Comment by MisterTea
8 days ago
> How hard would it be to boot a computer to this as an OS?
Unikernels aren't meant to run as a bare metal OS on a standard computer like a PC. Instead they are applications wrapped in thin libraries that allow them to boot in hardware VM's provided by Intel vmx or AMD svm, etc. A hypervisor provides mechanisms for communication with hardware and other resources. They boot fast because the underlying system and hardware is already initialized and running.
The main idea of unikernels is to get rid of costly system calls like brk/sbrk called by malloc, open/read/write, etc. between the OS and application. The system never has to switch protection rings which saves a lot of time. This gives the application full control of its compute and memory resources with the possibility of direct hardware access depending on the host hardware and hypervisor. So you can attach things like NVM storage directly to the VM and let the application handle the disk and fs operations.
So to answer your original question of using such a wrapper to boot chrome on a PC: you will need a much, much bigger wrapper library which adds in all the hardware access which is a LOT of code (The GPU code alone is scary enough). You must also realize the fast boot time will be obliterated by hardware init which usually takes time as you have to jiggle certain hardware registers to wait, then probe again to see if things are working as advertised. This can take several seconds or more. In the end, you save nothing.
If you wanted an OS based on a hypervisor which boots unikernel applications you are at the mercy of the hardware to multiplex access or delegate that to a hypervisor adding more overhead. Again, you saved nothing.
In the end, your OS is really a CPU multiplexer and does a great job of providing all the primitives and resources in a generalized, uniform manner. I highly recommend reading this book: https://pages.cs.wisc.edu/~remzi/OSTEP/
> Unikernels aren't meant to run as a bare metal OS on a standard computer like a PC.
Originally this absolutely was one of the selling points. NetBSD's rumpkernel, for example, clearly was intended to support bare metal. In practice, though, unikernels are typically run within VMs, for the reason you hinted at--you usually still want a regular OS to multiplex your hardware and (unikernel-based) applications.
What about incus? Could incus provide some benefits as the host?
Depends on the application. These unikernel applications are best suited for short lived compute for web applications that need to fire up fast and live for the duration of the users session. Though perhaps it could be beneficial in situations where it could provide determinism with direct hardware access. Security wise I believe you're better off with an OS, better mechanisms and tested security models.