Genodepkgs
When Genode and Nixpkgs meet
The past decade has seen substantial improvements in the field of operating systems that have raised the standards for building high-assurance and security-critical systems. Unfortunately this technology is rarely utilized by smaller organizations and private users due to the cost of retooling, reconfiguring, and the lack of continuity between OS communities.
The Genode OS framework is a free-software toolkit of components that can be used to construct custom operating systems from a trusted codebase of drastically reduced complexity. Genodepkgs is an extension to the Nix package collection that integrates the Genode toolkit. This package collection, or Nixpkgs, is one of the most comprehensive collections of readily deployable software to date, and contains within it the NixOS Linux distribution. By extending the collection to cover Genode, a new diversity of operating systems can be realized using the variety of microkernels, device drivers, and utilities provided by Genode, as well as hybrid systems composed of an isolating Genode base layer and virtualized NixOS guests. Making such compositions possible by reusing the methods of NixOS can bridge the divide between contemporary Linux system administration and next-generation operating system developments.
- The project's own website: https://git.sr.ht/~ehmry/genodepkgs
Why does this actually matter to end users?
When you start up your computer, you will probably think twice before you download some random piece of software from the internet and run it. You know that doing so could allow unwelcome guests to your computer and your data. Your computer might even end up in a bot net. So when you see some nice piece of software, you will ask yourself the question: can I really trust the software? Perhaps you will check the origin it comes from. Better safe than sorry.
Did you miss checking something, though? What about the software that is already on your computer before you started? A computer is not much use without an operating system. While most computers are sold with an operating system, actually you have the choice to remove that and install something different. Have you thought about the trustworthiness of that fundamental piece of software - your most fundamental travel companion on the wild west of the internet? Trustworthiness is essential. When an operating system has a so called 'back door' (either intentionally or not), someone could extract whatever user data - like personal pictures or home movies - from your computer. And the worse thing: without you ever finding out. The operating system guards all the other software, and warns you when you install software from the internet. But itself, it doesn't have to ask for permission. Ever. It doesn't just have "access all areas": in fact, it runs the whole show.
With commercial software like Microsoft Windows or Mac OS X that you get delivered when you buy a computer, trust in what their closed operating system does will of course always be a leap of faith: as a user you essentially are given no choice. In proprietary systems you do not have the freedom to study the source code, or to control what really happens. So you either trust the vendor, or you'd better not use it. For an increasing amount of people, after the revelations from whistleblowers like Edward Snowden, that "leap of faith" is not so obvious anymore. They prefer to use free and open source operating systems like GNU Linux, FreeBSD and OpenBSD. These are technology commons: the people that wrote the software allow you to inspect the source code. Even more so, they give you the source code to do anything with it that you like. So you don't just blindly have to take their word for it and trust them, you can take matters into your own hands.
Transparent, auditable operating systems are even more important for security-critical setups that handle sensitive data, provide vital services or operate in harsh environments. In these cases users want to pick and choose exactly (and only) the components they need to create a system they can easily verify. That is what this project will contribute to: a trusted computing base users can build on by picking from a comprehensive collection of available and auditable software packages to create a composable and flexible setup that does exactly (and only) what you want it to.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.
