In another thread was the recommendation to use Genode with Haiku on phones.
I would say let’s base the decision (whether to take Genode or not) on the hardware facts. In short: It is a really big help to use Genode?
I think once the bootloading of the OS on the phone has been done, the actual kernel etc. are not a big problem. (That’s just an assumption, experts please correct me if I’m wrong with this. Maybe the drivers are a big deal, too?)
What are the phone-specific (or even more narrow PinePhone-specific, Samsung XYZ-bla specific etc.) difficulties to boot Haiku? Then decide.
Here just some problems:
On normal Android phone there’s a problem that a device by default is not “rooted”, but needs to be rooted to boot another OS.
On Raspi (just an example of boot-weirdness I know, it has nothing to do with phones) the booting starts on the GPU!
I think the bootloader needs to be unlocked to allow unsigned system to be uploaded/booted on the system. Rooting is a different thing, it allows superuser accesso n the existing-running system.
It is not important what initiates the system bootup. This is early-boot, no driver is required for this, the boot image and the required binary blobs needs to be provided according to some specification, but otherwise i don’t think it makes any differencem but correct me.
Thanks for the correction. What I meant is unchanged: There are boot-related problems.
I’m not sure if this is true. If so, I don’t need or want Genode. And I’m saying this as a Genode fan. But Haiku is Haiku and should stay Haiku, if you see what I mean.
As part of the hardware work, they have also ported the Lima open-source Arm Mali 400 driver from Linux to Genode. They’ve got the basic GLMark2 test case running with GPU acceleration and their Lima driver support will improve their Morph web browser experience.
Honestly, I have no personal interest to take some framework or whatever and “just” make “yet another linuxphoneOS”.
My idea behind maple was an OS that is to Haiku like iOS is to MacOS, a system that shares many parts yet is destinct. if you just want to take some random phone OS for that then just run Haiku in qemu on kde phosh or whatever and have qemu do the framevuffer on an attached display. But then again, if it goes thus way I am not interested at all
If Genode was just a Linux-based large-size kernel, I’d agree. But the fact that it is a microkernel with more driver security than any Linux kernel-based distribution could ever hope to have makes your argument look mostly like a straw-man argument.
I am not fond of the AGPL license. I am not fond of the GPL license in general either. If there are binary blobs linked into the kernel of any mobile phone, tablet, watch or other device and the kernel gives it kernel-mode access to memory, we have a major security vulnerability on the hands of anyone who made such a device. Genode’s L4 compatible microkernel is more secure and that includes the Linux compatibility layer of that kernel.
Every driver in Genode can be replaced by one with a different license as long as static linkage doesn’t take place. Static linkage to a microkernel is rare and generally unnecessary. Likewise, the SculptOS GUI-based environment is replacible. As such, Genode can be part of a minimum viable product as a stepping stone to a better goal later.
Your point about security makes no sense to me, security can’t be viewed in isolation, a system is not “more secure” simply because it does drivers differently. The thing that matters is your threat vector, is “an attacker has compromised the device up to the point they can attack drivers” your most common concern in this case? I think this is what driver isolation would protect against anyhow.
If “linux” is “linux the kernel” and genode used linux drivers which are almost all of the relevant code then it it might aswell be.
It was in quotes purposefully, anyhow. I have no interest to debate semantics with you. I think I was pretty clear in me not beeing interested, how much code genode borrows exactly from linux is not relevant to me.
These OS’s with microkernels (Genode, SEL4, Inferno, Minix) and/or memory safe code (Rust) etc. are not significantly more secure against hacking/intrusion then regular OS’s. Their approach just means that they have cleaner, more optomised, and more efficient code.
Security and privacy requires a good range of tools and configuration options to open/close apps, services, ports, wireless, networking, etc as required. This is because there are many ways of attacking an OS. Take it from someone who is targeted by an obsessed tech worker who believes that God justifies hacking (and who posts here and on other tech forums).
There are screenshots of the user interface for Pinephone in the latest Genode release notes (about half way down).
The thing that strikes me about Genode labs’ in-house style is how dreary and grey it looks. If only the security-aware architecture of Genode could be coupled with the friendly colours and pizazz of Haiku, what a great mobile OS that would be!
True that OS security takes much more. But some security aspects are indeed addressed by microkernels and Rust. Less likeliness of buffer over/underflow (Rust) and less code in ring 0 (microkernel).
I’m thinking about perhaps taking a course in IT security. It would take a year! (and of course can’t cover all that’s to be said about security) So yes, security is a big complex.
The first post of the new year from Genodians goes into how their user interface is designed to encourage and assist the user to do precisely that.
Essentially there is always access to what the author calls the “appliance” side shown to the left in the picture from the “user defined” side on the right.
Perhaps this shows how a Haiku user land built on Genode underpinnings might look in practice? I am thinking Haiku may happily live on the “user defined” side - without needing to change from being a single user OS - and the Genode “appliance” always available to set permissions and security.
This looks really good. I hope they do the same for the PC version.
The only problem is that software switches are sometimes cosmetic, e.g., when you click wifi off, it doesn’t necessarily turn it off at the hardware level - hence the need for kill switches. Even then, some kill switches don’t necessarily turn off wireless at the hardware level. Also, one software switch may turn off a feature, but a switch in another program may have the same feature turned on. Web browsers sometimes do this kind of thing.
For good security I think you need:
Good information display/s showing what’s on or off throughout the OS system.
Good tools to effectively switch features on or off.
Good internal security tools to detect and disable malware that can turn features on or off without the user knowing.
This is precisely the “Unique Selling Point” for Genode: it is a so-called capability based OS that explicitly grants permission to apps to use hardware and services.
There are other OS that do this, most noticeably google Fuchsia. But despite Google being the better known entity and likely having much more resources to throw at development, I suspect that Genode will be the better OS. This is because Google’s business model may prevent them putting the user in the driving seat to the extent that Genode is able to.
A capability-based OS is a good strategy, and would be usefull to the average user, but the Genode devs admit that their OS doesn’t have any special security compared to other OS’s (I asked them). If an OS with a new strategy is not specifically security-focused, then at best it’s going to be a bit better than general pugrpose.
One of the kernels supported by Genode is SEL4. That is the Security Enhanced L4 kernel. By using that instead of the bare metal implementation of Genode, maybe they can eek out some better security.
I think SEL4 kernel is mathematically proven to be secure - but only in terms of being tightly coded (hardened). This reduces exploits in the code. But it doesn’t provide any userland security tools - like a firewall, app sandbox, virus scanner, rootkit hunter, VPN, etc. These would have to be provided by Genode OS or a third party - e.g. Firefox addons.
