On Hubris and Humility: developing an OS for robustness in Rust [video]
On Hubris and Humility: when "Write your own OS" isn't the worst idea. Hubris is a small open-source operating system for deeply-embedded computersystems, such as our server's replacement for the Baseboard ManagementController. Because our BMC replacement uses a lower-complexity microcontrollerwith region-based memory protection instead of virtual memory, our options werelimited. Hubris provides preemptive multitasking, memory isolation betweenseparately-compiled components, the ability to isolate crashing drivers andrestart them without affecting the rest of the system, and flexibleinter-component messaging that eliminates the need for most syscalls - in about2000 lines of Rust. The Hubris debugger, Humility, allows us to walk up to arunning system and inspect the interaction of all tasks, or capture a dump foroffline debugging. Hubris may be more interesting for what it doesn't have. This removes, by construction, a lot of the attack surface normallypresent in similar systems.