The ARM SoC Landscape from Genode's Perspective (opens in new tab)

They should investigate ARM's Server Base System Architecture (SBSA) specification[1,2]. It is designed to provide a standardised ARM platform e.g. ACPI, simplified feature sets, standard SMP, power control etc. It's meant to be as boring as possible.

It's popular enough that Microsoft and Red Hat target it to produce a single image that will work on all ARM server SoC vendors e.g. Ampere, HXT, Marvell, Qualcomm.

Despite the 'server' in the name it can be applied to any 64-bit ARM SoC. There is also Server Base Boot Requirements (SBBR) that describes the boot requirements for SBSA.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc....

[2] https://en.wikipedia.org/wiki/Server_Base_System_Architectur...

I had some issues following along since I didn't know what Genode was. At first I mixed it up with the AMD Geode processor which was quite confusing.

https://genode.org/ has it up front:

We understand the complexity of code and policy as the most fundamental security problem shared by modern general-purpose operating systems. Because of high functional demands and dynamic workloads, however, this complexity cannot be avoided. But it can be organized. Genode is a novel OS architecture that is able to master complexity by applying a strict organizational structure to all software components including device drivers, system services, and applications. The Genode OS framework is an open-source tool kit for building highly secure component-based operating systems. It scales from embedded devices to dynamic general-purpose computing.

keywords: capability-based security, microkernel, principle of least authority, sandboxing, virtualization

I'll point out that there is now also another kid in town providing what to me seems extremely well documented ARM SoCs: ST with their new STM32MP1. I'm very excited to see how they will fare in the market, I hope the best because their approach feels very agreaable to me.