[okl4-developer] L4.sec status ping

Gernot Heiser gernot at nicta.com.au
Tue Aug 7 18:44:28 CEST 2007


>>>>> On Tue, 7 Aug 2007 13:26:58 +0800, "Wei Shen" <cquark at gmail.com> said:
WS> Hi,
WS> On 8/3/07, Gernot Heiser <gernot at nicta.com.au> wrote:

WS>     The commercial OKL4 microkernel is converging on the seL4 API, it
WS>     presently contains simplified versions of IPC control and all kernel
WS>     resource allocation is under control of a user-level policy server. It
WS>     should implement a full seL4 API probably sometime next year.
   
WS>     Gernot

WS> I have several questions:
WS> 1)What does "simplified versions of IPC control" refer to?
 
There is a privileged IpcControl() syscall that allows you to set IPC
restrictions on an address space (send anywhere, send anywhere except
some, send only to some).

WS> 2)"all kernel resource allocation is under control of a user-level policy
WS> server" - does the user-level policy server refer to Iguana?

As far as the kernel is concerned, it's the root task. In the OKL4
system the root task is Iguana.

WS> 3)Can these features you noted be found in current Pistachio-e and Iguana
WS> release? All they belong to close-source part of OKL4?

They are in the released open-source OKL4l, and nicely documented in
the very extensive (260 page) OKL4 Microkernel Programming Manual
available at http://portal.ok-labs.com/

There is no closed-source part of OKL4, other than platform code that
is specific to proprietary customer hardware. However, there is a
release backlog (sorry). Nevertheless, what you are asking for is
released, supported, deployed by commercial customers, and open
source.

Gernot




More information about the l4-hackers mailing list