Key aspects from the talk iirc (I was in the audience :)):
* Real time embedded CPUs are usually without an MMU -> kernels such as FreeRTOS lack secure memory due to the lack of MMUs in those CPUs
* A kernel targeting embedded CPUs with MMUs that supports secure memory management
* Secure memory communication a there called server/client method to communicate leveraging Rust borrow checker build time for later having "user-land processes" to communicate via pages.
These things combined allow a very small kernel, with user-space implementation of usually kernel-level functionality, such as the system clock timer (presented in the talk).
All of this is meant to provide a complete trustworthy processing chain, from CPU dies that can be inspected through infrared microscopy through the CPU epoxy package/cover to the entire build/software tool chain.
The Xous OS project both takes care of the Kernel, but also the CPU/RISC-V runtime with an MMU, something that is usually quite difficult to obtain - but due to synergy effects with another chip consumer/organization they managed getting their custom processor manufactured.
The problem is : do you trust your hardware? If not can you build, or buy, hardware that you can verify? So they built https://www.crowdsupply.com/sutajio-kosagi/precursor with an FPGA instead of a CPU from Intel or SpacemiT and are going up and down the chain to insure that EVERYTHING can be inspected.
It's about providing the security benefits we get from MMUs (e.g. process isolation) to microcontrollers. There are no OSes for that space because basically no microcontrollers have MMUs. They had to make one for this OS.
I highly recommend watching the talk, it's very good!
Key aspects from the talk iirc (I was in the audience :)):
* Real time embedded CPUs are usually without an MMU -> kernels such as FreeRTOS lack secure memory due to the lack of MMUs in those CPUs
* A kernel targeting embedded CPUs with MMUs that supports secure memory management
* Secure memory communication a there called server/client method to communicate leveraging Rust borrow checker build time for later having "user-land processes" to communicate via pages.
These things combined allow a very small kernel, with user-space implementation of usually kernel-level functionality, such as the system clock timer (presented in the talk).
All of this is meant to provide a complete trustworthy processing chain, from CPU dies that can be inspected through infrared microscopy through the CPU epoxy package/cover to the entire build/software tool chain.
The Xous OS project both takes care of the Kernel, but also the CPU/RISC-V runtime with an MMU, something that is usually quite difficult to obtain - but due to synergy effects with another chip consumer/organization they managed getting their custom processor manufactured.
Trust and transparency: https://betrusted.io
The problem is : do you trust your hardware? If not can you build, or buy, hardware that you can verify? So they built https://www.crowdsupply.com/sutajio-kosagi/precursor with an FPGA instead of a CPU from Intel or SpacemiT and are going up and down the chain to insure that EVERYTHING can be inspected.
It's about providing the security benefits we get from MMUs (e.g. process isolation) to microcontrollers. There are no OSes for that space because basically no microcontrollers have MMUs. They had to make one for this OS.
I highly recommend watching the talk, it's very good!
There is QNX. seL4 is another.
The former is proprietary. The latter kernel is GPL2, similar to Linux.
QNX is not open source.
And seL4 is a kernel, not an OS. And it pretty hard to work with specially if you want any kind of dynamic system.
There is Genode, which can run atop of seL4(amongst others).
https://genode.org/
https://genodians.org/
https://en.wikipedia.org/wiki/Genode
What did you mean by a dynamic system ?
1 reply →