We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Demonstration of the Sculpt Operating System

00:00

Formal Metadata

Title
Demonstration of the Sculpt Operating System
Title of Series
Number of Parts
490
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Sculpt OS is a novel general-purpose operating system designed from the ground up and implemented using the building blocks of the Genode OS framework. It started with the vision of a truly trustworthy OS that combines a completely new system structure with microkernels, capability-based security, sandboxed device drivers, and virtual machines. The talk is a live demonstration of the current incarnation of Sculpt. The Genode OS framework is an operating-system technology created from scratch. Over the past decade, it steadily evolved from a fairly obscure research prototype to a practical day-to-day operating system. Being a component-based system designed after the principle of least privilege from the very beginning, it breaks with many concepts that we take for granted in traditional operating systems, e.g., the central role of files. Instead, Genode introduces a novel way of composing system scenarios out of building blocks where the building blocks are able to cooperate without ultimately trusting each other. Those building blocks include not only applications but also all classical OS functionalities including kernels, device drivers, file systems, and protocol stacks. In 2018 - after more than 10 years of developing Genode in a shadowy corner of the open-source community - the project created Sculpt OS, which is a Genode-based general-purpose OS for commodity PC hardware. Since it is not derived from any existing OS, Sculpt re-approaches established concepts like the installation, configuration, and spawning of programs from a new angle. This is reflected by its custom user interface. Besides presenting the motivation and the fundamental ideas behind Genode, the talk will introduce and demonstrate the current state of Sculpt OS, draw connections to related open-source projects, and give a glimpse on the project's future plans.
System programmingOperations researchGoodness of fitDemo (music)Axiom of choicePhysical systemMultiplication signPoint (geometry)Moment (mathematics)Message passingWave packetMereologyRule of inferenceExtension (kinesiology)Mobile WebRevision controlDifferent (Kate Ryan album)Ocean currentComputer animation
Software frameworkGraph coloringSoftware developerPhysical systemTDMAOrder (biology)Multiplication signCategory of beingOperator (mathematics)PhysicalismOperating systemMessage passingBuildingKernel (computing)Block (periodic table)Tablet computerFlow separationDifferent (Kate Ryan album)NumberPoint (geometry)Computer architectureRight angleForm (programming)Virtual machineSampling (statistics)Wind tunnelCuboidConnectivity (graph theory)Cartesian coordinate systemHecke operatorOpen setLibrary (computing)Operating systemQuicksortDevice driverComputer animation
Physical systemSystem programmingRun time (program lifecycle phase)Energy levelKernel (computing)Connectivity (graph theory)Run time (program lifecycle phase)Computer filePhysical systemDevice driverSlide ruleRight angleVirtual machineMikrokernelUser interfaceBitBootingComputer hardwareGraph (mathematics)MereologyConfiguration spaceData storage deviceObservational studyFluid staticsDynamical systemComputer animation
Physical systemPhysical systemConnectivity (graph theory)QuicksortConfiguration spaceRevision controlSemiconductor memoryState of matterCAN busSystem programmingTraffic reportingMedical imagingObservational studyRight anglePresentation of a groupMotion captureInformationFile systemComputer fileComputer animation
Computer networkDenial-of-service attackBubble memoryExecution unitProduct (business)Clique-widthConnected spaceAsynchronous Transfer ModeDefault (computer science)MathematicsMetreAnnulus (mathematics)Goodness of fitNumberTraffic reportingWebsiteProcess capability indexEvent horizonInformationMedical imagingComputer fileFile systemImage resolutionMereologyConfiguration spaceNichtlineares GleichungssystemPhysical systemClosed setComputer animation
Clique-widthChi-squared distributionElectronic visual displayConfiguration spaceTouchscreenType theoryPhysical systemImage resolutionWindowCollaborationismGoodness of fitSampling (statistics)Greatest elementComputer animation
Clique-widthAnnulus (mathematics)Focus (optics)Limit (category theory)Convex hulloutputElectronic visual displayTime domainPointer (computer programming)Content (media)Duality (mathematics)Online chatIntelClient (computing)Key (cryptography)SummierbarkeitDefault (computer science)Drill commandsInclusion mapLemma (mathematics)TouchscreenTotal S.A.Run time (program lifecycle phase)Server (computing)Slide ruleMereologyPointer (computer programming)Domain nameGraphical user interfaceCoordinate systemGreatest elementPoint (geometry)Tablet computerPhysical systemWave packetMagnetic stripe cardComputer animation
Pointer (computer programming)Client (computing)Newton's law of universal gravitationQuiltKey (cryptography)outputFocus (optics)Default (computer science)Chi-squared distributionContent (media)Run time (program lifecycle phase)TouchscreenPhysical lawInclusion mapTime domainMenu (computing)Duality (mathematics)CloningExecution unitComputer networkLibrary (computing)MereologyPhysical systemInteractive televisionOrder (biology)Data storage deviceMathematicsCASE <Informatik>BitUniform resource locatorSoftwareSpacetimeOperating systemDirectory serviceConnectivity (graph theory)Associative propertyFunctional (mathematics)INTEGRALSummierbarkeitServer (computing)Web 2.0RootkitFile systemComputer fileSource codePublic-key cryptographyComputer animation
Key (cryptography)Default (computer science)Gamma functionInformation managementMalwareComputer networkKey (cryptography)Computer networkConnected spaceData storage deviceSoftwareService (economics)Graphical user interfaceComputer programmingInformationData managementWindowPhysical systemPointer (computer programming)Library catalogFocus (optics)Software developerSelectivity (electronic)Menu (computing)Client (computing)Internet service providerBlock (periodic table)Cartesian coordinate systemIP addressDirection (geometry)Shape (magazine)Connectivity (graph theory)BitGUI widgetNormal (geometry)Sign (mathematics)Series (mathematics)Traffic reportingServer (computing)User interfaceFitness functionSoftware testingCASE <Informatik>Monster groupSocial classGraph coloringInstallation artUser interfaceIntegrated development environmentQuicksortSuite (music)Endliche ModelltheorieRow (database)Uniqueness quantificationExecution unitComputer animation
Computer networkDiscrete element methodWindowExecution unitPhysical systemComputerComputer networkInformationConnectivity (graph theory)Configuration spaceNumberGraph (mathematics)BitPerspective (visual)Complex (psychology)Data managementTask (computing)SpacetimeDemosceneCASE <Informatik>Thomas BayesComputer animationLecture/Conference
Data managementMultiplicationEuclidean vectorComputer networkGamma functionPhysical systemData modelData managementRamificationWindowSystem programmingCartesian coordinate systemGraphical user interfaceConnectivity (graph theory)BitTelecommunicationPhysical systemRoutingoutputGraphics libraryPosition operatorPointer (computer programming)Traffic reportingRevision controlVolumenvisualisierungKernel (computing)Touch typingNintendo Co. Ltd.View (database)CodeLine (geometry)Ocean currentFocus (optics)Coefficient of determinationMedical imagingElectronic mailing listService (economics)Goodness of fitNichtlineares GleichungssystemBasis <Mathematik>Disk read-and-write headTunisRight angleInformationDimensional analysisCuboidData storage deviceComputer animation
Electronic data interchangeBlock (periodic table)Computer networkHacker (term)Interior (topology)outputConvex hullKey (cryptography)Lemma (mathematics)Euclidean vectorData managementMultiplicationConfiguration spacePhysical systemData storage deviceComputer fontWindowClient (computing)Connectivity (graph theory)Computer fileFile systemDenial-of-service attackBitData managementElectronic mailing listUser interfaceStructural loadCartesian coordinate systemState of matterBit rateComplex (psychology)Electronic visual displayRun time (program lifecycle phase)Traffic reportingGraphical user interfaceShape (magazine)Right angleKey (cryptography)outputINTEGRALMultiplication signSoftwareInformationPlanningCellular automatonPhase transitionInternet service providerPoint (geometry)Term (mathematics)Revision controlData miningComputer animation
Directory serviceRule of inferenceText editorFile systemWindowState of matterComputer programmingInformationMathematicsMaxima and minimaTouchscreenKey (cryptography)Computer animation
Computer fontStylus (computing)Computer-generated imageryPhase transitionForcing (mathematics)State of matterPosition operatorPhysical systemWindowRadical (chemistry)Heegaard splittingData managementTouchscreenDevice driverRight angleText editorRow (database)SpacetimeSystem programmingDependent and independent variablesMereologyConnectivity (graph theory)CountingMiniDiscSource codeComputer animation
Component-based software engineeringComputer hardwareDevice driverComputer networkInformationComputer wormInformationPhysical systemGame controllerScripting languageExpert systemService (economics)Device driverWindowSystem programmingDirection (geometry)User interfaceMenu (computing)SoftwareConnectivity (graph theory)Data managementProfil (magazine)Process capability indexVirtual memoryKernel (computing)Video game consoleCASE <Informatik>Semiconductor memoryElectronic visual displayInternet service providerDifferent (Kate Ryan album)CuboidGraphical user interfaceSource codeComputer animation
Computer networkComputer networkElectronic visual displayComputer hardwareComputer programmingSoftware testingGoodness of fitLiquidMenu (computing)Connectivity (graph theory)Source code
Computer networkConfiguration spaceVisualization (computer graphics)Software testingAnalytic continuationRevision controlCASE <Informatik>Confidence intervalStudent's t-testState of matterVideo gameConnectivity (graph theory)PermanentRoutingBitQuicksortInformationPhysical systemMultiplication signGravitationArithmetic meanGastropod shellComputer fileBootingData storage deviceConfiguration spaceProduct (business)LaptopComputer networkComputer animation
MIDIBit rateFigurate numberAnalytic continuationContent (media)InformationComputer animation
Physical systemHard disk driveBitMultiplication signVirtual machineInsertion lossOffice suiteView (database)Computer animation
ComputerVirtual machineMedical imagingWindowComputer fileCuboidComputer networkData managementMathematicsComputer animation
Software frameworkData managementBefehlsprozessorComputer configurationTouchscreenKeyboard shortcutInteractive televisionEncryptionBlock (periodic table)Physical systemWindowRun time (program lifecycle phase)Focus (optics)Physical systemRegular graphSoftware developerComputing platformSoftwareGame controllerElectronic mailing listSlide ruleString (computer science)Interactive televisionComputer programmingOperator (mathematics)outputContent (media)Reduction of orderGreatest elementCartesian coordinate systemInformationMechanism designEvent horizonConnectivity (graph theory)Menu (computing)Group actionExecution unitDrop (liquid)Traffic reportingComputer animation
Data managementComputer configurationBefehlsprozessorTouchscreenKeyboard shortcutInteractive televisionBlock (periodic table)EncryptionContent (media)Maxima and minimaConnectivity (graph theory)Level (video gaming)2 (number)Film editingPhysical systemEncryptionTouchscreenNetwork topologyMiniDiscPlanningInteractive televisionGraph coloringKeyboard shortcutRoutingBlock (periodic table)Tracing (software)Projective planeData managementUsabilityVirtualizationComputer fileComputer animation
Software frameworkProjective planePhysicalismWorkstation <Musikinstrument>Connectivity (graph theory)Descriptive statisticsCartesian coordinate systemConfiguration spaceOptical disc driveDecision theoryPhysical systemMultiplication signDifferent (Kate Ryan album)Mechanism designInteractive televisionBitSoftwareInternetworkingPlastikkarteMedical imagingAbstractionGame theoryCuboidComplex (psychology)2 (number)Service (economics)Food energyQuicksortField (computer science)Insertion lossFile formatExpressionValidity (statistics)Meta elementDistribution (mathematics)Computer fileControl flowProgramming languageSystem programmingComputer animationLecture/Conference
SynchronizationPlanningProduct (business)Computer networkBuildingRun time (program lifecycle phase)Identity managementSoftwareConnectivity (graph theory)Different (Kate Ryan album)Internet der DingeUser profileForm (programming)CASE <Informatik>Game controllerMultiplication signDescriptive statisticsPhysical systemGroup actionCuboidDiscrete element methodFlow separationCommunications protocolGodGoodness of fitPersonal area networkTraffic reportingScaling (geometry)Field (computer science)View (database)Active contour modelWebsiteComputer animationLecture/Conference
Point cloudOpen sourceFacebook
Transcript: English(auto-generated)
The next talk is going to start. It's not really a talk, it's more like an extended demo session given by Norman Fesker and he's going to demo the ScoutOS. Yeah. Thanks for the intro. Yeah. I always try to make it a point to
present a running system during the talks, and this time, it's no different. When I submitted the talk in the first place, I thought, well, I will show my day-to-day OS that I'm working and just think around and give you an impression. But after I submitted the talk, I had some pretty different ideas how Sculpt OS should be heading,
and so I got captured by these new ideas and thought, well, when now showing the system, I would really like to show the new system that I have in mind. That's what I'm going to do now. So it's not the current version of Sculpt but it's the new version of Sculpt. The problem is it did not exist at this new version,
so I had to build it first. So some parts that you see had been literally built in the train to foster them. So please give me with me if there are any trouble, but I think it's still more worthwhile as a message for you to have this talk this way. So first, I don't know who of you knows Genode.
I will give just one hand. Okay. So I will give a brief intro. So from over a decade, we have been building this component-based system. So we started with an idea of a new architecture, a clean slate operating system, and we continued evolving this over literally a decade.
So you see here in this picture, this idea that the system is built out of these basic building blocks. In the middle, you see, I can also use the mouse. You see these kernels here. So Genode supports a number of different kernels, and several kernel developers are sitting in this room,
like the SEL4 kernel is supported. Hello, Genode. The Nova kernel is supported as well. Hello, Udo. So there are even some kind of a North Tygic kernel supported. So he supports the Fiasco kernel from 12 years ago just as a matter of North Tygic reasons,
and it also supports the Linux kernel. On top of that, there are plenty of components, like these building blocks. Colorful stacks, device drivers, multiplexers for physical resources, so lots of these components. While doing this, this is of course exciting work to do,
but people always wondered, what the heck, what are you doing? So nobody could make any sense of this. It did not fit into a well-established category. It was not an operating system, it was not an application, it was a library, so what is it? So it's basically similar to the concept of Lego. If you present the kids the first time a bunch of Lego bricks
without giving any instructions, the kids doesn't get excited really, if they haven't seen this before. They maybe tinker around a bit, but if you supply also a brochure to teach the kid how to build a nice ambulance car out of these bricks, then the kids will follow this brochure, get an example,
and their imagination gets started. And we figured out that in order to carry out in the message what Genode is, we need to have an example. And we thought, well, ambulance car is probably not the best example. What would be a cool example? And we found that a general-purpose operating system would be a cool example. And this is what scriptOS is all about.
So this is running on this machine right now, so I've just pulled it into this system here from this USB stick, and I can switch on and off the slides here with the F11 key. And yeah, the system that I've just booted
contains a microkernel, in this case, the Nova microkernel. It boots then a static system, which is very simple actually, so containing only a few components. I will go into a bit more detail in a minute. And then on top of the static system, there are three dynamic systems, one for doing some basic drivers,
like the graphics driver that I need to interact with the system. One system that I use to control the machine, that's the Leipzentraler, a kind of sophisticated controlling panel. And then there's this green part where the user can basically do whatever the user wants. That's the basic idea behind the system.
So let's look at this strange user interface again that you have just seen. So what is this? This is the system right after booting. So you see here, just in the middle, a graph of the stuff that is hosted inside this runtime part, inside this green part.
And you see here that there is some kind of storage node, a USB node, hardware config. These are basically hardware resources. And there's one little component sitting here. It's just a small RAM file system. But there's more behind the curtain. So the other things that are in the static system,
there are some more, there are some more concepts involved. And the static system basically contains this graphics server that you have just seen. Then it implements some global policy. For example, by pressing F11, I switch to slides on and off. And there are two pseudo file systems.
One pseudo file system is called a report file system. It basically aggregates states from the components, so components running on top. They can basically post information. And these information are basically captured in this in-memory file system here. And then there's a counterpart. It's called config file system. This contains configurations for the basic system.
So these are the only concepts to administer the system. And yeah, let's have a look inside these kind of file systems. So we have here this file stub. So these are the file systems that are present on the system right now. And we can now, for example, look into this report file system over here. We find that, ah, some driver has reported something.
So there is this driver's item here. Is it big enough to read? No, not to read. I think I can, I try to make it a bit larger. Okay. So, there are some drivers have reported something. So let's look inside.
Okay, there are some things like PCI devices. So we have a report of the PCI driver and this delivered the number of PCI devices. So this is basically similar to LSPCI or we have the number of USB devices. We can look at what the USB driver has reported. And so we see this information here. Then there are some dynamic drivers.
So for example, there is this Intel frame buffer driver that was dynamically started. And let's see what the Intel driver has reported. Ah, number of connectors. So we see here that we have this HDMI connector with the supported resolutions. So this report was generated by the Intel driver. And this all comes together in this report file system.
So you can basically look into these interesting pieces of information inside the file system. Data part is this configuration file system. This is this one. And this contains all kinds of system configurations. For example, also things like the screen resolution. So if I, for example, look inside this frame buffer driver here, this is really the configuration
for the Intel frame buffer driver. So there's nothing in between the frame buffer driver and our text that I have here. And I can even change these things. So I can type in something like this. I want to force a size of the display to a certain size.
And the driver really consumes the new configuration and applies it. So I have now just reconfigured this driver here. So let's revert it because this gets too tiny. So now the driver has, he established this. And for example, also the GUI server
that is on the bottom of the system, I can reconfigure this. So for example, you see the slides over here? If I want to say, okay, the slides, I want to use the slides as a mouse pointer, I can do this by telling the nitpicker GUI server that the origin of the coordinate system of the slides domain is the pointer.
And so I'm trying, oh, it's not working really? Let me see, oh, so that's one of the parts that I implemented on the train. Let's try it again.
Oh yeah, thanks again, thank you. So now the slides are used as a mouse pointer. Okay, so that's just silly, but you see the basic idea that you can even change
these really basic fundamental parts of the system interactively. Okay, so that's pretty nice to play with, but it's still quite useless. So in order to use the system, we need some more. So let me go to the next topic.
We want to use and download and install some software. That's some basic functionality of an operating system. So okay, what do we need for software installation? We need a place where to put the software. So in this case, we have conveniently
this RAM file system over here. So I can just say, I want to use this one. So now you see something has happened here. There's a new component popping up. It's called Depo. This is basically a kind of change root component that exposes only a part of the file system to be used as a storage for new software.
And let's have a look how this Depo looks right now. So when you look into this RAM file system, you have this subdirectory, Depo here. And inside the Depo, we have pre-populated some subdirectories, one subdirectory for each software source. So these are the genome developers, basically. So if you look into nfesca, this is my one.
You see two files. So there's this download file. So this is the location where software can be downloaded from, just a web server. And then there's the my public key. So this is the PGP key that can be used to verify downloads. So all downloads that I'm offering are signed, digitally signed, and this key is used
to validate the integrity. Okay, so this is basically, we now have a place where to store software. That's fine. So the next thing is we need network connectivity. So I try to connect to the network. So there's this kind of crossing fingers.
Okay, first in dual stack, sounds nice. Let's see. So it's associated to the network. Let's see if you get an IP address. It can take a while sometimes. Ah, so okay, that looks not bad. And so now this kind of nice widget here appears,
this plus sign. And this one is basically the entrance to the world of software offered by the Genome developers. So here you see plenty of, and this connected? Oh, there's that. Maybe we have to wait a bit. This happens sometimes?
It's not a Genome problem, you see? Okay. Okay. Should we just try it again or, ah, now it's, am I supposed to? Okay, so maybe, yeah, I will still try to continue this.
I think, yeah, maybe, let's still try. So the idea is that you have this menu here, this plus sign is to add a new component. That's the idea behind the plus. So when adding a new component, you can choose from a menu of predefined menus. So you can, as a user, can also change this menu. But the interesting things happen here,
and it's depot dot dot dot. So this is basically the software by the Genome developers. And here the depot is empty, but we can make a selection. So here I select who the developer I want to use software from, yeah? So by clicking on Nfescale, for example, you see that now I downloaded a kind of catalog
of software that I'm providing. But I can also click on, for example, my colleague, Alex. And then now I also have the catalog of software that my colleague, Alex, is providing. So you can basically subscribe to different authors, similar to subscribing to an RSS feed, basically.
So now I go back in this menu here. You see now there are these new entries. And then going to this Nfescale entry, you see that there is a menu that I provided where I offer you some software. And so, for example, I can go into this GUI menu, and there is this backdrop application. And when I click on it, I can basically install it.
And now we, ah, you see it over there? It fetches the packages, the dependencies, and all this stuff will be downloaded into this depot slash Nfescale. And this is completely sandboxed over there. So I don't need to trust the people I download the software from. It's all sandboxed. And now, once this program is downloaded,
you are presented with a dialogue that asks you how to integrate the software into your system. So in this case, it asks me to connect the GUI to some basic services. And we want to plug the desktop background to the components, so we select this one. And here we have our desktop background
just downloaded from this package. I give you another walkthrough, so maybe just to get an idea, there is, for example, a window manager we can download. So I install it here. You see, on demand, the download starts over here.
And the window manager requires some more information. So it wants to control the keyboard focus. So I allow this. It needs the basic GUI service to display windows and the clients. So I connect it to the system GUI server. It wants to report shape reports for mouse shapes.
So I connect this pointer shape to the global system shapes. I connect the access to the clipboard and also for the different directions. And then adding this component, now this window manager exists over here. You can see this. And yeah, there's still nothing shown because we have not started a client.
So let's add a client to this. So I will, oh. I will, oh, what just happened? OK, maybe use the mouse. So let's add a client to it. For example, there is a small demo over here.
OK, and so this client, we can now connect to this CMTWM. You see it here. So this is something new. We just added the service to the system, and now it's offered as a menu item over here. So I can add this component, and you can see over here, I can switch with F12. So please remember F12, really important.
That's to switch between the GlideCentrale and the normal user interface. So now you see this program here running inside the window. That's basically served by the window manager. And let's do a slightly more sophisticated example. So we can say, OK, we want to have some small Unix system.
So there's this tiny Unix system that I described in a recent series of articles on the GeneAudience block. And so let's try to install it. And you see here that it pulls in things like COUTIL, SPASH, and so on. COUTIL, SPASH, WIM. So the regular things that you need
for having a small Unix system. And there are some similar dependencies over here. And now I am asked to integrate it. And this one is really a sandbox kind of environment, so I only need to connect it to a user interface,
the CMTWM, and by connecting it, you can see now a new window appearing here. And this is basically, I can enter a room and do some Unix, like, yep. Maybe I can make the window a bit.
How to get this, oh yeah. And you see here, if you look at around, you see a very basic Unix system running inside this window. So it's pretty easy to deploy things like that just by using the mouse. Okay.
In this graph now, things become more interesting. So for example, we can now see, okay, we have this Unix system here. What is the trusted computing base of this Unix system? The Unix system is not connected to the network or to anything important, so it's only connected to the window manager, so it needs to trust the CMTWM.
Or this one is the same, yeah. But for example, this one, the NIC router, which is basically the access to the network, it's routed through the WiFi driver, and it also uses some configuration obtained from the information node over here. So this graph here does not only show you the number of components, but also the relationship between the components.
And when you select one component, you see basically the trusted computing base of this component. Okay, so let's make the whole thing a bit more interesting from the kind of complexity perspective.
Okay, so this window manager was just the one single component, but the strength of G-Node is really that you can put or cut these components into small pieces and turn it into so-called multi-component applications. And the window manager is a prime example of this. So I know it looks a bit frightening here, this picture,
but the idea is that there is this nitpicker GUI server, which is the basic systems GUI server, and then there is a window manager here that basically intercepts all the communication of an application to the nitpicker GUI server. So this one basically adds the notion of window decorations to the views of the application.
And it does not do this all on its own, so the window manager itself is a fairly small component, only about 5,000 lines of C++ code with no dependencies, C whatsoever, bare-metal C++ code. And then it basically connects other components to do the dirty work.
So, for example, there is this decorator here, and the decorator component is a component that touches pixels, that renders pixels, and it can have typical problems. Dealing with pixels, graphics library is complex, so there may be bugs in there. So we basically host a sandbox version of this decorator to do the dirty work of rendering the window decorations.
And then there is another potentially complex component, which is the window layout. And this one defines what happens when you click on the window title bar and move the mouse, these policies, basically, the policy of the user input. And to connect those together, there are some kind of reports and ROMs used.
So, for example, the window manager supplies the decorator with a window layout, which is a data model of the window layout. And in return, the decorator returns the currently hovered position via the mouse, what is highlighted with the mouse. And so this is basically the idea. You can use different components,
each have a clear-cut purpose, and you can basically connect them together. And this is what I will show you next. So, for a second, I will basically, let me see, yeah. So I will basically remove those components again,
and also the window manager. And now let's start the more interesting window manager. So I go again into the depot, and there's this WM package, which is this kind of kernel of the window management.
So you see, it's really small. Here I've seen, it's downloaded like in a second. And here I have to connect this to the basic GUI server, the Nintendo GUI server, this is this one. Oh no, this was for the focus, right? So I have to connect this here. Then I have this connected to the basic GUI server, and like in the other example, the pointer shapes connected to here,
and the clipboard as well. So now the WM node is running already. So next thing is I have to add a decorator, so I take this seam decorator here. And here I connect everything to the WM,
to the window management. So I connect these routes here at this component. So finally we also need a decorator, so I connect this layout, I mean. I install this one.
And so here we also direct everything to the window manager. Basically this way, we sandbox these components under the regime of the window manager. Oh no, I forgot to start this actually. I wanted to start this component first.
This is basically a component for remembering window positions. Now I notice a mistake in my script, so I have to step a bit back. What I wanted to do before I'm doing this here,
I wanted to basically switch from the RAMFS to something persistent, like the USB stick. So let me just do this. So let's basically un-use the RAMify system. So now the system is gone. And now let's basically use this USB stick instead.
So let's use this one. And now you see that now the same configuration is still in the configFS, so we get it back here. Now we are using it to just swap out the underlying storage. So now let's do this step with adding the layout.
So as before, I connect this here to the window manager. So you see this is a bit tiresome work, but you will see later that this must be only done at integration time only once. So this one. So now we have this all connected to the window manager,
and now let's add an example client. So for example, a more interesting Unix kind of system where I say, okay, I want to display this in the window manager, and I want to grant access to the config file system, so this is dangerous because this is basically allowing this component to also change the configuration.
I also want to do this here deliberately. Then also we want to watch reports here. We want to connect it to a file system. And we are, another thing I missed, okay. We need some other component, a font file system component. This is basically a component that provides
font information for other components. So now I can go forward and install this Nuke system. Let's do this here. The config file system and the reports. Then the file system over here.
The font file system, now it's there. And some vim configuration. And for the clipboard, we go through the WM. So by doing this here, you see now this window coming up and this is a lot more powerful than the last one. So here I have actually access to the config file system and the report file system. So for example, I can take a look here
and you see all the configurations that you could see also in the GUI before. So yeah, and we can also edit this configuration. So for example, I can change this input filter configuration. You see here, there's some key repeat right here.
And this input filter basically controls the input handling. I can change this value here, write the file, and you see now the rate is much slower, yeah. So through this interface, through this file-based configuration interface, we can control everything.
So yeah, yeah. So let's add another component of a friend of mine, Alexander. So this is a small tool for observing what's happening in the system. So we also direct it to the window manager. Then we grant a write to use tracing,
so to observe the global system and also to use the fonts. So now you see here a small window coming up. This is basically like a load display that I can use to explore what's happening in the system. So you can see at this list of components, you see the granularity of the system. We have like 93 components running here.
So that what's in the runtime is one thing, but some of these nodes actually consist of multiple components. And also underneath, there are many more components. So that's a really, really many fine-grained components involved. OK, there are also some graphical applications.
So for example, I can start some QG application of my colleague, Kristin. So let's look here. And I think here. Oh, I think it's better to take this one.
And again, I can choose what the application can see. So for example, if I don't trust this application, I can say, OK, I direct this to this, like, for example, the font-fs. It's probably a bit silly, but. And then we connect it to a window manager, and we say,
OK, shape and clip would also go to the window manager. And we see now a QG application coming up here. So basically, I'm just starting this application to show that this is not just limited to some text command-based things, but you can actually run more sophisticated applications,
like complex user interfaces. Yeah, and I advertise this nice window manager concept. And one cool thing I want to show is that this window layout that I'm using is actually quite special. It stores the state of the window layout on the file system.
So I use this recallfs to basically tell this layout to get this information from the file system. And so now I can go into this file system here. Oh, no. This is the genome partition,
and then we have this recall directory over here. And the window layout has a subdirectory that was created automatically. And in here, we have these rules of the window layout. So this is basically what's currently the state of the window layout. So if I want to, for example, say I want to move the QG text edit program to full screen,
I can say something like, or maximize, I can say something like maximize equals yes. And I can basically save the file, and you can see that the state changes.
And the same, of course, for other things, like if I want to change the position of this terminal to something else, I can basically do this. And you can see that the state is all, the state is captured. That's important for the window positioning. There's nothing more than that. And we can even do things like splitting the screen into two parts,
like adding some columns there, like for the ideas to have some kind of tiling window management in the future. So we can add something like a column here, left, and another column.
Okay, and then we can say, let's move the text editor to this column, to the left column. Oh, do I have something wrong? Oh, hmm, did not respond. Okay, let me try this again with the other one here.
Oh, ah, stop joking, for some reason, I don't know what I have done wrong. Column, oh, okay, I won't debug this right now. Okay, but basically you get the idea that you can basically have the state captured here, and the system will remember this on disk, yeah?
Okay, okay, so now next topic, so our device drivers. So the nice thing about microcontroller-based systems is that device drivers live in the user space, and with Genode we want to really leverage this concept. So in Genode or in script OS,
device drivers are just managed like regular components. So you can deploy them, and install them as regular components. The user has to explicitly grant access to the hardware, the user is always in control. The drivers are sandboxed with an IOM view, and drivers can even mix-match of different providers, and this goes really, really far.
So I give you an example that we can do this for ACPI services even. So there is, for example, Alex, who is our expert for the PC, architecture, and he provides a system menu with ACPI support for all syncpads, so I'm using this.
And there are two versions, one is equipped with a nice graphical user interface, so I will basically deploy now this ACPI driver from Alex here, and will display the user interface as my battery applied in the window manager. So let's connect via this app, and now it becomes scary, so we have to say as a user, oh, direct memory map IO, aye, aye, aye,
that's, well, do we want this? We can't safely do this because we have an IOM view, so in this case, the driver will only shoot itself in the foot, so let's do this. But here, this is more of a problem, because PortIO can be used to everything, to completely reset the machine, so okay, let's grant this access. Also interrupt, okay, then for devices,
we basically say, okay, we only want to present the ACPI driver with an empty PCI bus, so we select this ACPI profile here, then we also want to expose the low-level kernel information and we want this driver to watch system status ROM from the configuration, so this is what I'm selecting here,
and it should report interesting things to the system reports over here. So this is really risky, so I should only do this with software from people I trust, yeah? But in this case, I trust Alex, and you see here now, this battery applet here,
showing the battery state, and I can observe this, and this can only be requested using ACPI. And another example is audio drivers, so in this case, my colleague Joseph comes to rescue, so he has some experimental port of the VST audio driver, and here we say, okay, we expose the audio hardware
to the driver and add this component, so here you see this one, so now I need a program that uses audio, so let's see what Joseph has in his menu, I think this one should work, connect this to the audio driver, display it in the WM,
and of course, let's do some network connectivity, and now it's basically, let me see, just something new, ah, it's hiding, okay, but here it is, so, and can you hear it? Maybe I should take you,
so maybe you can't hear it because the speakers are too silent, but there is actually audio coming out of this laptop here. Okay, so this is actually also working, so removing this again, and I can just swap out the audio driver if I don't need it anymore.
Okay, so next topic is when using Sculpt as a day-to-day OS, we of course don't want to start the day with wiring up all these components, of course this can be like meditation, but that's not a productive way of working, so we have to basically have a way
to make this configuration permanent, and the idea is we already have all the configurations in this config file system, right? So if you have also a place on the USB stick or on our boot device that also has the same layout, we can just copy over the stuff from the boot device to the config FS and we are done, yeah?
And so for fixing the configuration that I currently have, I basically only have to move this configuration to the USB stick, so let's do this using this shell here that I already have, so if I go here, remember we have this config FS here,
accessible, and we have this access to this G node storage over here, and so we can just add a new directory, it's called config, and then the version of Sculpt, in this case this is the Sculpt version, and then we can copy interesting things that we want to save, so like for example,
I want to copy the current situation of the component state, the current deployment, so this is all captured in one file, so I can copy this file into this config FS, this is the one, maybe I also want to capture the Wi-Fi password, okay, let's do this, so I can copy this config Wi-Fi that I just selected
and put it also on the USB stick, and maybe we can also tell the system to automatically connect to Wi-Fi instead of leaving the network undefined, so we basically route the NIC traffic to the Wi-Fi,
so these are the things that I have customized basically, and yeah, now the next time the system boots up, it should get this information copied from the USB stick into the config FS, and it should become active, so what do you think, should I try this out?
Yeah, it's all text, so if you look into the deployment here, you see that this is, oh no, that's not the right one, I mean the one that was created by the managed that I just copied, yeah, deploy, this is just a text file here, yeah, and this basically contains all the wiring also.
Okay, what do you think, should we try this out? Yeah, okay, so here we do another nice feature of the ACTI driver that we have running here, so I remember I said that this was a special config node, so I can open this here in this config FS,
there's the system here, and I can basically here define the system state I want to have, and there is a convenient system state, it's called reset, let's write this to the file and see, oh. So now crossing fingers again.
Yeah, you can always take a fresh USB stick, and in this light central, you can basically modify the content of the USB stick, it's all text files, and you can fix things this way, yeah.
And now we see, okay, it has detected the USB stick, okay, it finds out what's required here, and the USB stick, the light is blinking, so it's doing some, fetching some information, and here, ah, it already looks quite good, yeah, here we are.
Okay, so for, as a last small demo, maybe I can just swap out the USB stick from, with the hard disk, times up, or no, 10 minutes, okay. So I will just un-use the USB stick, so now we are basically back where we started,
and I can select this, my hard disk over here, and can say, okay, I want to use this, and now this is basically what's happening normally when I enter my office and start a machine, it opens a system that looks a bit like this, but it also spawns a new virtual machine, so this virtual box over here that's running in the background,
and you can also see here how, this is now wired up in the system, so the trusted computing base of the virtual machine is of course much more interesting, but you can see it has access to this shared folder over here, it has access to a special subdirectory where the VDI image is located, but not access to the global file system, it only has these kind of change-rooted access.
It is connected to the network, you can see it here, and it is connected to the window manager, you can see it here. So you can have, as a user, you have very good control over the way of how your software interacts with the platform and the other system.
And so there I can, this is my regular Linux system that I'm using for development work, and when I log in I can basically do some productive work, and maybe there are some other slides, since we still have some minute left.
This is basically the copy and paste topic, so we have some special kind of idea of how copy and paste should work, also inspired by discussions with you guys. So the idea of the copy-paste mechanism in Geno is that there's a clipboard at the bottom of the system here and this correlates user input with clipboard activity.
So for example, if the user presses Ctrl-C or presses a copy operation in the menu, then the clipboard will know, ah, this input event came from the application and now it will be open for clipboard interactions. Otherwise, an application is not allowed to obtain clipboard content or post-clipboard content. And so we drastically reduce possible information leakage
between applications. And maybe I can give you a small example, so if I start a program here and do some output, some string over here, I can basically select some text here,
copy this, and now I have this nux, this minimal Unix environment, and I can paste it over here. So you can also basically integrate the different components at a user level. Okay, so that's basically the content I wanted to present.
And to wrap up the talk, the story will continue, of course, so in this year, I want to further improve the usability of the system, like keyboard navigation and lights and color would be really nice, especially for selecting these routes and also improving this kind of interactive file management.
So my plan is to completely remove all kinds of traces of Unix from the VR system. Yeah, and then further, I think it would be nice to also offer some kind of on-screen documentation so that as a user knows what to connect and what are the implications. And another project is block device encryption,
and another thing is that you want to, of course, move away from virtual machines, but use native components. Okay, thank you. By the way, one last word, I have made this image, this experimental image,
available on the internet, so if you are venturesome enough to try it out, you can go to the first website here, and there you can download an image and put it on a USB stick with TD and play around, give feedback. Yeah, okay, thank you. Are there any questions? Yeah, please. Just a question, it seems like that Genome is using XML
as a format for configuration. Is there a rationale behind this? And the second question is, couldn't you have like a DSL to have a programming language for your configuration so you can do like a control flow instruction in your configuration file and do some incredible stuff?
Yeah, so the question was, we are seeing some XML here in this demo, and Genome relies on XML throughout the whole system, and was this a deliberate decision? And then the second question was, is there some kind of meta way of producing this XML?
And so the first question is, at the beginning of the project, 30 years ago, it was obvious to use XML, because it captured all our requirements to have these kind of nested nodes with these attributes, so we can express everything in XML, we don't need to incorporate all the complexities of XML here,
so this is just a subset, so you cannot, for example, have kind of including others and things like that. No, it's really, really simple, it's just the syntax looks like XML, and so it's tailored to the needs of Genome, and so of course you could say JSON or S expressions or whatever is nicer, but it comes down to the meta of taste,
and XML does everything we need, and there are made much more tooling, like validation tools like this XML lint, and yeah, so I think it was a good decision to go this way, even if it's not trendy, if some people want to configure it differently, and then of course there are people like Emory who are not satisfied with XML,
and they try to improve the situation by introducing some meta way of producing these configurations, but here, there's nothing between XML and the application here, so this is really a tight interfacing, and so you can of course add another indirection always, but you have to settle on one basic mechanism,
and here I think the great contribution here is that you use it consistently throughout the whole system, there's not a bunch of different syntaxes I found around, everything is coherent, yeah? Okay. Ah, please. Excuse me?
Ah, that's a runtime, that's a custom runtime, yes. But this is something that we want to get rid of, we have a much nicer way of running Unix software on Genome now, but this is another talk maybe. It's now, now it's possible to use just ellipse to implement this.
And Sarah, ah, okay, please. Sir, the capability, I mean that it's recent, so it's became obsolete with the time, and it's very uncomfortable to have just all these things. I don't see it here, but how you manage all this distribution
of capability sizes between components? So this is not done, yeah, okay, thanks. So I should repeat the question. So normally, if you look at other systems that wire up capabilities, you see this kind of explicit step of wiring up, creating these capabilities, and then passing them around, delegating them.
And in our system, you don't see this, right? And that's because the user doesn't care. The user does care about relationships between components, and here we have an abstraction over this capability concept. This is called a session concept, so it's described in more detail in the book, in the Genome Foundation's book, this one here. So if you want to know more about how Genome works
and how the concepts of Genome are backed by this underlying capability techniques, you may look into the third chapter of this book. There is a thorough description there. Okay, others to, ah, there.
Mm-hmm, yeah, I think definitely, because everything is virtualized here. You have basically a nested sandboxing. Oh, yeah, thanks. I should repeat the question. So you asked about,
is it possible to use a system like this for establishing the notion of user sessions, to have different user profiles on the system, like a public-facing computer, but a special user can also have a different kind of profile? Yeah, so the underlying technology, of course, it can do this. With SCUD out of the box, it is not supported, but you can see how this is just another interaction,
yeah, right? So adding a kind of user identity in the form of a component, that might be the most straightforward way to do, yeah. Okay, others to, time's up, yeah, or, ah, okay, again. How hard is it to port software to Genome?
Ah, that's a very good question. Thanks for bringing this up. It's actually, ah, yeah, how hard is it to port software to Genome? And so that's a very good question, because I think it's, Alex has talked, in his talk, about the porting of the Android runtime to Genome,
and this is quite feasible, but it's still quite a manual labor, and especially today, there are many different build systems, like CMake and so on, and, yeah, Genome has an own build system, of course, and the traditional way was to basically port the supported software into the Genome build system, but this doesn't scale, of course, and so there's a new tool that I'm developing,
it's the Goa tool, it's called, you can find it on the Genodians site, and this tries to streamline the workflow with porting supported software to Genome. So basically, the dream is to have just a recompile, and then the software, you can just deploy the software directly on Sculpt, that is the idea.
But we are not there yet, yeah. First you. Yeah, ah, okay, I should repeat the question. So I was asked to give other use cases of Genode,
besides this desktop computing, and so the use cases are basically, or there are these embedded use cases, where Genode is used in network appliances, for example, where you want to split the control plane of network from the data plane, and this component-based system is quite natural to do such a thing. So there are people also building products in this direction,
then there is also the embedded space, like the upcoming IoT hype, and where you connect devices to the network all the time, and so here, adding components like component leads, trusted wrappers, to filter protocols,
it fits so well together.