Google has started shipping its unique new Operating System (OS) Fuchsia, after years of development.
Despite development of the OS happening publicly in open source repositories, it has also been shrouded in some strategic mystery vis-a-vis where it fits into Google's portfolio of OS software.
"You don't ship a new operating system every day, but today is that day" said Petr Hosek, Technical Lead of the Google FuchsiaOS toolchain team on May 25. Fuchsia will find its first safe home in Google-owned devices this week -- with installations being made via updates to the first-generation Google Nest Hub.
This will happen initially for those in the preview programme.
Fuschsia OS is based on a tiny custom kernel from Google called Zircon which has some elements written in C++, some in Rust. Device drivers run in what’s called “user mode” or “user land”, meaning they’re not given fully elevated privileges. This brings good segmentation properties: a vulnerability that affects a component compromises only its process.
There is no strict programming language requirement for Fuchsia's components, which interact with one another via IPCs. e.g. Its USB drivers are written in C++, and the network stack is coded in Rust.
As France's Quarkslab has noted: "[Fuchsia's] components can be written in safe languages such as Rust, in which several classes of vulnerabilities simply do not exist. The components have their own virtual filesystem that can be sandboxed and that lives entirely on the user side. The kernel knows nothing about it. Access to components and syscalls is based on handles, which act as the only tokens the kernel knows about. They are abstracted as objects in the namespace. The mitigations provided by default in the kernel are rather good as of this writing. The components and kernel are fuzzed and unit-tested in a seemingly systematic manner."
Google, of course, already has two operating systems: Android (for mobile) and Chrome (netbooks, etc.) which is essentially just Linux running web apps, with no native development. Fuchsia has seemed to most observers like a potential play for the IoT space, that could also stretch to becoming (in theory) a replacement for both of the other operating systems.
The OS relies on the Flutter SDK which is already able to build and target Android apps, so likely it’s no stretch to rebuild current Android apps for Fuchsia, one close observer earlier told The Stack's team. Google have also opted to implement Swift (the Apple-only language) as an option for developing applications, in a possible attempt to woo Apple developers.
A July 2020 attempt by Quarks Lab, a French security R&D and software development company, to attack the nascent FuchsiaOS revealed that the OS's design -- intended to reduce attack surface -- did indeed make it resilient. It also spotted some curiosities, like an embedded hypervisor for AArch64 and x86_64, which the company's team speculated was there help the transition from Googles’ other OSs to Fuchsia, e.g. by “having a guest Android or Chrome OS system run in a VM and execute Android or Chrome OS applications.”
Google appears to be moving cautiously with the roll-out. If all goes well, expect Fuchsia to appear in other IoT devices in future; pundits speculate that it might also wind up in vehicles. Watch this space.
You can take a look at the FuchsiaOS code here.