation in two different tracks. Continue...
-
Creating a captive portal VM for Sculpt
Some 3 years ago, I worked on a minimal and disposable VM for Sculpt that is capable of viewing the landing page of a local network. In many networks, this is necessary in order to gain internet access and therefore even before being able to deploy third-party packages in Sculpt. This article is a briefly polished version of the tutorial I created back then. But it should still apply to newer Sculpt versions. It uses VirtualBox 5 and with TinyCore guest running Firefox. Continue...
-
USB smart cards via PKCS#11
With the 22.08 release, Genode gains support for accessing USB smart-card devices like typical authentication and HSM keys via PKCS#11. Continue...
-
Bringing WireGuard to Genode
WireGuard is a protocol that implements encrypted, virtual private networks (VPNs) with focus on ease-of-use, a very small attack surface, and high performance. For quite some time now, we were keen to support WireGuard also in Genode as a native standard solution for peer-to-peer encryption. With Genode 22.05, we could finally accomplish that goal. Continue...
-
Genode's VFS #3: Networking
Over the past years, the Virtual File System (VFS) has played an ever more important role in Genode-based systems. Its applications cover not only access to conventional file systems but also font servers, network stacks, cryptographic devices, debugging facilities, and more. Yet documentation about the VFS is quite scattered and context-specific. In this article series I'd like to gather simple examples that explain how to use most of the plugins and utilities around Genode's VFS. Continue...
-
Spunky #6: CPU device driver
In this article series I illustrate the development of an Ada kernel for Genode named Spunky. The approach is to first successively translate parts from the C++ base-hw kernel and temporarily integrate them with the remaining C++ parts. Once, the whole Kernel made it to Ada, Spunky can be further developed independently to benefit from the characteristics of Ada or even SPARK. This time, I'll talk about the port of the CPU device driver and about the use of the GNAT binder for the Spunky main package. Continue...
-
Genode's VFS #2: Storage and interconnections
Over the past years, the Virtual File System (VFS) has played an ever more important role in Genode-based systems. Its applications cover not only access to conventional file systems but also font servers, network stacks, cryptographic devices, debugging facilities, and more. Yet documentation about the VFS is quite scattered and context-specific. In this article series I'd like to gather simple examples that explain how to use most of the plugins and utilities around Genode's VFS. Continue...
-
Spunky #5: IRQ controller driver
In this article series I illustrate the development of an Ada kernel for Genode named Spunky. The approach is to first successively translate parts from the C++ base-hw kernel and temporarily integrate them with the remaining C++ parts. Once, the whole Kernel made it to Ada, Spunky can be further developed independently to benefit from the characteristics of Ada or even SPARK. This time, I talk about my personal learning curve regarding low-level programing with Ada and the porting of the IRQ controller driver. Continue...
-
Genode's VFS #1: The basics
Over the past years, the Virtual File System (VFS) has played an ever more important role in Genode-based systems. Its applications cover not only access to conventional file systems but also font servers, network stacks, cryptographic devices, debugging facilities, and more. Yet documentation about the VFS is quite scattered and context-specific. In this article series I'd like to gather simple examples that explain how to use most of the plugins and utilities around Genode's VFS. Continue...
-
Spunky #4: Kernel Timing
In this article series I illustrate the development of an Ada kernel for Genode named Spunky. The approach is to first successively translate parts from the C++ base-hw kernel and temporarily integrate them with the remaining C++ parts. Once, the whole Kernel made it to Ada, Spunky can be further developed independently to benefit from the characteristics of Ada or even SPARK. This time, I talk about the translation of timeout scheduling and the underlying timer driver. Continue...
-
A short guide to the Timer Session interface
In my last article about timing, I presented the Timeout framework - the most preferable solution when you want to do timing in native Genode applications. However, I also pointed out that the Timeout framework isn't always the best solution and promised to explain in detail when and how to fall back to the Timer session in this case. That's what this article is about. Continue...
-
Introducing the File Vault
The File Vault is a graphical user interface that aims for making it easy for everyone to create and manage encrypted file systems in Genode. A beta version of the vault was just published for Sculpt 21.03b in my depot mstein -> Tools -> file vault. Therefore, I'll give a short overview of the program. Continue...
-
A short guide to the Timeout framework
Last week, a colleage of mine asked me on how to use the native interface for userland timing in Genode, the Timeout framework. So, I thought it would be worth sharing this knowledge in form of a short article. Continue...
-
USB stick passthrough in Sculpt 21.03
Recently, I wanted to use an USB stick in my Linux VM in Sculpt 21.03 and I couldn't figure out anymore how to do it. I was surprised that I struggled to find information on this topic and so I wrote this short tutorial in order to make it easier for others. Continue...
-
Genode Community Summer 2020
Update: Due to the uncertain situation with the Corona virus and the low number of participation requests so far, the Genode Community Summmer 2020 will not take place! Continue...
-
The CBE series #4 - Video "A Linux VM on a CBE device"
There is now an online video of the tutorial "The CBE series #3 - A Linux VM on a CBE device" available on Youtube. It goes through the whole tutorial starting with a fresh Sculpt 20.02 installation until the rekeying of the CBE device while rebooting the Linux VM on top of it. Continue...
-
The CBE series #3 - A Linux VM on a CBE device
In the Genode 20.05 release notes we teased using the CBE for running encrypted VMs in Sculpt. This article will guide you through setting up a CBE device, installing and using a Linux VM on it, and controlling the CBE online - like creating snapshots, resizing the device, or doing a rekeying. Continue...
-
The CBE series #2 - Online resizing
This article describes in detail how online resizing is done in the Consistent Block Encrypter (CBE). Online resizing enables the user to re-dimension the block pools used in the CBE block device with the device remaining accessible throughout the entire process. Continue...
-
The CBE series #1 - Online rekeying
This article explains in detail how online rekeying works in the Consistent Block Encrypter (CBE). Online rekeying means to re-encrypt a CBE block device completely with a new encryption key and eventually remove the old encryption key while the device remains accessible the whole time. Continue...
-
Running Genode in VirtualBox
After I finished the most recent article about Spunky I received feedback from people who tried to run Sculpt OS with Spunky inside a VirtualBox VM and met some difficulties. While trying to reproduce the scenario, I noticed that there seems to be not much documentation about how to run Genode scenarios other than the ready-to-use Virtual-Appliance image from the Sculpt download page in VirtualBox. And there are a few pitfalls. Continue...
-
Spunky #3: Desktop system, FOSDEM video, scheduler, plans
In this series of articles I'll illustrate a hobby project of mine that is trying to create a kernel for Genode written in Ada 2012. This project is not about writing a kernel from scratch but rather successively take parts from the existing base-hw kernel and translate them to Ada. Thus, the design mainly follows the approach taken with base-hw. To be able to test the already translated parts, I link them together with the remaining parts from base-hw. The interfacing between the Ada and the C++ parts is done on the level of object methods. Over time, the code base of the new kernel will become more and more Ada and less C++. Maybe later this work will also lead to some formal verification with SPARK. But for now, I'm happy with Ada. So let's go! Continue...
-
Spunky - Part 2: The Signals, The FOSDEM, and The Repository
In this series of articles I'll illustrate a hobby project of mine that is trying to create a kernel for Genode written in Ada 2012. This project is not about writing a kernel from scratch but rather successively take parts from the existing base-hw kernel and translate them to Ada. Thus, the design mainly follows the approach taken with base-hw. To be able to test the already translated parts, I link them together with the remaining parts from base-hw. The interfacing between the Ada and the C++ parts is done on the level of object methods. Over time, the code base of the new kernel will become more and more Ada and less C++. Maybe later this work will also lead to some formal verification with SPARK. But for now, I'm happy with Ada. So let's go! Continue...
-
Invitation to the Genode Community Summer
Recently, several requests reached us at Genode Labs from people interested in coming to Dresden for a certain period of time to work on their Genode project while beeing able to seek our assistance in person. To give this idea a dedicated space, Genode Labs will hold a new event, the "Genode Community Summer" this year. Continue...
-
The Säntis System Summit in Summer 2019
I must admit that I more or less stumbled into this wonderful event by chance. Not knowing what to expect exactly from the online presentation I was totally overwhelmed by the positive experience in the end. Not only provided the location at mountain Säntis in Appenzell a breathtaking scenery and the hotel was great, but, most of all, amongst all organizers and participants there was an enthusiastic, open-minded and relaxing atmosphere that made this (un)conference special to me. Continue...
-
Type-safe bit access using the register framework
Years ago, when I wrote my first device drivers for Genode, I found myself thinking about a very common problem in this area: MMIO regions that are structered with bit-granularity. Accessing such structures in C++ was normally done with hand-crafted bit arithmetics that not seldom ended-up in long cryptographic statements with raised error potential. Type-safety in this field is highly desirable to improve driver development but unfortunately not part of the basic C++ features. This initiated the development of the so-called MMIO framework in Genode, which later evolved into the more generic Register framework. Over the years, the Register framework has become the prefered tool to describe and access sub-byte structures of any type (not only MMIO) in Genode and has received a lot of handy features of which I'd like to give an overview in this article. Continue...
-
User-friendly handling of missing ports in depot tools
I enjoy the elegant and potent system behind packages in Genode. Therefore I found it particularly sad that, for me, a tiny, rather superficial issue always dimished the user experience: Missing archives of third-party code, called ports, are reported only one at a time, and each time, the user has to push the process forward manually. Because of this, building large packages like Sculpt with dependencies to over 20 of these ports, can become an annoying task. Continue...
-
Spunky: A kernel using Ada - Part 1: RPC
In this series of articles I'll illustrate a hobby project of mine that is trying to create a kernel for Genode written in Ada 2012. This project is not about writing a kernel from scratch but rather successively take parts from the existing base-hw kernel and translate them to Ada. Thus, the design mainly follows the approach taken with base-hw. To be able to test the already translated parts I link them together with the remaining parts from base-hw. The interfacing between the Ada and the C++ parts is done on the level of object methods. Over time, the code-base of the new kernel will become more and more Ada and less C++. Maybe later this work will also lead to some formal verification with SPARK but for now, I'm happy with Ada. So let's go! Continue...
-
Integrating and running automated tests - Part 2
In this article I'd like to give a very practical guide about how you can create, integrate and run your custom test scenarios on Genode. This is the second of two parts. If you have missed the first part, you may want to read it first. Continue...
-
How to start my VM with the new Sculpt-CE preview
Things have changed a bit with the revised software deployment in the recently published preview of Sculpt CE. No matter wether you are updating from Sculpt VC and have installed your VM following the Sculpt-VC documentation or whether you downloaded a fresh Debian with the Sculpt-CE preview - this brief walk-through might help you getting it to run (again). Of course, once Sculpt CE gets released, the added documentation will explain things way more comprehensive. Continue...
-
Integrating and running automated tests - Part 1
In this article I'd like to give a very practical guide about how you can create, integrate and run your custom test scenarios on Genode. In order to do so, I'll take a little real-life example and walk through the single steps of the very same procedure that I follow everytime I develop a new test. I'll try to concentrate rather on the big picture then on all the details. But in turn I'll give you pointers to further documentation whenever sensible. Continue...