A secure embedded operating system for microcontrollers

Overview

TockOS

tock-ci slack

Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on Cortex-M and RISC-V based embedded platforms. Tock's design centers around protection, both from potentially malicious applications and from device drivers. Tock uses two mechanisms to protect different components of the operating system. First, the kernel and device drivers are written in Rust, a systems programming language that provides compile-time memory safety, type safety and strict aliasing. Tock uses Rust to protect the kernel (e.g. the scheduler and hardware abstraction layer) from platform specific device drivers as well as isolate device drivers from each other. Second, Tock uses memory protection units to isolate applications from each other and the kernel.

Learn More

How would you like to get started?

Learn How Tock Works

Tock is documented in the doc folder. Read through the guides there to learn about the overview and design of Tock, its implementation, and much more.

Use Tock

Follow our getting started guide to set up your system to compile Tock.

Head to the hardware page to learn about the hardware platforms Tock supports. Also check out the Tock Book for a step-by-step introduction to getting Tock up and running.

Find example applications that run on top of the Tock kernel written in both Rust and C.

Develop Tock

Read our getting started guide to get the correct version of the Rust compiler, then look through the /kernel, /capsules, /chips, and /boards directories. There are also generated source code docs.

We encourage contributions back to Tock and are happy to accept pull requests for anything from small documentation fixes to whole new platforms. For details, check out our Contributing Guide. To get started, please do not hesitate to submit a PR. We'll happily guide you through any needed changes.

Keep Up To Date

Check out the blog where the Talking Tock post series highlights what's new in Tock. Also, follow @talkingtock on Twitter.

You can also browse our email group and our Slack to see discussions on Tock development.

Code of Conduct

The Tock project adheres to the Rust Code of Conduct.

All contributors, community members, and visitors are expected to familiarize themselves with the Code of Conduct and to follow these standards in all Tock-affiliated environments, which includes but is not limited to repositories, chats, and meetup events. For moderation issues, please contact members of the @tock/core-wg.

Cite this Project

Tock was presented at SOSP'17

Amit Levy, Bradford Campbell, Branden Ghena, Daniel B. Giffin, Pat Pannuto, Prabal Dutta, and Philip Levis. 2017. Multiprogramming a 64kB Computer Safely and Efficiently. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17). Association for Computing Machinery, New York, NY, USA, 234–251. DOI: https://doi.org/10.1145/3132747.3132786

Bibtex
@inproceedings{levy17multiprogramming,
      title = {Multiprogramming a 64kB Computer Safely and Efficiently},
      booktitle = {Proceedings of the 26th Symposium on Operating Systems Principles},
      series = {SOSP'17},
      year = {2017},
      month = {10},
      isbn = {978-1-4503-5085-3},
      location = {Shanghai, China},
      pages = {234--251},
      numpages = {18},
      url = {http://doi.acm.org/10.1145/3132747.3132786},
      doi = {10.1145/3132747.3132786},
      acmid = {3132786},
      publisher = {ACM},
      address = {New York, NY, USA},
      conference-url = {https://www.sigops.org/sosp/sosp17/},
      author = {Levy, Amit and Campbell, Bradford and Ghena, Branden and Giffin, Daniel B. and Pannuto, Pat and Dutta, Prabal and Levis, Philip},
}

This is the primary paper the describes the design consdierations of Tock.

Other Tock-related papers

There are also two shorter papers that look at potential limitations of the Rust language for embedded software development. The earlier PLOS paper lays out challenges and the later APSys paper lays out potential solutions. Some persons describing work on programming languages and type theory may benefit from these references, but generally, most work should cite the SOSP paper above.

APSys: The Case for Writing a Kernel in Rust

@inproceedings{levy17rustkernel,
	title = {The Case for Writing a Kernel in Rust},
	booktitle = {Proceedings of the 8th Asia-Pacific Workshop on Systems},
	series = {APSys '17},
	year = {2017},
	month = {9},
	isbn = {978-1-4503-5197-3},
	location = {Mumbai, India},
	pages = {1:1--1:7},
	articleno = {1},
	numpages = {7},
	url = {http://doi.acm.org/10.1145/3124680.3124717},
	doi = {10.1145/3124680.3124717},
	acmid = {3124717},
	publisher = {ACM},
	address = {New York, NY, USA},
	conference-url = {https://www.cse.iitb.ac.in/~apsys2017/},
	author = {Levy, Amit and Campbell, Bradford and Ghena, Branden and Pannuto, Pat and Dutta, Prabal and Levis, Philip},
}

PLOS: Ownership is Theft: Experiences Building an Embedded OS in Rust

@inproceedings{levy15ownership,
	title = {Ownership is Theft: Experiences Building an Embedded {OS} in {R}ust},
	booktitle = {Proceedings of the 8th Workshop on Programming Languages and Operating Systems},
	series = {PLOS 2015},
	year = {2015},
	month = {10},
	isbn = {978-1-4503-3942-1},
	doi = {10.1145/2818302.2818306},
	url = {http://dx.doi.org/10.1145/2818302.2818306},
	location = {Monterey, CA},
	publisher = {ACM},
	address = {New York, NY, USA},
	conference-url = {http://plosworkshop.org/2015/},
	author = {Levy, Amit and Andersen, Michael P and Campbell, Bradford and Culler, David and Dutta, Prabal and Ghena, Branden and Levis, Philip and Pannuto, Pat},
}

License

Licensed under either of

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Comments
  • Add the Ibex CPU and the OpenTitan Board

    Add the Ibex CPU and the OpenTitan Board

    Pull Request Overview

    This PR adds initial support for the RISC-V LowRISC Ibex CPU and the OpenTitan development board.

    OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. https://opentitan.org/

    OpenTitan is a public project (https://github.com/lowRISC/opentitan).

    This PR adds support for the Ibex CPU (https://github.com/lowRISC/ibex) which is the core CPU that OT uses. It also adds support for the LowRISC UART driver to allow us to print output.

    This work was all done with the publicly available information from: https://github.com/lowRISC/opentitan

    Testing Strategy

    This was tested using the snapshot-20191101-2 release on a Nexys Video FPGA, as described here: https://github.com/lowRISC/opentitan/blob/master/doc/ug/getting_started_fpga.md

    Tock successfully boots and prints the initialisation complete message.

    TODO or Help Wanted

    This is the current list I have before this is ok to merge. Let me know if I need/don't need anything.

    • [x] Convert the register mappings for the UART device to the new tock-register-interfece (should be straightforward)
    • [x] Update the documentation to give details about the new CPU/boards
    • [x] Get writes to the PLIC working
    • [x] Get interrupts overall working
    • [x] Add a GPIO driver
    • [x] Get the kernel to run in the main loop
    • [x] Update UART to use transmitted_buffer() transmit

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [X] Ran make formatall.
    risc-v 
    opened by alistair23 153
  • Release 2.1

    Release 2.1

    Sign-Off

    https://github.com/tock/tock/issues/3116#issuecomment-1230330230

    Motivation

    At the end of July 2022 we discussed doing a release before incorporating the AppID changes. This would 1) provide a tested commit before the AppID changes to the core kernel that developers could use as the infrastructure around credentials is built up, and 2) make it theoretically to do a release after AppID as there would be fewer changes without release-level testing.

    This thread initially serves as a place to discuss if this is what we want to do, and if so, what changes/PRs we want to get in for 2.1.

    release-blocker 
    opened by bradjc 56
  • Adding App IDs and userspace binary integrity to the Tock kernel

    Adding App IDs and userspace binary integrity to the Tock kernel

    Pull Request Overview

    This pull request incorporates App IDs into the Tock kernel. It is based on Johnathan's V3 proposal from this long thread. The core of the proposal is in this message. The details on App IDs and how they work is described in in doc/reference/trd-appid.md in this PR.

    This PR requires corresponding PRs for elf2tab and tockloader. All three need to be applied simultaneously. The elf2tab modifications support the new required TBF headers and footers. The tockloader modifications can parse these headers/footers so tockloader can properly scan and install binaries. The Tock modifications add support for these headers and footers and the kernel mechanisms for handling them.

    Incorporating App IDs into the kernel allows a kernel to verify the integrity and authenticity of userspace binaries and make corresponding decisions on whether load them. The exact policy for userspace binary loading is defined by an implementation of the AppCredentialsChecker trait, which is passed to the kernel by main.rs. If no checker is provided, then the kernel places no restrictions on which binaries are loaded: it follows the current policy of filling process slots with binaries in the order they appear in the program memory region.

    This PR includes two sample AppCredentialsChecker implementations. The first, AppCheckerSimulated, simulates checking credentials but always accepts every credential. This causes the kernel to load all processes, as is the standard policy now. The second, AppCheckerSha256 only accepts Sha256 credentials. If a process does not have a valid Sha256 footer, the kernel will not load the process.

    Supporting credentials checking adds states to the process loading process. Because checking credentials can require asynchronous I/O for cryptographic operations, process loading is now asynchronous. It adds process::State::Unchecked and process::State::CredentialsFailed. The former is for when a process has been successfully loaded but its credentials have not been checked so it is not runnable. The second is for processes whose credentials did not pass the AppCredentialsChecker policy.

    This also PR fixes a bug in the TBF library and corresponding process loading. The init_fn_offset in a TBF Main Header is supposed to indicate the offset from the start of the actual userspace binary, however in the current implementation it specifies the offset as from the start of the TBF object; it adds the length of the TBF header to the offset. This means that an updated kernel will no longer work with old elf2tab versions.

    Testing Strategy

    This PR has been tested in the imix board by:

    • Testing that the absence of an AppCredentialsChecker loads processes without restrictions.
    • Testing that using AppCheckerSha256 does not run a process that does not have a Sha256 credential.
    • Testing that using AppCheckerSha256 does not run a process that has an incorrect Sha256 credential.
    • Testing that using AppCheckerSha256 loads and runs a process that has a correct Sha256 credential.

    TODO or Help Wanted

    The major challenge with this PR is it requires concurrent updates to elf2tab and tockloader, to support the new headers and bug fixes. For example, currently CI for litex fails because it is using elf2tab that has the init_fn_offset bug.

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [x] Ran make prepush.
    kernel P-Significant tock-libraries HIL WG-OpenTitan 
    opened by phil-levis 56
  • Release 2.0

    Release 2.0

    This issue serves as a list of all tasks that need to be completed before an official Tock 2.0 release can be made. Please edit this list to add new tasks when they come up, or to check off tasks once they are completed. I am not including any tasks completed before I created this issue.

    • [x] #1905 prevent callbacks from violating appslice / callback swap invariants: #2462
    • [x] #2632 support aliasing of process-allowed memory
    • [x] #1088 reorganize kernel exports
    • [x] update changelog
    • [ ] Somehow fix tockloader install blink as that will install the 1.0 compatible version right now.
    • [x] Review https://github.com/tock/tock/blob/master/doc/syscalls/README.md and update stability guarantees as needed. Compile apps which validate this for future testing.
    • [x] Finalize system call TRD docs/reference/trd-syscalls.md as TRD104 #2431
    • [x] #2508, #2511 Update callbacks to pass errorcodes instead of returncodes (non-blocking -- see #2320)
    • [x] #2184 rename AppId to ProcessId
    • [x] Update libtock-c to properly return EBADVAL when return types do not match.
    • [x] #2235 port all system call drivers to new API
    • [x] #1769 remove guarantees on memory size for userspace apps: #2441
    • [x] #2430 remove all uses of and references to SuccessWithValue
    • [x] update docs/Userland.md and docs/Syscalls.md
    • [x] update the tock book to reflect tock 2.0 system calls
    • [x] #2444 remove the legacy system call interface in the kernel, and update all the boards to reflect this. start here: https://github.com/tock/tock/compare/tock-2.0-dev...tock-2.0-remove-legacy
    • [x] remove the legacy system call interface in userspace: https://github.com/tock/libtock-c/pull/177
    • [x] rename "command2, subscribe2" etc. to command, subscribe in libtock-c: https://github.com/tock/libtock-c/pull/193
    • [x] merge master into tock-2.0-dev,
    • [x] #2446 create a PR to master for review by core team
    • [x] #2369 memory reference in process.rs
    • [x] Update nightly to post LLVM12 nightly.
    • [x] Address tock/libtock-c#217

    I am not putting this on #1607 because that issue was more "what should we do for Tock 2.0" and has lots of irrelevant discussion to this.

    cc @phil-levis

    tracking release-blocker tock-2.0 
    opened by hudson-ayers 48
  • RFC: update trd104

    RFC: update trd104

    Pull Request Overview

    This pull request modifies the text of trd104 to reflect that the kernel cannot prevent applications from accessing buffers that have been "allowed". It also modifies the text to no longer forbid applications from reading from allowed buffers -- given that the kernel cannot stop apps from doing so, I do not really see the benefit of this restriction. It gains us nothing in terms of soundness in the kernel, and can't be relied on as a security policy to prevent apps from accessing kernel data.

    Testing Strategy

    N/A

    TODO or Help Wanted

    N/A

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [x] Ran make prepush.
    documentation rfc 
    opened by hudson-ayers 46
  • kernel: Read Only State

    kernel: Read Only State

    Pull Request Overview

    Based on the proposal here: https://github.com/tock/tock/issues/2366 this is a vDSO style read only syscall where userspace can quickly read values from memory instead of performing an entire syscall.

    This allows user space to implement a quick_yield() where we only perform a syscall if there is a pending task. This also allows userspace to easily read the current time without performing a syscall.

    In order to allow ROS, this PR also adds shared allow syscalls, based on https://github.com/tock/tock/pull/2590#issuecomment-854259226.

    Some of the TRD update is borrowed from: https://github.com/tock/tock/blob/trd104-buffer-reading/doc/reference/trd104-syscalls.md

    The idea of these syscalls is to handle capsules that expect userspce to access a buffer while the kernel has access.

    Add a shared allow that is similar to read/write allow except that the app is expected to be able to access the buffer.

    This is different to allow_readwrite() in that the app is allowed to read/write the buffer once it has been passed to the kernel. For more details on how this can be done safely see TRD104.

    Testing Strategy

    Tested on the nRF with libtock-c.

    TODO or Help Wanted

    Documentation Updated

    • [X] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [X] Ran make prepush.
    kernel last-call 
    opened by alistair23 42
  • Move allow_readwrite and allow_readonly from SyscallDriver into common Grant framework

    Move allow_readwrite and allow_readonly from SyscallDriver into common Grant framework

    Pull Request Overview

    Similar to how we removed subscribe from the SyscallDriver trait in favor of the kernel always managing the data, do the same for read-only and read-write process buffers.

    This has multiple advantages

    • It reduces boilerplate code in almost every SyscallDriver implementation
      • Each boiler plate implementation of allow_readonly or allow_readwrite costs about 170 bytes of flash
    • It allows libtock-rs implementation to rely on the fact that there cannot be improperly behaving capsule that holds on to process buffers when application calls allow with 0 (i.e. unsubscribe)

    Note each commit builds and compiles (but isn't necessarily functional)

    Testing Strategy

    So far, I have tried this code out locally with a modification in kernel that handles both the SyscallDriver and new Grant-based process buffer allows. I didn't upload that, but I was able to convert a few capsules over to the new approach and they worked correctly.

    Once we migrate all of the capsules, we would need to test again of course

    TODO or Help Wanted

    • [x] Help with converting the reset of the capsule code to use the new common framework style of accessing buffers. So far I only converted ADC as an example. Once people agree this is a good way forward, we would need to convert the rest of the capsules
      • [x] boards/
      • [x] capsules//.rs (files in subfolders within capsules)
      • [x] capsules/[a-c]*.rs
      • [x] capsules/[d-i]*.rs
      • [x] capsules/[j-m]*.rs
      • [x] capsules/[n-r]*.rs
      • [x] capsules/[a-z]*.rs
    • [x] Once all capsules are converted, we should remove the allow_readonly and allow_readwrite function on the SyscallDriver trait
    • [ ] ~~Potential cleanup: we may no longer need the Default implementation on ReadOnlyProcessBuffer and ReadWriteProcessBuffer since they no longer needed in a capsule specific grant region, which required Default.~~
    • [ ] ~~Potential cleanup: if we can remove Default and impl for process buffers, then we should be able to directly put a lifetime constraint on the process buffer structs themselves. This will allow us to drop the Refs versions and permit the unsafe callers of new to more easily uphold the invariant of the pointer lifetime~~
    • [ ] ~~Potential cleanup: add a access_grant_inner function to de-monomorphize if needed for size reduction.~~

    Documentation Updated

    • [x] Updated the relevant files in /docs

    Formatting

    • [x] Ran make prepush.
    kernel P-Significant WG-OpenTitan 
    opened by jettr 40
  • Time redesign v3

    Time redesign v3

    Pull Request Overview

    This pull request updates the time HIL to address a series of bug reports with the previous API (#1651, #1691, #1513). It also incorporates proposed changes by @gendx to generalize the width of counters/alarms/timers with an associated type rather than assume 32 bits (#1521).

    This has been implemented on all of the chips. It has been tested for the 24-bit nRF52 series, the 32-bit SAM4L, and 64-bit OpenTitan.

    The overall design and summary of the traits is described in

    https://github.com/tock/tock/blob/time-redesign-v3/doc/reference/trd-time.md

    We will update this document and give it a TRD number when ready to merge.

    There is also an update to the system call API: a new command for Alarm passes both a reference time and a dt. This new API can be used by using the timer_v3_updates branch of libtock-c.

    Testing Strategy

    This pull request was tested by compiling and testing on nrf52, SAM4L (imix), and OpenTitan (FPGA) boards. For imix and OT, it was tested using the multi_alarm_test and multi_timer_test tests in the kernel. On imix, it was tested in userspace by running a pair of multi_alarm_test processes.

    I was not able to test the userspace alarm driver on OpenTitan -- after struggling to get libtock-rs applications to run and librtock-c ones to compile I gave up. This is an important test because the capsule is 32 bits, and tries to automatically handle an underlying 64-bit Alarm.

    TODO or Help Wanted

    This pull request needs userspace testing on OT (to test that 64-to-32 conversion works correctly for the userspace API). This PR updates the mtimer implementation to seed it with a value close to a 32-bit overflow. So you do not have to run the test very long. Any userspace application that uses an alarm should be a good test.

    This pull request needs kernel testing on

    • [x] arty_e1 (@bradjc )
    • [x] hifive (@alevy )
    • [x] msp (@hudson-ayers )
    • [x] nano33ble (OK)
    • [x] nucleo ()
    • [x] redboard (@alistair23 )
    • [x] stm32f ()

    To test, you need run a multi_alarm_test. I've added a multi_alarm_test for each board and modified each board's main.rs to invoke it. Double-check you see a call to multi_alarm_test::run_multi_alarm(mux_alarm).

    This test starts 3 alarms (A, B, C). The dt of these alarms is random, with one in 11 alarms (randomly) having a dt of 0. A typical output of the test looks something like this (this is from OpenTitan):

    TestA@Ticks64(17033607736): Expected at Ticks64(17033607729) (diff = Ticks64(7)), setting alarm to Ticks64(17033616266) (delay = Ticks64(8537))
    TestB: Alarm fired.
    TestB@Ticks64(17033614398): Expected at Ticks64(17033614391) (diff = Ticks64(7)), setting alarm to Ticks64(17033626851) (delay = Ticks64(12462))
    TestC: Alarm fired.
    TestC@Ticks64(17033614581): Expected at Ticks64(17033614576) (diff = Ticks64(5)), setting alarm to Ticks64(17033618165) (delay = Ticks64(3592))
    TestA: Alarm fired.
    TestA@Ticks64(17033616273): Expected at Ticks64(17033616266) (diff = Ticks64(7)), setting alarm to Ticks64(17033629481) (delay = Ticks64(13214))
    TestC: Alarm fired.
    TestC@Ticks64(17033618172): Expected at Ticks64(17033618165) (diff = Ticks64(7)), setting alarm to Ticks64(17033626435) (delay = Ticks64(8270))
    

    The delay value is the dt set for the next invocation of this Alarm. The diff value is the number of ticks between the desired firing time and a call to now in the firing. Note that this value is large (e.g., 7 ticks above!) mostly because of these print statements: formatting the numbers takes significant cycles at these timescales.

    The three things to look for to make sure the test is running properly are:

    • All 3 Alarms are firing (one has not been lost or dropped or otherwise miscalculated)
    • The diff values are always positive
    • The diff of alarm firings after a delay of 0 are not excessively high (they will be higher than non-zero delays)

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [X] Ran make prepush.
    P-Significant last-call release-blocker 
    opened by phil-levis 39
  • Tock 2.0: implement Callback swapping restrictions (v3)

    Tock 2.0: implement Callback swapping restrictions (v3)

    Pull Request Overview

    This pull request is a follow-up to #2282 and #2445. This was done jointly together with @hudson-ayers. Thanks Hudson!

    Issue

    Essentially, the protections introduced in this PR are required because in the Tock 2.0 system call architecture, with every call to subscribe, the previous Callback provided by the application must be returned. If we were to not enforce any constraints here, this would have serious side effects:

    • a Callback subscribed by process A could be handed back to process B.

      This leaks both the callback pointer and the appdata field of the Callback to another application.

    • a Callback from one capsule could be given to another capsule and returned as part of a call to subscribe there.

    • a Callback, passed to a driver under subscribe (subdriver) number x could be returned as part of a call to subscribe to the same driver under subscribe (subdriver) number y, where x != y.

    • a capsule could pass back a null callback (with callback pointer and appdata being 0), where a process has actually subscribed a Callback with non-null values before.

      All of these cases could cause inconsistencies and undefined behavior in userspace, if a process were to rely on the fact that the returned Callback is the one previously passed to the capsule.

      It was indicated that userspace libraries might want to rely on this behaviour for stack-allocated callbacks (especially in libtock-rs).

    Guarantees made by this PR

    This PR enables the kernel to guarantee:

    • a capsule cannot return a Callback originally passed to a different capsule in a subscribe invocation
    • a capsule cannot return, as a result of a subscribe invocation, a callback which was provided by a different process
    • a capsule cannot return, as a result of a subscribe invocation, a callback which was provided by the same process under a different subscribe / subdriver number

    Approach

    This PR changes Grants to use a GrantDefault trait for the default initialization of contained structures, where currently Default is used. Using a custom trait here allows us to pass in futher data into the default implementation of said contained structures.

    One of the things passed into the grant_default constructor is a ProcessCallbackFactory, which can be used to obtain Callbacks that are always bound to a specific (driver, subdriver, process) combination. Furthermore, only one Callback for a given (driver, subdriver, process) combination may exist in the kernel at any given time, except when a subscribe system call is invoked (to swap out one Callback for another).

    This approach requires making sure that each driver can only hold a single grant region, to ever only get a ProcessCallbackFactory once per process.

    Implications

    • This PR removes Copy, Clone trait implementations from Callbacks. I don't see any solution which wouldn't heavily modify larger parts of the OS to get around this. Most approaches I've come up with use the fact that through ownership and move semantics, we can control & limit the lifetime of Callbacks effectively and at compile time.

    • This implementation strategy, in contrast to some others, does not require any central registry or other data structures. By tightly controlling the instances of the Callback type at compile time, we can uphold the desired guarantees without using additional data fields. There is one exception to this -- we now track the correspondence of grant_num --> driver_num, which requires an array for this tracking. Currently, we set this array to be of size MAX_DRIVERS, where MAX_DRIVERS is a field in the kernel CONFIG struct. This could be moved into main.rs for every board to allow boards to set MAX_DRIVERS independently, but we wanted to keep the diff as small as possible here.

    • This introduces a procedural macro, to be able to #[derive(GrantDefault)]. This is optional and can be removed easily, at the cost of a little more verbosity in capsules (each capsule will have to manually derive GrantDefault, even if before it used #[derive(Default)]. Using procedural macros pulls in the external crates proc-macro, syn and proc-macro2.

    • Non-virtualized capsules need to be changed to work with this PR. Because Callbacks are a process resource, they need to be kept in their respective Grant region. This also prevents accidentally leaking a Callback of one process to another, which many non-virtualized capsules do as of their current implementation. Instead, they should store which process is currently active and using them.

    Testing Strategy

    This pull request was tested by trying to swap callbacks on a Hail board using an example capsule. It need more testing.

    TODO or Help Wanted

    This pull request has the required changes to all capsules except those capsules which are not virtualized across multiple apps (and thus do not have grant regions). We will update those capsules to use grant regions to store callbacks if the general design in this PR is approved.

    Given that these updates might require to touch the logic of the respective capsules, they are carried out in individual PRs. If you want to change a driver to use Grants as done in #2521, please add yourself to this list:

    • [X] src/analog_comparator.rs (@bradjc, #2521)
    • [x] src/max17205.rs (@hudson-ayers, #2553)
    • [x] src/spi_peripheral.rs (@lschuermann, #2559)
    • [x] src/pca9544a.rs (@hudson-ayers, #2554)
    • [x] src/l3gd20.rs (@phil-levis, #2572)
    • [x] src/lsm303dlhc.rs (@hudson-ayers @lschuermann, #2518)
    • [x] src/i2c_master_slave_driver.rs(@hudson-ayers, #2547)
    • [x] src/mlx90614.rs (@hudson-ayers, #2555)
    • [x] src/sdcard.rs (@lschuermann, #2560)
    • [x] src/lsm303agr.rs (@phil-levis, #2574)
    • [x] src/lps25hb.rs (@hudson-ayers, #2556)
    • [x] src/gpio_async.rs (@ppannuto, #2562)
    • [x] src/ltc294x.rs (@phil-levis, #2575)
    • [x] src/spi_controller.rs (@lschuermann, #2558)
    • [x] src/tsl2561.rs (@hudson-ayers, #2557)

    (list obtained through grep -rL "Grant" | xargs grep -rl "Driver" | xargs grep -rl "Upcall\|AppSlice")

    This PR mostly panics when capsules misbehave, but other approaches could be imagined in the future to block those capsules indefinitely without faulting the kernel.

    Documentation Updated

    • [ ] TODO.

    Formatting

    • [x] Ran make prepush.
    kernel P-Significant WG-OpenTitan tock-2.0 
    opened by lschuermann 37
  • USB: CTAP: Initial support for the FIDO CTAP HID Spec

    USB: CTAP: Initial support for the FIDO CTAP HID Spec

    Pull Request Overview

    This PR adds initial support for the FIDO Alliance CTAP spec, descried here: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html

    This PR adds:

    • USB HID HIL (not CTAP specific)
    • A CTAP capsule
    • A CTAP driver
    • A USB HID CTAP board component

    The CTAP capsule has been designed to support BLE, NFC and USB HID transport layers. Currently only USB HID is supported, but in theory BLE and NFC could be fairly easily added. For this reason the CTAP capsule makes USB optional.

    Testing Strategy

    Running this PR on OpenTitan with the corresponding full feature libtock-rs support. The Yubico Python FIDO2 library detects OpenTitan as a CTAP device. I can send CBOR/CTAP data to OpenTitan which correctly passes it to the app. The userspace app can decode the CBOR/CTAP data and pass is back to the kernel. This allows me to communicate with OpenTitan over the CTAP protocol from the Python library. I can run their examples.

    I am able to register and login to https://github.com/duo-labs/webauthn and https://demo.yubico.com/webauthn with OpenTitan as a security key. NOTE: This doesn't work in Firefox due to https://bugzilla.mozilla.org/show_bug.cgi?id=1530370

    @bradjc has tested that the OS X will see the nrf52840dk as a HID device.

    In summary, webauthm authentication works on two separate servers when using OpenTitan on a Linux host. OSX with the nrf52840dk is able to detect Tock as a CTAP device.

    TODO or Help Wanted

    Documentation Updated

    • [X] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [X] Ran make prepush.
    last-call 
    opened by alistair23 36
  • Release 1.5

    Release 1.5

    Release Date: By end of April 2020

    PR merge deadline: April 17, 2020

    We are targeting a new release of Tock for ~March~ April 2020. The following tracking issues contain the milestones that will be included in the release:

    • [x] #995 (Tracking: /arch to New Register Interface)
    • [x] #1701 Add size tool to Travis-CI
      • [x] support tock/tock PRs, forked PRs just print #1753
    • [x] Stabilize GPIO syscall interface #630 Issue -> #1759 PR
    • [x] Add documentation for HiFive1(a) #1783

    Optional:

    • [ ] virtual_uart fix #1757
    • [ ] Further RISC-V support
      • [ ] Add HiFive1(b) board
    • [ ] #1464 (Tracking: Kernel Documentation Round 2)

    Defer:

    • [ ] Fix timer-related bugs
      • [x] #1691 (#1709)
      • [ ] #1651, #1513
        • [ ] 2^31 fix

    As we get closer to all of the above checked then we will decide which open PRs to include before testing the release.

    Testing

    To test the release we use the following applications and run them on all applicable boards and ensure they execute successfully. This list should be copied for each platform and will be tested once a release candidate is ready.

    • All Boards

      • [ ] examples/sensors
        • sense_to_console: Application that samples a sensor and outputs values to console
      • [ ] examples/services/ble-env-sense and examples/services/ble-env-sense/test-with-sensors
        • sense_to_ble: Application that samples a sensor and advertises value with BLE
      • [ ] examples/c_hello and examples/tests/printf_long
        • uart_tx_small and uart_tx_large: applications that write to console with small and large buffers; run both in parallel to properly test virtualization
      • [ ] examples/tests/console_recv_short and examples/tests/console_recv_long
        • We expect this fail for 1.5 (console capsule not fully virtualized), and might work for 1.6.
      • [ ] examples/blink
        • blink: blinks LEDs
      • [ ] examples/rot_client and examples/rot_service
        • rot_ipc: tests IPC with a simple service
      • [ ] examples/blink and examples/c_hello and examples/buttons
      • [ ] examples/lua-hello
      • [ ] examples/tests/console_timeout
      • [ ] examples/tests/malloc_test01
      • [ ] examples/tests/stack_size_test01
      • [ ] examples/tests/stack_size_test02
      • [ ] examples/tests/mpu_stack_growth
      • [ ] examples/tests/mpu_walk_region
      • [ ] examples/tests/multi_alarm_test
      • [ ] examples/tests/adc
      • [ ] examples/tests/adc_continuous
      • [ ] examples/tutorials/05_ipc/led and examples/tutorials/05_ipc/rng and examples/tutorials/05_ipc/logic
      • [ ] examples/tests/gpio with mode set to 0
    • Hail

      • [ ] examples/tests/hail
      • [ ] examples/witenergy
      • [ ] examples/accel_leds
      • [ ] examples/ble-uart
      • [ ] examples/tests/hail and examples/sensors
    • Imix

      • [ ] examples/tests/imix
      • [ ] examples/ble-uart
      • [ ] examples/ip_sense: Application that samples a sensor and puts it in a UDP broadcast segment
      • [ ] examples/tests/udp/udp_send: sends a UDP datagram to a destination port
      • [ ] examples/tests/udp_receive: receives datagrams on a port an blinks when received: pair with udp_send
      • [ ] boards/imix/src/test/aes_ccm_test.rs
      • [ ] boards/imix/src/test/aes_test.rs
      • [ ] boards/imix/src/test/i2c_dummy.rs
      • [ ] boards/imix/src/test/icmp_lowpan_test.rs
      • [ ] boards/imix/src/test/ipv6_lowpan_test.rs
      • [ ] boards/imix/src/test/linear_log_test.rs
      • [ ] boards/imix/src/test/log_test.rs
      • [ ] boards/imix/src/test/rng_test.rs
      • [ ] boards/imix/src/test/spi_dummy.rs
      • [ ] boards/imix/src/test/spi_slave_dummy.rs
      • [ ] boards/imix/src/test/udp_lowpan_test.rs
        • [ ] start()
        • [ ] start_rx()
        • [ ] start_with_app()
        • [ ] start_dual_rx()
      • [ ] boards/imix/src/test/virtual_uart_rx_test.rs
    • Miscellaneous

      • [ ] Test the apps compiled at 1.0
      • [ ] process console works as expected
      • [ ] restarting apps works as expected

    Sign off

    • [ ] Niklas Adolfsson, @niklasad1
    • [x] Hudson Ayers, @hudson-ayers
    • [x] Brad Campbell, @bradjc
    • [x] Branden Ghena, @brghena
    • [ ] Philip Levis, @phil-levis
    • [x] Amit Levy, @alevy
    • [x] Pat Pannuto, @ppannuto (2020-04-29, 17:30 UTC)
    • [x] Johnathan Van Why, @jrvanwhy
    release-blocker 
    opened by bradjc 36
  • debug_writer_component: make debug buffer size configurable; double default debug buffer size

    debug_writer_component: make debug buffer size configurable; double default debug buffer size

    Pull Request Overview

    This pull request makes the debug buffer size configurable via an optional macro argument, and doubles the default size of the buffer to 2kB. I modified the Hifive1 to use the configurable parameter so that it still uses a 1kB buffer, since it is highly RAM constrained.

    This PR was inspired by https://github.com/tock/tock/pull/3327, which will ultimately require a much larger buffer (~8kB) for boards that use it.

    Testing Strategy

    This pull request was tested by compiling.

    TODO or Help Wanted

    Are any other boards sufficiently RAM constrained as to require a smaller buffer than 2kB?

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [x] Ran make prepush.
    component 
    opened by hudson-ayers 1
  • ADC pending command functionality

    ADC pending command functionality

    Pull Request Overview

    This pull request changes the way the ADC capsule receives commands from apps. Before this PR, the ADC capsule could only handle one command at a time. This PR would allow the ADC capsule to set an incoming command as pending if the requested ADC channel is already in use, and run the pending command after the currently active command finishes.

    Testing Strategy

    This pull request was tested on a Microbit, using a fake ADC driver to simulate the case in which two commands can overlap.

    TODO or Help Wanted

    Feedback is greatly appreciated.

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [x] Ran make prepush.
    opened by TeodoraMiu 0
  • PWM Syscall Driver

    PWM Syscall Driver

    Pull Request Overview

    This pull request adds a syscall driver for PWM, allowing driver users to control a PWM pin's frequency and duty cycle.

    Testing Strategy

    This pull request was tested with a Microbit.

    TODO or Help Wanted

    Feedback is much appreciated.

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.

    Formatting

    • [x] Ran make prepush.
    component 
    opened by TeodoraMiu 0
  • chips/qemu_rv32_virt_chip: implement basic UART RX and add process console to board

    chips/qemu_rv32_virt_chip: implement basic UART RX and add process console to board

    Pull Request Overview

    Implements basic UART RX support (without abort) and adds the process console component to the board. I didn't want to invest time in supporting receive-abort, as this needs to be migrated to the new UART HIL anyways (#3046).

    Testing Strategy

    This pull request was tested by using the process console.

    TODO or Help Wanted

    N/A

    Documentation Updated

    • [x] ~Updated the relevant files in /docs,~ or no updates are required.

    Formatting

    • [x] Ran make prepush.
    opened by lschuermann 0
  • rv32i: force semihosting insn sequence to be contained in single page

    rv32i: force semihosting insn sequence to be contained in single page

    Pull Request Overview

    As specified in the RISC-V Semihosting discussion document1, the semihosting instruction sequence must be fully contained in a single memory page. This can be accomplished through 16-byte alignment of the instruction sequence. However, in contrast to the trap function example provided in the document, we need to perform the aligment before setting norvc. The preceding instruction may have been a compressed instruction and ended on a 2-byte boundary. In this case, a compressed nop instruction needs to be used to restore proper alignment, which would be forbidden by the use of norvc, generating an error such as the following:

    LLVM ERROR: unable to write nop sequence of 2 bytes
    

    Testing Strategy

    This pull request was tested by running it with the QEMU RISC-V 32-bit virt target and forcing a panic.

    TODO or Help Wanted

    N/A

    Documentation Updated

    • [x] ~Updated the relevant files in /docs,~ or no updates are required.

    Formatting

    • [x] Ran make prepush.
    risc-v 
    opened by lschuermann 0
Releases(release-2.1)
  • release-2.1(Sep 7, 2022)

    Tock 2.1 has seen numerous changes from Tock 2.0. In particular, the new system call interface introduced with Tock 2.0 has been refined to provide more guarantees to processes with respect to sharing and unsharing buffers and upcalls. Other changes include the introduction of a userspace-readable allow system call, support for new HILs and boards, and various other bug-fixes and improvements to code size and documentation.

    Breaking Changes

    • The implemented encoding of the system call return variant "Success with u32 and u64" has been changed to match the specification of TRD 104. Accordingly, the name of the SyscallReturnVariant enum variant has been changed from SuccessU64U32 to SuccessU32U64 (#3175).
    • VirtualMuxAlarms now require the setup() function to be called in board set up code after they are created (#2866).

    Noteworthy Changes

    • Subscribe and allow operations are no longer handled by capsules themselves, but through the kernel's Grant logic itself (#2906). This change has multiple implications for users of Tock:
      • The Grant type accepts the number of read-only and read-write allow buffers, as well as the number of subscribe upcalls. It will reserve a fixed amount of space per Grant to store the respective allow and subscribe state. Thus, to make efficient use of Grant space, allow buffer and subscribe upcall numbers should be assigned in a non-sparse fashion.
      • Legal allow and subscribe calls can no longer be refused by a capsule. This implies that it is always possible for an application to cause the kernel to relinquish a previously shared buffer through an allow operation. Similarly, subscribe can now be used to infallibly ensure that a given upcall will not be scheduled by the kernel any longer, although already enqueued calls to a given upcall function can still be delivered even after a subscribe operation. The precise semantics around these system calls are described in TRD 104.
    • Introduction of a new userspace-readable allow system call, where apps are explicitly allowed to read buffers shared with the kernel (defined in a draft TRD).
    • Introduction of a read-only state mechanism to convey information to processes without explicit system calls (#2381).
    • Improvements to kernel code size (e.g., #2836, #2849, #2759, #2823).

    New HILs

    • hasher
    • public_key_crypto

    New Platforms

    • OpenTitan EarlGrey CW310
    • Redboard Red-V B
    • STM32F429I Discovery development board
    • QEMU RISC-V 32-bit "virt" Platform

    Deprecated Platforms

    • OpenTitan EarlGrey NexysVideo

    Known Issues

    This release was tagged despite several known bugs in non-tier-1 boards, so as to avoid delaying the release. These include:

    • Raspberry Pi Pico: process faults when running IPC examples: https://github.com/tock/tock/issues/3183
    • The cortex-m exception handler does not correctly handle all possible exception entry cases. This is not known to currently manifest on any examples, but could with unlucky timing: https://github.com/tock/tock/issues/3109
    • STM32F303 Discovery: adc app runs, but eventually hangs in the app (seems to be caught in the exit loop, but not sure why it gets there)
    • STM32F303 Discovery: kernel panics lead to only a partial printout of the panic message before the board enters a reboot loop
    • weact_f401ccu6: gpio example fails to generate interrupts on the input pin. This board is likely to be deprecated soon anyway, as it is no longer available for sale.

    All Merged PRs

    An exhaustive list of all merged pull requests since Tock 2.0:
    Source code(tar.gz)
    Source code(zip)
  • release-2.1-rc1(Aug 9, 2022)

    This is the first testing release for Tock 2.1!

    Tock 2.1 represents a year of general improvements since our last release. It includes code size improvements, progress towards stable Rust, and numerous core kernel improvements, new chip drivers, new platforms, and bug fixes. Importantly, this release will be the first post-2.0 release which libtock-rs can soundly target, thanks to the additional guarantees provided in Tock 2.1 regarding allow-buffer swapping and callback-swapping. A full change list will be included with the final release notes.

    Source code(tar.gz)
    Source code(zip)
  • release-2.0(Aug 27, 2021)

    This is the second major release of Tock! Tock 2.0 comes with a revamped system call interface with clarified semantics for how resources are shared between processes and the kernel. This is a breaking change from Tock 1.x and Tock 2.0 requires apps compiled for the new syscall interface.

    System Call Interface Changes

    • Two new system calls: AllowReadOnly and Exit. Allow has been renamed to AllowReadWrite.
    • System calls can now return up to 4 registers of values to userspace. This flexibility introduces some additional restraints on capsule code, see https://github.com/tock/tock/blob/master/doc/Porting_v1_Capsules_to_v2.md for more details.
    • Additional restrictions on how capsules implement Subscribe and Allow, with some in-kernel checks of these restrictions.

    New Requirements in Tock 2.0

    • All apps must include a TBF header specifying the minimum supported kernel version they require. By default, the process loader will check this header and refuse to load apps which are not explicitly compatible with 2.0.
    • All capsules must store any process state in a Grant, and each capsule may only have up to one grant.

    Other Major Changes

    • The Chip and Platform traits in the kernel have been refactored. Chip now only includes functions that are tightly coupled with microcontrollers. Platform has been divided into separate, clearly defined traits.
    • How boards configure the kernel has been clarified. All resources the kernel needs to operate for a specific board are specified in the KernelResources trait. This replaces the previous ad-hoc approach where some configuration was passed in as function arguments and others where in a trait. Additionally, individual boards can now choose to exclude chip peripherals which they do not use.
    • The kernel crate has been reorganized. Kernel exports are more clearly structured, and use full module paths by default. Inside the kernel crate, related files are namespaced as feature_X.rs, such as process_standard.rs and process_utilities.rs.
    • The process console now is able to print memory maps.

    New Platforms

    • Nano RP2040 Connect
    • Clue nRF52840
    • BBC Micro:bit v2
    • WeAct F401CCU6 Core Board
    • i.MX RT 1052 Evaluation Kit
    • Teensy 4.0
    • Pico Explorer Base
    • Rapsberry Pi Pico
    • LiteX on Digilent Arty A-7
    • Verilated LiteX simulation
    • ESP32-C3-DevKitM-1

    New HILs

    • key/value store
    • 8080 bus (for LCDs)
    • text screen
    • screen
    • touch

    All Merged PRs

    All merged pull requests
    • #2799: doc: misc updates
    • #2798: doc: wg: core: maintenance update
    • #2778: [clue_nrf52840] Integrate tock bootloader
    • #2793: capsules: pconsole: fix kernel print
    • #2789: [cortex-m0+] Enable unprivileged mode and fix fault handler
    • #2744: Changelog for 2.0 release.
    • #2769: docs: syscalls: Update stability guarantees for 2.0
    • #2753: readme: update with 2.0 news!
    • #2794: capsules: update touch driver
    • #2792: process console: update doc comment with recent changes
    • #2714: make: add aliases for root makefile commands
    • #2752: kernel: load_processes: do not skip indices for padding apps
    • #2768: add core notes 2021-08-13
    • #2784: [stm32] Update stm32 boards
    • #2783: ESP32-C3: Add support for running apps
    • #2786: [imxrt1050-evkb] Fix GPIO interrupts
    • #2787: [spi] Update virtual_spi to report errors
    • #2791: Update touch panel and ft6x06 drivers
    • #2790: [nano_rp2040] Update makefile
    • #2725: First step on SPI documentation
    • #2779: Adjust app's watermark only for memory buffers
    • #2765: OpenTitan: Flash fixes
    • #2742: [arm] Cortex M0+ region
    • #2781: capsules/alarm: remove command 4 "set absolute expiration"
    • #2780: [imxrt1050-evkb] Fix number of processes supported and add process console
    • #2774: Update bus to prevent adding the SPI to the MUX twice
    • #2777: [nano33ble] Enabled ADC
    • #2776: Update Clue nRF52840
    • #2767: nrf: pwm: handle 0 hz case
    • #2766: Quick fix elf2uf2 installation steps
    • #2761: boards/litex: bump targeted tock-litex release
    • #2762: Minor updates to SD card docs and error codes
    • #2758: boards/redboard_artemis_nano: Fixup issues with release tests
    • #2738: Update Microbit v2 README
    • #2764: boards/nrf52840: fix button driver number in Grant allocation
    • #2719: [rp2040] Use clocks frequency to set UART baud rate
    • #2729: Core working group notes of 2021-07-30
    • #2712: make: update stack-analysis format
    • #2749: A few OpenTitan fixes for 2.0
    • #2745: Fix the multi_alarm_test to provide output, refactor it
    • #2750: boards/esp32c3: Fixup tests
    • #2751: [rp2040] Fixed gpio pin numbers in interrupt handler
    • #2748: fix broken error handling in allow for udp
    • #2746: fix log test
    • #2743: fix MLFQ component after kernel reorg
    • #2737: Core wg call notes, August 6th
    • #2740: Rename allow's argument from slice to buffer
    • #2739: kernel: syscall driver: fix sample code path
    • #2735: Display driver number in hex for allocation warning
    • #2736: Fix LED Matrix message typo
    • #2731: cdc: delay before sending data
    • #2722: Process console: only print one process if two have the same name
    • #2732: capsules: hts221: fix i2c read command
    • #2720: Process console: iterate each process on command list
    • #2718: pconsole: separate hello message from start()
    • #2733: kernel: sched: priority: get correct proc index
    • #2723: arch: cortex-m: defend against large stack pointer
    • #2715: Move boards that have large main stack frames to get_peripherals
    • #2692: trd/104-syscalls: clarify guarantees w.r.t. returned Allow buffers
    • #2566: Make SPI return buffers upon error
    • #2687: Create core-notes-2021-07-23
    • #2701: Separate schedule_upcall number and values through Rust types
    • #2716: readme: update chip support table
    • #2669: [rfc] Comptibility header (v1)
    • #2713: make: remove rustup nonsense with make V=1
    • #2705: boards/litex: bump targeted tock-litex release
    • #2710: doc: add capsules to capsule readme
    • #2708: doc: various link and spelling fixes
    • #2681: Add Arduino Nano RP2040 Connect
    • #2695: virtual_alarm: handle large dt values more resiliently
    • #2706: capsules: hmac: A few small fixes
    • #2644: OpenTitan: Bump the FPGA bitstream
    • #2665: kernel/hil/time: allow time to be a dyn trait object
    • #2688: Add new time trd with ConvertTicks trait
    • #2703: Flash components
    • #2675: Added troubleshooting for microbit v2 if openOCD could not find MEM-AP
    • #2698: Updated lps25hb to handle i2c errors
    • #2177: TBF Header Persisent Access Control
    • #2694: Update hts221 to handle i2c errors
    • #2682: I2c return buffer for fxos8700cq
    • #2683: Update isl29035 to handle i2c errors
    • #2704: readme: spelling
    • #2581: Add I2C error verifications for lsm303
    • #2702: fixed led matrix toggle bug
    • #2686: capsules: sha: Support a shorter destination buffer
    • #2689: msp432/adc: document safety invariants on &[u8] to &[u16] conversion
    • #2699: Fix make indentation for ST boards READMEs
    • #2659: Reorganize kernel/ Crate
    • #2696: Update the Pico Explorer Base
    • #2578: Initial support for the ESP32-C3 early dev board
    • #2680: Add Pico Explorer Base development board
    • #2691: Core working group notes of 2021-07-16
    • #2674: Notes from Tock Core WG meeting July 9th
    • #2685: hil/gpio: add Copy and Clone to enums
    • #2679: [st77xx] make reset pin as optional
    • #2677: Makefile: Add setup support for dnf systems
    • #2678: Add SPI to RP2040
    • #2673: Update imxrt to use new kernel exports
    • #2664: Add core WG notes from 2021-07-02
    • #2672: Update nucleo
    • #2671: Update stm32f412gdiscovery
    • #2667: Update stm32f3 discovery
    • #2668: Update raspberry pi pico
    • #2666: Update microbit_v2
    • #2653: Update text_screen driver to avoid re-enter to grant
    • #2638: Rename Driver trait parameters for consistency
    • #2656: kernel: schedule upcall, bool -> Result
    • #2632: Support aliasing of process-allowed memory
    • #2614: OpenTitan: Add SHA support
    • #2663: Auto implement Group Traits
    • #2655: kernel: hil: aes: Allow returning an error when setting mode
    • #2662: Update CRC system call driver
    • #2661: TRD104 changing "identifier" to "number"
    • #2660: doc: trd104 minor edits
    • #2639: Tock 2.0: implement Upcall swapping restrictions (v4)
    • #2636: Redesign CRC HIL & fix SAM4L implementation
    • #2658: Minor updates to grant.rs
    • #2657: Update screen to avoid grant re-enter
    • #2647: Add a Makefile rule to run cargo-bloat
    • #2648: Move kernel code out of monomorphized functions
    • #2446: Tock 2.0 Alpha1
    • #2506: kernel: Reorganize process.rs
    • #2643: Add working group notes for 6/25/2021
    • #2634: OpenTitan: Run tests
    • #2652: raspberry_pi_pico: delete semihosting comment
    • #2182: Stm32f412g: Add rng support
    • #2651: kernel: grant: rename GrantMemory to GrantData
    • #2645: rp2040: SysInfo peripheral
    • #2650: doc: trd104: spell check
    • #2646: Tock registers v0.7
    • #2629: OpenTitan: AES: Update the AES implementation
    • #2642: Tock reg UIntLike
    • #2601: Change qemu-path to relative path.
    • #2618: tock-register-interface: reorganize & document
    • #2623: imxrt10xx: Add DMA peripheral, integrate DMA into LPUART
    • #2640: fixed broken hyperlinks to the "getting started" page
    • #2442: board: Raspberry Pi Pico Tock port
    • #2627: Core working group notes of 2021-06-11
    • #2599: Add integration test support in the kernel, create tests for OpenTitan
    • #2626: boards/nordic/nrf52840dk: Connect the userspace SPI capsule
    • #2619: Add I2C slave support for nRF
    • #2595: OpenTitan: Initial support for OTBN
    • #2621: Add core WG notes for 2021-06-04.
    • #2617: Update TRD104 to more clearly state the expectations for allowed buffers.
    • #2624: Fixes three printing bugs in print_tock_memory_usage.py
    • #2622: [led_matrix] LEDs array macro
    • #2511: Define StatusCode which uses ErrorCode's numeric encoding
    • #2612: Update the nRF I2C
    • #2616: Fix a bug in the SPI controller capsule.
    • #2580: Add I2C error verifications for Bus and St77xx
    • #2585: boards/Makefile: remove relative libtock-c path assumptions
    • #2611: Add I2C error verifications for touch
    • #2607: Add I2C error verifications for apds9960
    • #2608: shell.nix: add cxxfilt Python package
    • #2620: Rename Platform structure to MicroBit
    • #2587: New ProcessConsole features
    • #2598: doc: trd-hil: add tips from tock-book
    • #2606: build with codegen-units = 1 to reduce code size
    • #2609: opentitan: README: Update the QEMU requirement
    • #2586: OpenTitan: Update the HMAC Implementation
    • #2613: fix Yaffs1 link in tickv README
    • #2582: document compiler fence before switching to userspace
    • #2605: allow size printing tool to be used on non-arm architectures
    • #2596: boards: make: check for rustup
    • #2604: Add core WG notes for 2021-05-28
    • #2592: Add core WG notes for 2021-05-21.
    • #2602: Fix: Replaced the cfg file with the rev B version.
    • #2600: Fix make allaudit
    • #2589: Bump rust nightly version to 2021-05-27 to fix tock-registers
    • #2597: opentitan: Bump the OpenTitan bitstream
    • #2538: Make I2C trait return buffers upon request error
    • #2588: add core notes 2021-05-07
    • #2584: add notes for core wg meeting 2021-05-14
    • #2583: doc/TockBinaryFormat.md: Add the missing TbfHeaderV2Permissions length
    • #2509: opentitan: Bump the OpenTitan bitstream SHA and enable ePMP
    • #2172: TBF Header Permissions
    • #2517: tock-registers: use traits for accessing / manipulating registers
    • #2576: litex/uart: fix TX race condition of unexpected txfull interrupt
    • #2577: Nonvirtualized userspace driver Grant migration fixes
    • #2572: capsules/l3gd20: migrating non-virtualized driver to Grants
    • #2565: April 30th, Core WG Call Notes
    • #2574: capsules/lsm303agr: migrating non-virtualized driver to Grants
    • #2575: capsules/ltc294x-grant: migrating non-virtualized driver to Grants
    • #2571: chips: e310x: check for pending mtimer interrupt
    • #2567: Led HIL for LedMarix
    • #2552: Core working group notes of 2021-04-23
    • #2562: capsules/gpio_async: enforce grant/single-process
    • #2558: capsules/spi_controller: migrate non-virtualized driver to Grants
    • #2547: capsules/i2c_master_slave_driver: use grant, enforce single process
    • #2559: capsules/spi_peripheral: migrate non-virtualized driver to Grants
    • #2560: capsules/sdcard: migrate non-virtualized userspace driver to Grants
    • #2549: Notes for April 16 core call
    • #2554: capsules/pca9544a: use grant, enforce single process …
    • #2555: capsules/mlx90614: use grant, enforce single process
    • #2556: capsules/lps25hb: use grant, enforce single process
    • #2557: capsules/tsl2561: use grant, enforce single process
    • #2553: capsules/max17205: use grant, enforce single process
    • #2550: Update error code text in HIL TRD.
    • #2542: Change the Nano33BLE to the StopWithDebug fault response
    • #2520: tools/board-runner: Improve documentation and OpenTitan support
    • #2543: Update micro:bit readme
    • #2546: Implement driver for HTS221 temperature sensor
    • #2528: Add a "panic" command to process console
    • #2518: Lsm303dlhc: Enforce use by a single process, move callback to Grant
    • #2544: doc: Fix broken link
    • #2537: kernel: Change ProcessFaultPolicy to a trait, add StopWithDebug policy
    • #2507: Rename AppId to ProcessId (v2)
    • #2541: Fix NRF52 802.15.4 radio bug on CCA busy + add UDP/802154 driver to Nano 33
    • #2535: Proximity capsule: don't double enter grant
    • #2431: Polishing pass on Tock 2.0 system call TRD.
    • #2510: Rewrite the interface between process.rs and grant.rs
    • #2524: Finalizing TRD 101.
    • #2529: Rewrite of GPIO TRD to follow the new traits.
    • #2523: TRD for HIL design
    • #2534: kernel: introduce debug::panic_print for boards without LEDs
    • #2521: capsules: Convert analog comparator to use grant
    • #2503: boards: reduce stack frame size of main()
    • #2532: Add Leon Schuermann to the core developers list.
    • #2533: tock-cells/OptionalCell: rename get-method to extract
    • #2525: doc: add core notes 2021-04-09
    • #2531: tock-cells/OptionalCell: add get-method for retrieving inner Option
    • #2530: Update print_tock_memory_usage.py to properly parse Rust symbols.
    • #2526: kernel: sched: check for process.ready()
    • #2508: Replace ReturnCode with Result<(), ErrorCode>
    • #2522: Update stack-analysis script: reset_handler is now main()
    • #2515: doc: add core notes 2021-04-02
    • #2519: RISC-V: Update the timer implementations to use the arch mtimer
    • #2505: Create core-notes-2021-03-26
    • #2513: Add i.MX RT clock configuration
    • #2486: sifive: Move the machine timer from rv32i
    • #2512: rv32i: use atomic CSR instructions for rv32i::support::atomic
    • #2514: wg/core/notes: fix file extension of 2021-03-26 notes
    • #2504: add core notes 2021-03-19
    • #2040: chips: plic: Disable only specific interrupts in the top half
    • #2204: lowrisc: flash_ctrl: Convert erase_page to be async
    • #2273: kernel: hil: Add a KV Store HIL
    • #2392: TicKV: Update the TicKV implementation
    • #2424: kernel: sched: Allow Platform to handle app faults
    • #2423: RISC-V: Add support for ePMP
    • #2499: SweRVolf: Add support for the platform timers
    • #2502: arch: Update arm cortex-m0, add cortex-m0p
    • #2497: kernel: process: Remove unsafe by switching flash function from add to wrapping_add
    • #2494: kernel: remove memory slice from Process struct
    • #2376: MicroBit v2 bootloader
    • #2489: litex/{sim, arty}: bump tock-litex release (updating LiteX packages)
    • #2498: Update Tock Readme with Note about 2.0.
    • #2501: tools: sdv2regs allow registers with no fields and fix imports
    • #2461: Implement RT0 in assembly
    • #2493: [tools] Update svd2regs to work without description
    • #2492: Update Rust Nightly to 2021-03-19
    • #2500: Fix ADC 2.0 Bug
    • #2477: Remove variables which are never read
    • #2495: Remove @niklasad1 from Core Working Group
    • #2481: Initial support for SweRV EH1 and SweRVolf
    • #2488: add Makefile rules for analyzing stack frames
    • #2452: arch: use target-feature for thumbv7em
    • #2439: Tock 2.0: Remove userspace IEEE 802.15.4 driver from Imix platform
    • #2454: Transitions Callback to Upcall for 2.0. In a seprate PR for review sanity.
    • #2491: Corrected hifive1 README.md
    • #2487: allow: move allow system calls handling to sched.rs
    • #2483: Core working group notes from 2021-02-26
    • #2482: Core WG notes from March 12, 2021
    • #2484: shell.nix: fix missing lib import
    • #2422: OpenTitan: Enable PMP for kernel regions
    • #2472: riscv: Convert CSRs to use const generics
    • #2475: doc: add core notes 2021-03-05
    • #2469: shell.nix: remove deprecated stdenv.lib
    • #2478: Cortex-m: document that userspace stack pointer will always be aligned on entry to the kernel
    • #2479: Remove ExitCall type, don't specify representation of YieldCall type
    • #2476: Tock 2.0: from_command_result -> from_command_return
    • #2450: arch: cortex-m0: switch to asm!()
    • #2458: RFC: kernel: change unsafe handling
    • #2474: Tock 2.0: Remove mut_ptr method from ReadWrite trait
    • #2464: Tock 2.0 - AppSlice: fix unsoundness with arbitrary pointers in slices
    • #2465: Tock 2.0 - ReadWriteAppSlice: require mutable borrow for ReadWrite::mut_map_or
    • #2232: Makefile: Don't require root permissions to install npm modules
    • #2420: RISC-V: Add support for detecting locked PMP regions, no need to sort
    • #2437: kernel: process: Add debug information on panic for grants
    • #2449: arch: cortex-m: update to asm!
    • #2440: RFC: Add install make target for boards
    • #2468: Pr 2446 comment cleanup
    • #2466: arch: cortex-m: clarify panic
    • #2463: Bump tockloader to version 1.6.0
    • #2460: CI: format on ubuntu, separate clippy
    • #2459: make: rustup now prints to stderr
    • #2455: 2.0 courses update
    • #2456: Filtering fix 2.0
    • #2447: Core WG notes for Feburary 19th
    • #2435: arch: cortex: fix MPU rounding calculation
    • #2428: Create core-notes-2021-02-12.md
    • #2448: Better method parsing for accounting for code size.
    • #2430: 2.0: Remove SuccessWithValue
    • #2444: Tock 2.0: Remove LegacyDriver
    • #2443: 2.0: lps25hb
    • #2441: Change process setup to minimize the initially-accessible amount of memory.
    • #2433: use const generics to remove duplicate code for cortex-m MPU
    • #2434: Tock 2.0 IPC
    • #2407: Tock 2.0: port #2383 (kernel: Remove setting/tracking the stack pointer in process.rs)
    • #2137: Simplify grant implementation and fix soundness errors
    • #2393: Port NRF Serialization to 2.0
    • #2405: Tock 2.0: clarify subscribe behavior w.r.t. invalid/refused callback
    • #2323: Make out-of-tree builds easier
    • #2419: add core notes from january 15 2021
    • #2421: Add core WG notes for 2021-02-05.
    • #2427: boards: doc: update readme
    • #2416: boards: nano33ble: update instructions to overwrite second bootloader
    • #2400: Double stack buffer for i.MX RT-based boards, prune panic! allocations
    • #2414: Remove tab characters & protect against accidentally introducing them
    • #2411: Port BLE advertising to new 2.0 driver interface
    • #2418: 2.0: kernel: change filter_syscall to ErrorCode
    • #2417: Updates SDCard capsule to Tock 2.0 system call API
    • #2387: Transition I2CMaster system call driver to 2.0 syscall API
    • #2412: ErrorCode: adjust ErrorCode discriminators to match system call TRD
    • #2410: Port the PCA9544a system call driver to 2.0
    • #2409: Port MAX17205 system call capsule to 2.0
    • #2408: OpenTitan: Connect TicKV
    • #2401: Working group notes for 01-29-2021
    • #2363: rv32i: transition llvm_asm! to asm!
    • #2390: MSP432 I2C driver
    • #2406: Tock 2.0: fix system call return variant discriminators
    • #2403: Tock 2.0 TRD: Allow new error codes to be added in the future.
    • #2402: Tock 2.0 syscall TRD: Allow us to add new return variants in the future.
    • #2255: boards: BBC Micro:bit v2 (nRF52833)
    • #2404: boards: Update Micro:bit v2 readme
    • #2383: kernel: Remove setting/tracking the stack pointer in process.rs
    • #2399: doc: Add note on Take/Optional Cell differences
    • #2398: Clarify that the driver ID and syscall ID are 32-bit values.
    • #2378: Add Exit system call class to Tock 2.0.
    • #2397: HiFive1b: Fix QEMU app load address in README.md
    • #2395: trd: syscalls, 8-bit byte vs word
    • #2388: capsules: mlx90614: Update to the Tock 2.0 Driver
    • #2384: Update I2C master/slave driver to 2.0 syscall API.
    • #2389: Add ROSEdu and Wyliodrin to list of authors
    • #2354: kernel: syscall: use from fn
    • #2377: Create core-notes-2021-01-22.md
    • #2380: sam4l: i2c: set clocks
    • #2385: MicroBit v2: process console
    • #2382: tsl12561: Update to use Tock 2.0 Driver
    • #2379: microbit_v2: fix kernel stack overflow
    • #2351: Yield 2.0
    • #2373: usb: Update to use Tock2.0 Driver
    • #2375: GPIO for Tock 2.0.
    • #2367: ctap: Update to use Tock2.0 Driver
    • #2368: hmac: Update to use Tock2.0 Driver
    • #2361: Add core notes of 2021-01-08
    • #2374: Add University of Stuttgart to list of authors
    • #2358: kernel: move tbf code to its own library
    • #2339: Apollo3 llvm_asm -> asm
    • #2371: Migrate the LowLevelDebug capsule to the Tock 2.0 syscall API.
    • #2372: Deleted unused driver code ft6x06 and st77xx drivers
    • #2364: Tock 2.0: update sound pressure driver
    • #2335: Tock 2.0: update text_screen driver to 2.0 API
    • #2357: Backport 802.15.4 deferred call update from 2.0
    • #2356: Backport SPI component updates from 2.0 branch
    • #2362: Tock 2.0: port nonvolatile storage & app flash driver
    • #2297: rng: port to Tock 2.0 system call interface
    • #2322: Tock 2.0 / rv32i: fix system call return value encoding
    • #2308: rv32i: fix race condition of interrupt in switch_to_process
    • #2290: litex: update LiteX revision, use "Secure"/"TockSecureIMC" cpu variant and integrate PMP
    • #2203: Port to LiteX+VexRiscv-based SoCs
    • #2287: Fix serial console line breaks in process fault message
    • #2239: net/ipv6: remove stale module, remove redundant module hierarchy
    • #2359: cortex-m: fix hardfault in systick_handler due to naked_fn noreturn
    • #2341: Use const generics for nrf gpio pins
    • #2353: arch: rv32i: rename stored state
    • #2156: TicKV: Implement a persistent key/value storage
    • #2333: capsules: ltc294x: update to 2.0 syscall
    • #2343: Use Tock Bootloader on Nano 33 BLE Board
    • #2350: fix cortex-m hard fault handler bug
    • #2317: ARM Cortex-m hardfault handler: remove UB and fix warnings on newer nightlies
    • #2349: remove const_panic feature
    • #2346: Remove associated_type_defaults feature
    • #2325: Add support for WeAct board based on the stm32f401ccu6 chip
    • #2342: use const generics to tie number of IPC regions to number of processes on board
    • #2229: kernel: Fix potential unsoundness in dynamic grant allocation
    • #2336: Make: Use -nmagic linker flag
    • #2289: OpenTitan: Bump the bitstream SHA to use the new addresses
    • #2338: github actions: auto label PRs based on files they change
    • #2328: Core notes from 2020-12-18
    • #2324: LED: remove need for &mut self
    • #2288: hil: Sound Pressure
    • #1875: netlify: try cacheing the build if we can
    • #2294: doc: wg: core: add notes
    • #2340: const generics instead of macro for pmp configuration
    • #2334: update rust january 7 2021
    • #2329: Port i2c_master to Tock 2.0 Driver trait
    • #2331: Port buttons driver to Tock 2.0 Driver trait
    • #2319: riscv: more llvm_asm --> asm
    • #2303: llvm_asm -> asm: arty-e21
    • #2299: Add CSR support for 64 Bit RISC-V
    • #2327: fix bug in _start_trap() assembly
    • #2330: Add riscv32i-unknown-none-elf arch to Nix shell
    • #2318: cortex-m naked functions: llvm_asm --> asm
    • #2309: chips/lowrisc: Ensure we don't write over the flash region
    • #2079: Added TextScreen HIL and driver and integrated HD44780 capsule
    • #2311: Board based instantiation of chip drivers and interrupt mappings: imxrt10xx
    • #2306: chips: stm: llvm_asm -> asm
    • #2301: rv32i: debug print use CSR interface
    • #2296: Misc documentation fixes
    • #2302: doc: add missing crate readmes
    • #2300: library: registers: support usize
    • #2278: usb: cdc: add 1200 baud reset interface
    • #2275: nrf52: usb: read size after EPDATA
    • #2262: nrf52: nvmc: remove global static
    • #2316: Update SPI peripheral syscalls to 2.0 API
    • #2313: Tock 2.0: screen write update
    • #2315: Tock 2.0: update multi touch
    • #2312: Tock 2.0: update ADC driver to 2.0 API
    • #2307: Updating Alarm syscall driver to 2.0 syscall API
    • #2295: Tock 2.0: lsm303 and led matrix update to tock 2.0 api
    • #2292: Tock 2.0: buzzer driver update
    • #2304: Remove unused features
    • #2293: Tock 2.0: update l3gd20 capsule to 2.0 API
    • #2284: Proximity driver to Tock 2.0 system-call interface
    • #2274: Update IEEE-802.15.4 driver to Tock 2.0
    • #2277: chips: nrf52: add gpregret setter/getter
    • #2258: Update touch and ft60x6 drivers to Tock 2.0
    • #2285: Port DAC driver to 2.0 system call interface
    • #2286: Update CRC capsule to use 2.0 API.
    • #2276: Update Gpio-async driver to 2.0
    • #2281: Ambient light 2.0
    • #2279: Tock 2.0 memop
    • #2266: Update UDP driver to Tock 2.0 system calls
    • #2283: arch: remove unused llvm-asm feature
    • #2244: Adafruit Clue SHT3x temperature and humidity sensor and I2C fix
    • #2243: Add core notes of 2020-12-04
    • #2174: Add core notes of 2020-10-23
    • #2213: kernel,arch,components: accept trailing commas in macro_rules
    • #2197: tock-registers: accept trailing comma in bitfields and bitmasks
    • #2267: VirtualSchedulerTimer: fix incorrect set_alarm invocation
    • #2194: capsules/led: migrate from hil::gpio::Pin to hil::led::Led
    • #2212: Unbreak CI by updating the package repositories
    • #2268: boards overview: update HiFive1 to Rev B
    • #2261: capsules: usb: cdc: implement receive_abort
    • #2263: boards: nrf52840dk: fix build.rs
    • #2272: nrf52: i2c: address shift update
    • #2265: Adafruit Clue Buzzer initialization
    • #2271: Update ninedof capsule to Tock 2.0 syscalls API
    • #2269: Tock 2.0 analog comparator: use ErrorCode::From
    • #2253: Spi controller 2.0
    • #2257: Update screen driver syscalls to Tock 2.0
    • #2245: Update analog comparator to tock 2.0 syscalls
    • #2264: Tock 2.0: don't constrain map_or return values
    • #2202: Virtual RNG
    • #2251: Updating temperature driver to 2.0.
    • #2252: Tock 2.0: Deprecate SuccessWithValue
    • #2250: Add information about erasing apps
    • #2242: reorder make prepush commands to avoid clippy bug
    • #2220: tock-registers: remove duplicate code, make local register copy read-write
    • #2225: arch/cortex-m: change more llvm_asm! to asm!
    • #2241: MSP432: Misc platform fixes
    • #2236: nano33ble: increase .rom section, add process console
    • #2238: Fix grammar
    • #2200: Add Teensy 4 board
    • #2234: nano 33 ble & adafruit clue increase the number of deferred calls slots
    • #2227: Fix ST77XX screen rotation offset
    • #2230: Parameterize debug_writer
    • #2224: Port log tests from imix to nano33ble
    • #2228: Adafruit CLUE enabled BLE and 15.4
    • #2196: Virtual AES Driver
    • #2221: usb-cdc: fake successful uart transmissions so that blocking debug calls resume
    • #2215: remove all uses of unstable const_in_array_repeat_expressions feature
    • #2216: add 15.4 and ble to nano33ble
    • #2226: opentitan: Bump the bitstream commit
    • #2208: Adafruit CLUE nrf52840
    • #2189: Board based instantiation of chip drivers and interrupt mappings: Msp432
    • #2198: build: handle missing tty gracefully
    • #2223: Stack size update for STM32F4 boards
    • #2207: Apollo3: A few more I2C fixes
    • #2188: Board based instantiation of chip drivers and interrupt mappings: Stm32f4
    • #2218: Allow processes to read from buffers shared with read-only allow
    • #2210: Add missing IntLike implementation
    • #2217: bring back borrow_interior_mutable_const clippy lint
    • #2209: Core WG call notes November, 20th
    • #2211: doc: fix broken link.
    • #2206: boards: Rename opentitan to earlgrey-nexysvideo
    • #2193: Clarify the semantics of erase_page
    • #2199: tools/qemu: Bump to the latest QEMU
    • #2191: tock-registers: release v0.6
    • #2192: Apollo3: Some I2C fixes and improvements
    • #2187: Board based instantiation of chip drivers and interrupt mappings: Stm32f3
    • #1918: Add Cortex-M7 Architecture and i.MX RT 1052 EVKB Board
    • #2176: No more globals E310 / HiFive
    • #2153: Board based instantiation of chip drivers and interrupt mappings: Arty_e21
    • #2122: Board based instantiation of chip drivers and interrupt mappings: Earlgrey/Opentitan
    • #2084: Board-based instantiation of chip drivers and interrupt mappings for nordic boards/chips
    • #2175: rust: update to 2020-10-25
    • #2108: MSP432: ADC support
    • #2069: Board-based instantiation of chip drivers and interrupt --> driver mapping for Apollo3 + SAM4L
    • #2183: Core WG notes for October 30
    • #2186: Removing bad comment in Alarm syscall driver as per Leon's suggestion.
    • #2094: USB: CTAP: Initial support for the FIDO CTAP HID Spec
    • #2140: OpenTitan: Initial support for the Flash Controller
    • #2178: Synchronous panic output over USB for nano33ble
    • #2179: build capsules/examples in CI
    • #2142: generic components for UDP, UDP for nrf52840dk
    • #2042: Intel 8080 parallel interface HIL, Bus library with I2C, SPI and Intel 8080 parallel interface implementation
    • #2171: add core notes october 16 2020
    • #2173: riscv: pmp: disallow access above app brk
    Source code(tar.gz)
    Source code(zip)
  • release-2.0-rc2(Aug 6, 2021)

    This is the second testing candidate for Tock 2.0. This includes a few fixes from rc1:

    • Fix for stack pointer check in cortex-m/syscalls
    • Updates to process console
    • Fix in priority scheduler
    • Improvement to CDC stack for nano33ble
    • HTS221 fix
    • Other minor fixes
    Source code(tar.gz)
    Source code(zip)
  • release-2.0-rc1(Aug 2, 2021)

    This is the first testing release for Tock 2.0!

    Tock 2.0 represents over a year of work towards a revised system call interface for the Tock kernel. It also includes numerous core kernel improvements, new chip drivers, new platforms, and bug fixes. A full change list will be included with the final release notes.

    If you are looking to update any out-of-tree code to 2.0 there is a porting guide.

    Source code(tar.gz)
    Source code(zip)
  • release-1.6(Oct 23, 2020)

    The 1.6 release of Tock includes numerous improves as we work towards the 2.0 release of Tock. Tock 2.0 will include breaking syscall changes, and before those changes we wanted to ensure the changes over the last couple months made their way into a 1.x release. So here it is!

    Tock Has a Scheduler!

    The major change in this release is in PR #1767 which added a Scheduler trait allowing Tock to cleanly support different schedulers. That PR also included four different schedulers that boards can choose from when configuring the kernel.

    New Platforms

    As Tock continues to run on more and more hardware, 1.6 is no different. This release includes support for:

    • msp432 (#1911)
    • Apollo3 (#1857)
    • Arduino Nano 33 BLE (#1909)
    • HiFive1 rev B (#1847)

    Internal Interface Refactors

    Tock's HIL interfaces go through periodic re-designs as bugs come up and new hardware platforms expose issues or oversights. The time.rs HIL (alarms and timers) saw the major update in 1.6 (#2089).

    Non-PIC Userspace Tooling Support

    While Tock was originally designed for userspace processes to be compiled with PIC (meaning they can be executed at any address), both LLVM and RISC-V do not (yet?) support the PIC mode that Tock requires. While we wait, we use statically compiled TBF apps, and the tooling and kernel support for apps compiled for fixed addresses has improved significantly (#1845, #1928, #1930).

    USB Stack Improvements

    There has been some renewed interest in USB stack developments, and 1.6 includes support for UART over USB (using CDC-ACM) (#1902), as well as USB support on OpenTitan (#1846).

    Changes Since RC1

    Release testing exposed a few minor bugs and configuration mishaps. There were a couple MPU changes between RC1 and the release, however. First, when restarting apps the MPU is correctly reconfigured. Second, the RISC-V PMP restricts access to the grant region now.

    Many Other Updates!

    Of course those are just some highlights of development since 1.5. There have been a whole host of improvements:

    All merged pull requests
    • #2116: chips: e310: improve interrupt handling
    • #2134: riscv mtimer: don't directly modify interrupt enables
    • #2136: doc: OurOfTree.md typo conneciton -> connection
    • #1963: deprecate launchxl, cc26x2
    • #2133: chips/earlgrey: Use the peripheral clock frequency
    • #2091: Nano33 apds9960
    • #2127: Create core-notes-2020-09-25.md
    • #2128: opentitan: Disable USB support by default
    • #2129: fix rustdoc CI, force bash for Makefile.common
    • #2126: Earlgrey: dont call debug in interrupt top half
    • #2117: Fix kernel work counting when processes are stopped or faulted
    • #2089: Time redesign v3
    • #2047: Virtual ADC support
    • #2119: Add Tock core WG notes for 2020-09-18.
    • #2120: arch/cortex-m3: Allow the kernel to access protected memory
    • #2121: capsules: hmac: Replace the digest buffer after completion
    • #1873: PMP and MPU Improvements
    • #2107: Scheduler timer bugfix + documentation updates
    • #1973: Remove reborrows?
    • #2104: opentitan: Makefile: Use riscv64-elf-objcopy to prepare images
    • #2053: Add utilities for allocating dynamic grants.
    • #2083: Stm32f3: add flash support
    • #2101: RFC: Remove AppPtr::Drop() and Owned::Drop()
    • #2103: OpenTitan: A collection of USB fixes
    • #2114: STM32 Readme Fix
    • #2105: Core WG notes for September 11
    • #2109: Core WG notes for 2020-09-04
    • #2110: Makefile: Bump the OpenTitan ROM file
    • #2092: arch/cortex-m: change a few llvm_asm!s to asm!s
    • #2102: Add links to out-of-tree boards to boards/README.md.
    • #2073: RISC-V: Update panic debug print
    • #2080: OpenTitan: Add support for detecting the USB device
    • #2100: Mask USB interrupt to avoid hardware bug in OpenTitan
    • #2082: capsules: usb/cdc: Fixup the CDC control message logic
    • #2090: Make .storage alignment configurable
    • #2098: Kernel work increment/decrement prevents MCU going to sleep
    • #2077: Add TakeCell::get_mut function
    • #2085: Allow creating a Spi Peripheral
    • #2095: Update tock-registers README.md
    • #2086: MLFQ scheduler bug fix
    • #2066: Msp432: DMA-support
    • #2088: Core notes for August 28th
    • #2087: opentitan: README: Update the OpenTitan minimum version SHA
    • #2027: Remove duplicated code in cortex-m crates
    • #2074: Add ability to get full address bytes & address type to nrf52 Ficr
    • #2081: MSP432: Change SMCLK from 750kHz to 1.5MHz
    • #2075: Create core-notes-2020-08-14.md
    • #2076: rv32: pmp: Fix bounds
    • #2060: Ft6x06 touch status fix and impoved report efficency
    • #2071: Update tock-registers doc to fix mistake
    • #2064: pmp: add PMP struct
    • #2072: Makefile: Update the OpenTitan ROM download location
    • #2070: core wg notes august 7
    • #2068: schedulers: store references to slots in processes array instead of AppIds
    • #1928: kernel: process: try to use memory fixed address
    • #2067: Msp432: Platform fixes
    • #2062: kernel: sched: add and update comments
    • #2045: rt0: Convert uses of u32 to usize
    • #2061: core notes july 31
    • #2022: kernel: process: use slice for app memory
    • #2065: hifive1: Document required revb parameter for qemu
    • #2038: arch/rv32i: pmp: Make the PMP struct as long as required
    • #1942: Console: Check for receive length just in case
    • #2043: cortex-m: fix warning about volatile keyword in incorrect position
    • #2059: kernel: return correct time used
    • #2054: fix bug in round robin scheduling logic
    • #2050: Boards: RISC-V: Update the QEMU README
    • #2048: kernel: sched: priority: invert logic
    • #1767: Scheduler trait + transition all boards to round robin scheduler
    • #2010: Remove OptionalCell's dependency on feature(const_fn) using impl<T: Copy>
    • #2032: riscv: check for stack overflow
    • #1911: New Platform: Msp432
    • #1986: Touch Panel HIL and ft6x06 driver
    • #2001: boards: Make .app section default, do not include it in kernel binary
    • #2015: tock-registers: use UnsafeCell in writeable registers
    • #2021: arch/rv32i: Don't sort PMP regions when we configure the MPU
    • #2024: Makefile: Don't run the setup commands inside bash
    • #2035: OpenTitan: USB support cleanup
    • #1994: kernel: expose APIs for external ProcessTypes
    • #2026: boards: nrf52840dk: add flash-openocd
    • #2029: tools: fix update rust script
    • #1965: hil: gpio: remove 'static
    • #2002: cortex-m: Detect stack overflow
    • #2033: sifive: uart: make sure tx enabled
    • #2014: docs: porting: add new platform checklist
    • #2011: Makefile: Split QEMU build to a seperate directory
    • #2031: Notes from Core WG call, July 17
    • #2020: arch/rv32i: Reduce PMP stack usage
    • #2019: riscv: pmp: disable all entries
    • #1741: boards/opentitan: Build OpenTitan with target device specific parameters
    • #2004: Adding ADC support for stm323f4xx
    • #2000: Adding ADC support for stm323f303xc
    • #1887: sched: Add a watchdog
    • #1991: boards: make: quiet sha256sum from cargo
    • #2025: kernel::hil: time: fixed wrong implementation of is_oneshot()
    • #1985: Update Systick trait, implement it for e310x and ibex
    • #2013: Add Core Meeting Notes of 2020-07-10
    • #2017: Makefile: Bump the OpenTitan boot ROM
    • #1930: kernel: process: omit debug addrs for fixed apps
    • #2008: riscv: remove old feature
    • #1971: Use mainline QEMU
    • #2003: kernel: grant: do not pass T::default()
    • #1988: chips: apollo3: Allow a few tries to set the stimer
    • #1980: doc: ot: notes: June meetings
    • #1989: chips: apollo3: Enable the I and D cache
    • #1997: chip: rename Ibex to EarlGrey
    • #1999: add core notes 2020-07-03
    • #1996: Core working group notes, June 26
    • #1987: Added support for external clock source and systick user-defined clock value for ARM
    • #1978: Makefile: Fix the temp directory creation when cloning OT ROM
    • #1961: Create core-notes-2020-06-19.md
    • #1992: doc: remove allow(unused_doc_comments)
    • #1981: LowRISC: Initial commit of Pad Controller
    • #1962: Use linker file to create APP_MEMORY slice.
    • #1916: Added STM32F412G Discovery kit
    • #1983: USB: CDC: Allow boards to specify vendor id, product id, and strings.
    • #1982: Correct memop documentation
    • #1975: rv32i: Add support for 64 PMP regions
    • #1967: Makefile.common: use system sha256sum if available
    • #1917: hil: ble_advertising: Pass the transmit buffer on callback
    • #1934: Initial support for Apollo3 BLE
    • #1933: Bind AppSlice to app instance (AppId), fixes #1914
    • #1979: add --strip-sections to objcopy flags
    • #1943: kernel: TBF parsing: match the threat model
    • #1951: ci: run miri where we can
    • #1974: tools: pick toolchain that has all our components
    • #1909: Add Nano 33 BLE Board
    • #1970: rv32i: add Display trait for PMPRegion/Config
    • #1969: Fix PMP use for RISC-V
    • #1968: Stm32f4 I2C HAL
    • #1964: hil: remove 'static from ble_advertising
    • #1889: Apollo3: Add an alarm
    • #1896: apollo3: uart: Fix the UART callback
    • #1926: Prepare for 64 PMP config registers
    • #1949: CDC: Wait for CDC messages, add delay to nRF USB RESET
    • #1959: HIL: remove 'static from sensors
    • #1957: Remove core_intrinsics offset feature
    • #1955: kernel: remove panic_info_message feature
    • #1956: CRC HIL: make lifetime 'a, not 'static
    • #1958: Remove core::intrinsics::math
    • #1960: Increase delay in Segger RTT debugging (fix #1697).
    • #1907: nrf52: usb: handle control OUT transfer
    • #1837: Frame buffer HIL and ST7735 screen support
    • #1946: Add USB CDC Component, Move set_client() to USB HIL
    • #1952: components: Add debug writer that doesn't use a UART mux
    • #1950: remove all uses of lang_items unstable feature
    • #1939: Make the Field::mask and FieldValue::mask fields private.
    • #1947: nrf52: usb: better check state on IN resume
    • #1945: nrf52: usb: do not print debug!() info on startup
    • #1929: add core notes 2020-06-12
    • #1902: USB: Add CDC support, update capsule stack
    • #1771: boards/Makefile.common: tool-chain customization
    • #1935: Makefile: Update the OpenTitan boot ROM
    • #1927: Many updates to comments in capsules/
    • #1936: ci: Add missing echo suppress
    • #1925: Add support for the MLX90614 IR Temperature Sensor
    • #1882: chips: ibex: Enable low power state
    • #1910: Add meeting notes
    • #1919: Core working group notes from June 05
    • #1897: Apollo3: Add support for the I2C device
    • #1892: Remove nrf52dk_base, initialize nordic boards independently.
    • #1924: Import changes in kernel/src/common/utils.rs from #1618.
    • #1906: OpenTitan: Document and support flashing apps
    • #1899: Add support for SMBus
    • #1908: Update Rust To June 2020 Nightly
    • #1915: Update nucleo documentation and deleted sudo for make program
    • #1879: OpenTitan: Initial support for I2C
    • #1901: sam4l: usb: don't just queue resume in
    • #1894: sam4l: usb: handle return code, long buffers
    • #1822: kernel: configure MPU only if switching to a different process
    • #1903: nrf52: usb: correct register matching
    • #1888: nRF52: uart fixes for unknown bootloader configurations
    • #1880: Overhaul Tock CI
    • #1904: Fix broken link to board 'arty_e21'
    • #1881: ci: actually deny warnings in doc builds
    • #1898: add core wg notes 05-29-2020
    • #1646: rust: remove all uses of unstable pragma "in_band_lifetimes"
    • #1895: capsules: usb: change config descriptor to 1
    • #1883: Core WG notes from May 22
    • #1831: Allow/subscribe null pointer doc clarifications
    • #1885: remove empty .gitmodules file
    • #1884: Remove unused asm feature flags
    • #1857: Initial support for the Artemis platform
    • #1878: Make nrf52 15.4 driver standards compliant; create generic 15.4 component
    • #1863: cortex-m: Add missing ISB after CONTROL writes
    • #1650: kernel: remove unstable crate_visibility_modifier, aka crate -> pub(crate)
    • #1872: [RFC] Codify CI policy
    • #1801: RISC-V: Add automated QEMU testing
    • #1874: nrf52: dont write to read only register
    • #1858: Set interrupt pending bit manually
    • #1870: move duplicated unhandled_interrupt code to cortex-m4 crate
    • #1853: Components for all things nrf52
    • #1868: Remove emulation-check from travis-ci.
    • #1866: Small improvements to QEMU Make step
    • #1845: TBF: Add "Fixed Addresses" TLV
    • #1862: Enforce doc warnings.
    • #1859: Run OpenTitan tests in the CI
    • #1825: Run Clippy in CI
    • #1846: Initial work on OpenTitan USB controller
    • #1856: tock-rt0 related cosmetic changes.
    • #1702: Add HMAC support to Tock and OpenTitan
    • #1805: rv32i: pmp: Remove power of two allignment constraint
    • #1821: RISC-V: General PMP Improvements
    • #1847: hifive1: Upgrade to the revB board
    • #1852: doc: add OT WG notes
    • #1823: Fix Tock register interface to allow large unsigned values as bitmasks
    • #1855: doc: add explicit AUTHORS file & update
    • #1690: added the possibility to add None gpio pins
    • #1828: OpenTitan: Add support for receiving data over the UART
    • #1840: OpenTitan: HMAC: Convert to being interrupt driven
    • #1754: stm32f3xx I2C, lsm303dlhc sensor and secondary drivers of ninedof
    • #1851: Fix bors by updating status names to include OS
    • #1841: kernel: move restart logic to function
    • #1625: CI: build OS X on master and bors merges to it
    • #1832: Convert QEMU testing to use rexpect
    • #1784: Update nordic board documentation [was: Rename nrf52dk_base to nrf52_base]
    • #1836: Added init() function to stm32f4 crates
    • #1842: remove clone/copy from StoredState
    • #1817: Fix one byte UART transmissions for lowrisc (maybe)
    • #1838: Create core-notes-2020-05-08.md
    • #1826: kernel: use MapCell for Process::stored_state
    • #1799: nRF52 spi: fix get_rate
    • #1568: Reorg stm32f3xx crates and CI: enforce no-warnings on test builds
    • #1800: Remaining clippy allows/fixes
    • #1765: Remove &dyn references from GPIO-related HILs and capsules.
    • #1797: Add a git-diff line to tools/post_size_changes_to_github.sh
    • #1824: doc: add nrf52840-dongle to boards list
    • #1815: Run CI on Github Actions
    • #1818: travis: remove deprecated sudo key
    • #1820: Fix typos in CodeReview.md
    • #1819: Fix typos in CONTRIBUTING.md
    • #1802: Updated SPI hold_low and release_low for STM
    • #1803: refactor stmf32f4xx chip code into multiple crates
    • #1766: Unify arithmetic implementation of field registers and add unit tests.
    • #1816: Core working group notes from May 01
    • #1808: kernel: Check for interrupts and deferred calls
    • #1795: tools: update makefile to partition CI
    • #1770: propagate additional process loading errors to main.rs
    • #1744: Spi: Move SPI buffer size into SPI capsule
    • #1807: kernel: Update comments to mention Process Control Block
    • #1780: doc: use copy-on-write for docs
    • #1777: refactor buffer copy logic to reduce flash memory usage
    • #1762: [RFC] Private TBF TLV tag entry
    • #1790: capsule: process console: fix printout ordering
    • #1775: doc: ot: notes: 2020-04-09 and 2020-04-16
    • #1811: update changelog for 1.5
    Source code(tar.gz)
    Source code(zip)
  • release-1.6-rc1(Oct 9, 2020)

    The 1.6 release of Tock includes numerous improves as we work towards the 2.0 release of Tock. Tock 2.0 will include breaking syscall changes, and before those changes we wanted to ensure the changes over the last couple months made their way into a 1.x release. So here it is!

    Tock Has a Scheduler!

    The major change in this release is in PR #1767 which added a Scheduler trait allowing Tock to cleanly support different schedulers. That PR also included four different schedulers that boards can choose from when configuring the kernel.

    New Platforms

    As Tock continues to run on more and more hardware, 1.6 is no different. This release includes support for:

    • msp432 (#1911)
    • Apollo3 (#1857)
    • Arduino Nano 33 BLE (#1909)
    • HiFive1 rev B (#1847)

    Internal Interface Refactors

    Tock's HIL interfaces go through periodic re-designs as bugs come up and new hardware platforms expose issues or oversights. The time.rs HIL (alarms and timers) saw the major update in 1.6 (#2089).

    Non-PIC Userspace Tooling Support

    While Tock was originally designed for userspace processes to be compiled with PIC (meaning they can be executed at any address), both LLVM and RISC-V do not (yet?) support the PIC mode that Tock requires. While we wait, we use statically compiled TBF apps, and the tooling and kernel support for apps compiled for fixed addresses has improved significantly (#1845, #1928, #1930).

    USB Stack Improvements

    There has been some renewed interest in USB stack developments, and 1.6 includes support for UART over USB (using CDC-ACM) (#1902), as well as USB support on OpenTitan (#1846).

    Many Other Updates!

    Of course those are just some highlights of development since 1.5. There have been a whole host of improvements:

    • #2116: chips: e310: improve interrupt handling
    • #2134: riscv mtimer: don't directly modify interrupt enables
    • #2136: doc: OurOfTree.md typo conneciton -> connection
    • #1963: deprecate launchxl, cc26x2
    • #2133: chips/earlgrey: Use the peripheral clock frequency
    • #2091: Nano33 apds9960
    • #2127: Create core-notes-2020-09-25.md
    • #2128: opentitan: Disable USB support by default
    • #2129: fix rustdoc CI, force bash for Makefile.common
    • #2126: Earlgrey: dont call debug in interrupt top half
    • #2117: Fix kernel work counting when processes are stopped or faulted
    • #2089: Time redesign v3
    • #2047: Virtual ADC support
    • #2119: Add Tock core WG notes for 2020-09-18.
    • #2120: arch/cortex-m3: Allow the kernel to access protected memory
    • #2121: capsules: hmac: Replace the digest buffer after completion
    • #1873: PMP and MPU Improvements
    • #2107: Scheduler timer bugfix + documentation updates
    • #1973: Remove reborrows?
    • #2104: opentitan: Makefile: Use riscv64-elf-objcopy to prepare images
    • #2053: Add utilities for allocating dynamic grants.
    • #2083: Stm32f3: add flash support
    • #2101: RFC: Remove AppPtr::Drop() and Owned::Drop()
    • #2103: OpenTitan: A collection of USB fixes
    • #2114: STM32 Readme Fix
    • #2105: Core WG notes for September 11
    • #2109: Core WG notes for 2020-09-04
    • #2110: Makefile: Bump the OpenTitan ROM file
    • #2092: arch/cortex-m: change a few llvm_asm!s to asm!s
    • #2102: Add links to out-of-tree boards to boards/README.md.
    • #2073: RISC-V: Update panic debug print
    • #2080: OpenTitan: Add support for detecting the USB device
    • #2100: Mask USB interrupt to avoid hardware bug in OpenTitan
    • #2082: capsules: usb/cdc: Fixup the CDC control message logic
    • #2090: Make .storage alignment configurable
    • #2098: Kernel work increment/decrement prevents MCU going to sleep
    • #2077: Add TakeCell::get_mut function
    • #2085: Allow creating a Spi Peripheral
    • #2095: Update tock-registers README.md
    • #2086: MLFQ scheduler bug fix
    • #2066: Msp432: DMA-support
    • #2088: Core notes for August 28th
    • #2087: opentitan: README: Update the OpenTitan minimum version SHA
    • #2027: Remove duplicated code in cortex-m crates
    • #2074: Add ability to get full address bytes & address type to nrf52 Ficr
    • #2081: MSP432: Change SMCLK from 750kHz to 1.5MHz
    • #2075: Create core-notes-2020-08-14.md
    • #2076: rv32: pmp: Fix bounds
    • #2060: Ft6x06 touch status fix and impoved report efficency
    • #2071: Update tock-registers doc to fix mistake
    • #2064: pmp: add PMP struct
    • #2072: Makefile: Update the OpenTitan ROM download location
    • #2070: core wg notes august 7
    • #2068: schedulers: store references to slots in processes array instead of AppIds
    • #1928: kernel: process: try to use memory fixed address
    • #2067: Msp432: Platform fixes
    • #2062: kernel: sched: add and update comments
    • #2045: rt0: Convert uses of u32 to usize
    • #2061: core notes july 31
    • #2022: kernel: process: use slice for app memory
    • #2065: hifive1: Document required revb parameter for qemu
    • #2038: arch/rv32i: pmp: Make the PMP struct as long as required
    • #1942: Console: Check for receive length just in case
    • #2043: cortex-m: fix warning about volatile keyword in incorrect position
    • #2059: kernel: return correct time used
    • #2054: fix bug in round robin scheduling logic
    • #2050: Boards: RISC-V: Update the QEMU README
    • #2048: kernel: sched: priority: invert logic
    • #1767: Scheduler trait + transition all boards to round robin scheduler
    • #2010: Remove OptionalCell's dependency on feature(const_fn) using impl<T: Copy>
    • #2032: riscv: check for stack overflow
    • #1911: New Platform: Msp432
    • #1986: Touch Panel HIL and ft6x06 driver
    • #2001: boards: Make .app section default, do not include it in kernel binary
    • #2015: tock-registers: use UnsafeCell in writeable registers
    • #2021: arch/rv32i: Don't sort PMP regions when we configure the MPU
    • #2024: Makefile: Don't run the setup commands inside bash
    • #2035: OpenTitan: USB support cleanup
    • #1994: kernel: expose APIs for external ProcessTypes
    • #2026: boards: nrf52840dk: add flash-openocd
    • #2029: tools: fix update rust script
    • #1965: hil: gpio: remove 'static
    • #2002: cortex-m: Detect stack overflow
    • #2033: sifive: uart: make sure tx enabled
    • #2014: docs: porting: add new platform checklist
    • #2011: Makefile: Split QEMU build to a seperate directory
    • #2031: Notes from Core WG call, July 17
    • #2020: arch/rv32i: Reduce PMP stack usage
    • #2019: riscv: pmp: disable all entries
    • #1741: boards/opentitan: Build OpenTitan with target device specific parameters
    • #2004: Adding ADC support for stm323f4xx
    • #2000: Adding ADC support for stm323f303xc
    • #1887: sched: Add a watchdog
    • #1991: boards: make: quiet sha256sum from cargo
    • #2025: kernel::hil: time: fixed wrong implementation of is_oneshot()
    • #1985: Update Systick trait, implement it for e310x and ibex
    • #2013: Add Core Meeting Notes of 2020-07-10
    • #2017: Makefile: Bump the OpenTitan boot ROM
    • #1930: kernel: process: omit debug addrs for fixed apps
    • #2008: riscv: remove old feature
    • #1971: Use mainline QEMU
    • #2003: kernel: grant: do not pass T::default()
    • #1988: chips: apollo3: Allow a few tries to set the stimer
    • #1980: doc: ot: notes: June meetings
    • #1989: chips: apollo3: Enable the I and D cache
    • #1997: chip: rename Ibex to EarlGrey
    • #1999: add core notes 2020-07-03
    • #1996: Core working group notes, June 26
    • #1987: Added support for external clock source and systick user-defined clock value for ARM
    • #1978: Makefile: Fix the temp directory creation when cloning OT ROM
    • #1961: Create core-notes-2020-06-19.md
    • #1992: doc: remove allow(unused_doc_comments)
    • #1981: LowRISC: Initial commit of Pad Controller
    • #1962: Use linker file to create APP_MEMORY slice.
    • #1916: Added STM32F412G Discovery kit
    • #1983: USB: CDC: Allow boards to specify vendor id, product id, and strings.
    • #1982: Correct memop documentation
    • #1975: rv32i: Add support for 64 PMP regions
    • #1967: Makefile.common: use system sha256sum if available
    • #1917: hil: ble_advertising: Pass the transmit buffer on callback
    • #1934: Initial support for Apollo3 BLE
    • #1933: Bind AppSlice to app instance (AppId), fixes #1914
    • #1979: add --strip-sections to objcopy flags
    • #1943: kernel: TBF parsing: match the threat model
    • #1951: ci: run miri where we can
    • #1974: tools: pick toolchain that has all our components
    • #1909: Add Nano 33 BLE Board
    • #1970: rv32i: add Display trait for PMPRegion/Config
    • #1969: Fix PMP use for RISC-V
    • #1968: Stm32f4 I2C HAL
    • #1964: hil: remove 'static from ble_advertising
    • #1889: Apollo3: Add an alarm
    • #1896: apollo3: uart: Fix the UART callback
    • #1926: Prepare for 64 PMP config registers
    • #1949: CDC: Wait for CDC messages, add delay to nRF USB RESET
    • #1959: HIL: remove 'static from sensors
    • #1957: Remove core_intrinsics offset feature
    • #1955: kernel: remove panic_info_message feature
    • #1956: CRC HIL: make lifetime 'a, not 'static
    • #1958: Remove core::intrinsics::math
    • #1960: Increase delay in Segger RTT debugging (fix #1697).
    • #1907: nrf52: usb: handle control OUT transfer
    • #1837: Frame buffer HIL and ST7735 screen support
    • #1946: Add USB CDC Component, Move set_client() to USB HIL
    • #1952: components: Add debug writer that doesn't use a UART mux
    • #1950: remove all uses of lang_items unstable feature
    • #1939: Make the Field::mask and FieldValue::mask fields private.
    • #1947: nrf52: usb: better check state on IN resume
    • #1945: nrf52: usb: do not print debug!() info on startup
    • #1929: add core notes 2020-06-12
    • #1902: USB: Add CDC support, update capsule stack
    • #1771: boards/Makefile.common: tool-chain customization
    • #1935: Makefile: Update the OpenTitan boot ROM
    • #1927: Many updates to comments in capsules/
    • #1936: ci: Add missing echo suppress
    • #1925: Add support for the MLX90614 IR Temperature Sensor
    • #1882: chips: ibex: Enable low power state
    • #1910: Add meeting notes
    • #1919: Core working group notes from June 05
    • #1897: Apollo3: Add support for the I2C device
    • #1892: Remove nrf52dk_base, initialize nordic boards independently.
    • #1924: Import changes in kernel/src/common/utils.rs from #1618.
    • #1906: OpenTitan: Document and support flashing apps
    • #1899: Add support for SMBus
    • #1908: Update Rust To June 2020 Nightly
    • #1915: Update nucleo documentation and deleted sudo for make program
    • #1879: OpenTitan: Initial support for I2C
    • #1901: sam4l: usb: don't just queue resume in
    • #1894: sam4l: usb: handle return code, long buffers
    • #1822: kernel: configure MPU only if switching to a different process
    • #1903: nrf52: usb: correct register matching
    • #1888: nRF52: uart fixes for unknown bootloader configurations
    • #1880: Overhaul Tock CI
    • #1904: Fix broken link to board 'arty_e21'
    • #1881: ci: actually deny warnings in doc builds
    • #1898: add core wg notes 05-29-2020
    • #1646: rust: remove all uses of unstable pragma "in_band_lifetimes"
    • #1895: capsules: usb: change config descriptor to 1
    • #1883: Core WG notes from May 22
    • #1831: Allow/subscribe null pointer doc clarifications
    • #1885: remove empty .gitmodules file
    • #1884: Remove unused asm feature flags
    • #1857: Initial support for the Artemis platform
    • #1878: Make nrf52 15.4 driver standards compliant; create generic 15.4 component
    • #1863: cortex-m: Add missing ISB after CONTROL writes
    • #1650: kernel: remove unstable crate_visibility_modifier, aka crate -> pub(crate)
    • #1872: [RFC] Codify CI policy
    • #1801: RISC-V: Add automated QEMU testing
    • #1874: nrf52: dont write to read only register
    • #1858: Set interrupt pending bit manually
    • #1870: move duplicated unhandled_interrupt code to cortex-m4 crate
    • #1853: Components for all things nrf52
    • #1868: Remove emulation-check from travis-ci.
    • #1866: Small improvements to QEMU Make step
    • #1845: TBF: Add "Fixed Addresses" TLV
    • #1862: Enforce doc warnings.
    • #1859: Run OpenTitan tests in the CI
    • #1825: Run Clippy in CI
    • #1846: Initial work on OpenTitan USB controller
    • #1856: tock-rt0 related cosmetic changes.
    • #1702: Add HMAC support to Tock and OpenTitan
    • #1805: rv32i: pmp: Remove power of two allignment constraint
    • #1821: RISC-V: General PMP Improvements
    • #1847: hifive1: Upgrade to the revB board
    • #1852: doc: add OT WG notes
    • #1823: Fix Tock register interface to allow large unsigned values as bitmasks
    • #1855: doc: add explicit AUTHORS file & update
    • #1690: added the possibility to add None gpio pins
    • #1828: OpenTitan: Add support for receiving data over the UART
    • #1840: OpenTitan: HMAC: Convert to being interrupt driven
    • #1754: stm32f3xx I2C, lsm303dlhc sensor and secondary drivers of ninedof
    • #1851: Fix bors by updating status names to include OS
    • #1841: kernel: move restart logic to function
    • #1625: CI: build OS X on master and bors merges to it
    • #1832: Convert QEMU testing to use rexpect
    • #1784: Update nordic board documentation [was: Rename nrf52dk_base to nrf52_base]
    • #1836: Added init() function to stm32f4 crates
    • #1842: remove clone/copy from StoredState
    • #1817: Fix one byte UART transmissions for lowrisc (maybe)
    • #1838: Create core-notes-2020-05-08.md
    • #1826: kernel: use MapCell for Process::stored_state
    • #1799: nRF52 spi: fix get_rate
    • #1568: Reorg stm32f3xx crates and CI: enforce no-warnings on test builds
    • #1800: Remaining clippy allows/fixes
    • #1765: Remove &dyn references from GPIO-related HILs and capsules.
    • #1797: Add a git-diff line to tools/post_size_changes_to_github.sh
    • #1824: doc: add nrf52840-dongle to boards list
    • #1815: Run CI on Github Actions
    • #1818: travis: remove deprecated sudo key
    • #1820: Fix typos in CodeReview.md
    • #1819: Fix typos in CONTRIBUTING.md
    • #1802: Updated SPI hold_low and release_low for STM
    • #1803: refactor stmf32f4xx chip code into multiple crates
    • #1766: Unify arithmetic implementation of field registers and add unit tests.
    • #1816: Core working group notes from May 01
    • #1808: kernel: Check for interrupts and deferred calls
    • #1795: tools: update makefile to partition CI
    • #1770: propagate additional process loading errors to main.rs
    • #1744: Spi: Move SPI buffer size into SPI capsule
    • #1807: kernel: Update comments to mention Process Control Block
    • #1780: doc: use copy-on-write for docs
    • #1777: refactor buffer copy logic to reduce flash memory usage
    • #1762: [RFC] Private TBF TLV tag entry
    • #1790: capsule: process console: fix printout ordering
    • #1775: doc: ot: notes: 2020-04-09 and 2020-04-16
    • #1811: update changelog for 1.5
    Source code(tar.gz)
    Source code(zip)
  • release-1.5(Apr 30, 2020)

    Tock 1.5 is a periodic release so that there is at least one tested 1.x release before Tock 2.0. It includes updated components, more RISC-V development, new supported boards, improved process handling, and a host of other changes.

    Highlights of this Release

    • New Features and Development

      • #1338 Added generic components
      • #1428 Add MPU configuration to panic print message
      • #1443 Add strace feature to kernel
      • #1480 Remove unsafe from TBF parsing in kernel
      • #1505 Add InterruptService abstraction
      • #1511 Complete transition to register interface
      • #1082 Processes are fully restartable
      • #1581 Capabilities in networking stack
      • #1589 RISC-V PMP implementation
      • #1590 Refactor panic!() printing implementation
      • #1680 Add hook for syscall filtering
      • #1748 Update in-kernel grant interface
    • New capsules

      • #1430 Low level debug
      • #1580 Log storage
      • #1715 HD44780 LCD
      • #1723 l3gd20 3 axis gyro and temperature sensor
    • New Boards

      • #1460 OpenTitan
      • #1492 nRF52840 Dongle
      • #1674 STM32F3Discovery
    • New Documentation

      • #1632 Tock threat model
      • #1466 Tock design goals

    All Merged PRs:

    • #1338 Add generic components that any board can use
    • #1368 Tock Register Interface: help ensure correct use
    • #1392 Add functional unit tests for the kernel ring buffer.
    • #1393 Add cargo test for chips and archs on ci-travis.
    • #1394 Make process::alloc() take the alignment into account.
    • #1396 Fix typo in net::ipv6::ip_utils documentation.
    • #1397 Imix pin mapping documentation
    • #1398 hifive1: Increase stack size to 0x1000
    • #1399 Add Clippy Script + implement some clippy recommendations
    • #1401 arch/rv32i: Fixup MIE bit fields
    • #1403 put something useful in boards/README.md
    • #1404 turn the "getting started" guide into more of a tutorial
    • #1405 nrf52: add nRF52840 support to ficr.rs
    • #1406 allow GPIOs to be switched on
    • #1407 fix TOCK_KERNEL_VERSION
    • #1410 Add macro to generate register structs, and apply it to nrf52/clock (Fix #1400)
    • #1411 replace env! with option_env!
    • #1412 HiFive1: Add support for Machine Mode Interrupts
    • #1414 doc: fix various links and formatting
    • #1415 tools: add link checking script
    • #1417 Update rust and add update script
    • #1418 Fix path for kernel_layout.ld in nordic boards' build.rs.
    • #1420 SAM4L: create GLOC peripheral driver
    • #1421 make: freshen up board Makefile
    • #1422 Add support for multiple GPIO ports in chips/nrf5x.
    • #1425 RISCV addition for cycle and instruction counting
    • #1426 Add more variants to chips/nrf52/src/ficr.rs and keep them ordered in alphanumerical order
    • #1427 Add USB register mapping (for nRF52840-DK) to chips/nrf52.
    • #1428 Add MPU information to panic!() print
    • #1430 Implement the low-level-debug capsule.
    • #1431 fix slack invite link
    • #1432 Remove duplicate app register saving on context switch
    • #1434 Move USB control transaction handling to a separate module and add more descriptors.
    • #1435 Extend nrf52's UICR (NFC) and only erase its memory when needed
    • #1436 Remove impossible if-condition in cortex-m3 MPU
    • #1437 Add hifive1 support for user application
    • #1438 Add MIT to list of contributors
    • #1440 Make process_detail_fmt work with unknown app heap/stack pointers.
    • #1443 Add strace feature to trace syscalls in the kernel.
    • #1445 SiFive: PWM: Slight MMIO address correction
    • #1446 Use MaybeUninit in static_init instead of transmuting an option.
    • #1448 Drop messages instead of panicking when the debug buffer is full (Fix #1442).
    • #1450 Add comments to kernel/platform
    • #1451 rust2018: do not need macro_use
    • #1452 components: add generic spi, add to hail
    • #1453 components: make si7021 generic, add to hail
    • #1454 board: arty: use components
    • #1455 libraries: release tock-register-interface v0.4
    • #1456 Add DebugWriter component, use console component
    • #1458 register_structs!: Make output type public
    • #1460 Add the Ibex CPU and the OpenTitan Board
    • #1461 Add support for explicit visibility in register_structs.
    • #1463 Remove cargo.lock
    • #1466 doc/Design.md: Add 'Some in-kernel design principles` section
    • #1468 Update Nordic nrf52 chip model and variant
    • #1469 Fixed a typo.
    • #1471 RISC-V: OpenTitan Preparation
    • #1473 Replace IRC badge with Slack badge on README
    • #1474 Disable adc for deep sleep
    • #1476 UDP port binding + virtualization between apps and capsules
    • #1478 Add transmit_sync for sifive UART for use in panic
    • #1479 boards/hifive1: Remove duplicate PLIC enable
    • #1480 Rewrite TBF parsing logic
    • #1481 regs: Add Copy and Clone to InMemoryRegister
    • #1483 Remove dead code that double-checks the checksum
    • #1484 tools: Add setuptools to svd2regs.nix generated environment
    • #1486 Ensure the create_capability! macro cannot be called from capsules
    • #1487 Add missing panic! documentation in Porting Guide
    • #1488 boards/Makefile.common: Minor cleanup
    • #1489 register_structs!: Fix breakage of custom_test_frameworks
    • #1490 map the NRF52840-DK GPIOs correctly
    • #1492 Add support for the nrf52840_dongle board.
    • #1493 Remove direct dependency on nrf5x from nrf52dk_base.
    • #1494 Add support for power management in nrf52 chips.
    • #1495 Fix memory overuse in HiFive1 board
    • #1497 Mechanically align static_init_half with updated static_init macro.
    • #1498 Use the gpio::Pin enum in nRF52-based boards instead of raw numbers.
    • #1499 Add tests to capsules/alarm.rs
    • #1502 nRF52 UART updates - CTS/RTS optional, support PORT1 pins
    • #1503 Components: add GPIO, LED, AlarmMux, UartMux
    • #1504 nrf52: gpio: make disable_input a no-op
    • #1505 Add an InterruptService for chips of the nRF5x family.
    • #1506 doc: add style doc
    • #1507 doc: Add missing table of contents to docs
    • #1508 doc/policy: Core Team Information
    • #1509 doc: updating porting guide
    • #1510 RFC: Register visibility granularity
    • #1511 Migrate the last of the old arch stuff to the new registers interface
    • #1514 Add debug statements to show how and where process are loaded from flash to sram.
    • #1516 Fix nrf5x's counter register to use 24 bits instead of 32 (fix #1515).
    • #1519 doc: Add explicit Code of Conduct to top-level README
    • #1520 Fix in-kernel storage allocation macro and section.
    • #1522 Transitions virtual UART to use a deferred callback
    • #1523 Add a notice about QEMU support
    • #1525 update adc capsule to use grant
    • #1527 Improve display of MPU layout in Cortex-M panic handler
    • #1528 libraries/tock-cells: remove unsafe from TakeCell
    • #1529 Fix restarting apps
    • #1530 capsules: show process restarts in process console
    • #1531 Fix counting the number of syscalls a process has called.
    • #1533 libraries: cells: add more to numeric cell
    • #1535 Fix formatting bug in markdown
    • #1536 kernel: lib: make process::Error public
    • #1537 tock-registers: release v0.5
    • #1539 Update nrf52840dk README
    • #1540 Add a simple alarm test. It fires the first alarm in about 10 seconds.
    • #1541 use new components for nrf52 boards
    • #1543 Add support for USB bulk/interrupt on the nrf52 chip.
    • #1546 Update Rust nightly version
    • #1547 Use static_init in the DebugWriter component to create debug buffers.
    • #1548 Add kernel::debug::IoWrite trait and remove unsound str::from_utf8_unchecked (fix #1449)
    • #1550 readme: add link to docs.tockos.org
    • #1551 Add Analog_Comparator for nrf52840
    • #1553 doc: restore documentation for hidden items
    • #1554 Add support for structs with a lifetime parameter in register_structs.
    • #1556 Refactor Segger RTT and add a usb_debugging mode on the nRF52840-DK board
    • #1558 Fixing GPIO component and missing FloatingState
    • #1561 Add make audit command based on Cargo audit.
    • #1562 arch/rv32i: Implement proper atomic helper
    • #1564 chips: doc: update supported HIL table
    • #1565 kernel: Add trait for process restart policies
    • #1566 kernel: Add an "identifier" to AppId
    • #1567 libraries/riscv-csr: Fix warning under cargo test
    • #1570 CI: build the rust tools during CI
    • #1571 Update booting information with some details about RISC-V
    • #1574 arch/rv32i: Simplify mcause CSR parsing
    • #1578 boards/opentitan: Add support for the LED HIL
    • #1579 add set_vector_table_offset()
    • #1580 Create a log storage capsule
    • #1581 Layered networking capabilities
    • #1582 doc: fix syntax highlighting tag
    • #1587 arch/rv32i: Rework switch_to_userspace handler
    • #1588 kernel: give processes unique identifiers
    • #1589 Add support for RISC-V PMP
    • #1590 Printing system state refactoring between Chip and Process
    • #1592 chips/ibex: update for register layout changes
    • #1593 Removed useless allow(dead_code) in components.
    • #1594 Add OpenTitan Working Group
    • #1595 arch/rv32i: Fix up the PMP CFG offsets
    • #1596 Fix broken link to JTAG instructions
    • #1598 chips/ibex: Normalize timer interrupt handler
    • #1599 nrf52: remove duplicate radio reference
    • #1600 boards/opentitan: Hookup Low Level Debug (lldb)
    • #1601 Print out syscall return value as a format instead of a number
    • #1603 rv32i: pmp: use TOR in disable_mpu
    • #1604 arty-e21: enable PMP
    • #1605 opentitan: Increase the App memory
    • #1606 boards/opentitan: Fix bad pointer dereference
    • #1608 Correct Name Spelling
    • #1609 ADC Capsule: More work on supporting restarts.
    • #1610 boards/opentitan: Connect the GPIO capsule
    • #1611 Enable AES hardware block for OpenTitan
    • #1612 nRF51 Serialization: Support restarting apps
    • #1613 kernel: don't cache the process appid in main loop
    • #1614 CRC: Add set_client to HIL
    • #1615 opentitan: notes 2020-02-14
    • #1617 Update nrf52dk README
    • #1620 Notes from 2/21 call.
    • #1621 doc: wg: Add Silvestrs to the OpenTitan WG
    • #1622 doc: OpenTitan: add 2020-02-21 notes
    • #1623 Flash HIL: return buffers if errors
    • #1627 [libraries enum primitive]: fix failing tests
    • #1631 Update rust Feb, 2020
    • #1632 Add a threat model to Tock's documentation.
    • #1633 Updated the number of User LEDs for Nucleo_F429ZI
    • #1636 Fix race condition between DynamicDeferredCall and interrupts.
    • #1637 doc: notes from 2/28 core call
    • #1638 doc: ot: add 2020-02-28 notes
    • #1642 kernel: Fix recording last syscall
    • #1643 rust: remove all unused feature pragmas
    • #1644 chips/e310x: Fix spelling of suppress_all
    • #1645 doc: Update architecture diagram
    • #1647 chips/e310x: Remove unstable pragma
    • #1648 kernel: use NonNull, iterate on grant and appslice interfaces
    • #1649 chips/saml4: remove unstable pragma
    • #1653 kernel: stdize process_each and process_each_cap
    • #1655 Add new restart policy and configure hail to restart failed apps
    • #1656 kernel+process console: add grant usage
    • #1658 Add panic_button component and update the GPIO HIL accordingly.
    • #1659 Make UART control flow pin optional on Nordic boards.
    • #1660 DRAFT rust: disable frame pointers in the Tock kernel
    • #1661 Handle device register aliases explicitly
    • #1664 Generalize chip_layout.ld to Nordic boards and increase ROM size on nrf52840.
    • #1667 Implement a debug_enqueue! macro that writes to a ring buffer flushed only upon panicking.
    • #1668 Add --remap-path-prefix to make builds more deterministic and smaller.
    • #1669 Print a SHA-256 sum of built binaries, to check for reproducibility.
    • #1670 update rust to 2020-03-06
    • #1671 doc: ot: add notes 2020-03-06
    • #1672 Notes from Core-WG call 03/06
    • #1674 Porting to STM32F303 and STM32F3Discovery kit
    • #1677 [USB] Split each endpoint's state into independent IN and OUT sides.
    • #1678 Update I2cMaster driver number according to doc/syscalls/README.md
    • #1680 kernel: Add syscall filter to platform trait
    • #1681 Make nrf52* based boards compatible with bootloader.
    • #1683 Add @jrvanwhy to core team list
    • #1684 Updated nucleo to use components for led and alarm
    • #1686 Removed loop from io.rs panic_fmt for nucleo
    • #1687 Notes from core-WG call 03/13/20
    • #1688 Revert PR #1660
    • #1689 doc: ot: add notes from 2020-03-13
    • #1693 Fix remove_pending_callbacks formatting.
    • #1699 SAM4L: Update DMA peripheral driver
    • #1700 doc: wg: add core working group charter
    • #1704 opentitan: Disable aes_test
    • #1705 OpenTitan WG Roadmap
    • #1706 doc: ot: add notes 2020-03-19
    • #1708 Create core-notes-2020-03-20
    • #1709 added system call to set alarm to a relative tics
    • #1710 Add tock-on-titan's print_memory_usage.py script to the tools/ directory.
    • #1711 Updates size tool to have fixes requested in #1673
    • #1714 Use a Cargo workspace to make builds reproducible and speed up CI.
    • #1715 Capsule for HD44780 LCD
    • #1716 doc: ot: add 03-26-2020 notes
    • #1717 rv32i: pmp: Fix the app allocation calculator
    • #1719 tools: remove fixed bash interpreter path
    • #1722 stop running size reporting script in travis
    • #1723 capsule for l3gd20 3 axis gyro and temperature sensor
    • #1724 Remove option encapsulation in Kernel get_process_iter
    • #1725 added i2c component
    • #1729 added riscv toolchain to shell.nix
    • #1731 doc: ot: add notes 04-02-2020
    • #1732 doc: wg: opentitan: Move notes into right path
    • #1733 Cleanup core files in working group folder
    • #1734 move imix kernel tests into subdirectory
    • #1737 rust: Disable frame pointers on RISC-V targets only
    • #1738 rust: Turn on aggressive identical code folding
    • #1740 Core WG notes 04/03/2020
    • #1742 stm32f{3,4}xx: remove unused deferred calls code
    • #1743 Update stm32 boards makefiles
    • #1746 Fixed USART number for panic of stm32f3 boards
    • #1747 Notes from core-WG call 03/27/20
    • #1748 kernel: grant: fix allocation
    • #1749 add core-wg call notes from 4-10-2020
    • #1750 nRF52: Fix dynamic deferred calls
    • #1753 Bring back Travis memory reporting
    • #1755 capsules: remove block comment, rustfmt
    • #1757 capsules: virtual_uart: avoid double receive, check rx len, support custom buffer
    • #1759 doc: Update GPIO syscall for pseudo-stabilization
    • #1763 small grammar fixes + fix broken link
    • #1768 Notes from Core WG 04/17/2020 call
    • #1772 small fixes to docs
    • #1774 minor fixes to docs
    • #1778 rv32i,ibex: use ',' as sections specifier
    • #1779 capsules: process console: add fault to help msg
    • #1781 boards: hail: fix gpio pin assignments
    • #1782 OpenTitan fixes for 1.5
    • #1783 Updated instructions on running HiFive under qemu
    • #1785 fix imix in-kernel networking tests
    • #1786 rv32i: try a different section identifier
    • #1788 OpenTitan: README: Update the OpenTitan SHA
    • #1789 doc: Add syscall filter to syscall documentation
    • #1792 fix capability check error
    • #1793 Hifive updates
    • #1796 mark get_pin_mut() as unsafe
    • #1798 Add core WG talk notes for 2020-04-24.
    • #1804 doc: fix stack/data position on arch diagram
    • #1809 arty-e21 updates
    Source code(tar.gz)
    Source code(zip)
  • release-1.5-rc4(Apr 30, 2020)

  • release-1.5-rc3(Apr 24, 2020)

    Third release candidate. Updates since 1.5-rc2:

    • Fixes/updates to networking tests
    • Update OpenTitan HW commit
    • Fix for riscv linker section names on mac
    • Updates to syscall.md doc
    • Updates to HiFive board and sifive PWM disable function
    • Mark STM32 GPIO function as unsafe
    • Avoid uart recv aborts in virtual_uart
    Source code(tar.gz)
    Source code(zip)
  • release-1.5-rc2(Apr 22, 2020)

    Next 1.5 release candidate. Includes a couple bug fixes:

    • Adds "fault" to process console help.
    • Fixes pins for hail and opentitan.
    • Adds HiFive instructions.
    • Renames the RISC-V linker sections.
    Source code(tar.gz)
    Source code(zip)
  • release-1.5-rc1(Apr 20, 2020)

    This is the first testing release for Tock 1.5.

    Highlights of this Release

    • New Features and Development

      • #1338 Added generic components
      • #1428 Add MPU configuration to panic print message
      • #1443 Add strace feature to kernel
      • #1480 Remove unsafe from TBF parsing in kernel
      • #1505 Add InterruptService abstraction
      • #1511 Complete transition to register interface
      • #1082 Processes are fully restartable
      • #1581 Capabilities in networking stack
      • #1589 RISC-V PMP implementation
      • #1590 Refactor panic!() printing implementation
      • #1680 Add hook for syscall filtering
      • #1748 Update in-kernel grant interface
    • New capsules

      • #1430 Low level debug
      • #1580 Log storage
      • #1715 HD44780 LCD
      • #1723 l3gd20 3 axis gyro and temperature sensor
    • New Boards

      • #1460 OpenTitan
      • #1492 nRF52840 Dongle
      • #1674 STM32F3Discovery
    • New Documentation

      • #1632 Tock threat model
      • #1466 Tock design goals

    All Merged PRs:

    • #1338 Add generic components that any board can use
    • #1368 Tock Register Interface: help ensure correct use
    • #1392 Add functional unit tests for the kernel ring buffer.
    • #1393 Add cargo test for chips and archs on ci-travis.
    • #1394 Make process::alloc() take the alignment into account.
    • #1396 Fix typo in net::ipv6::ip_utils documentation.
    • #1397 Imix pin mapping documentation
    • #1398 hifive1: Increase stack size to 0x1000
    • #1399 Add Clippy Script + implement some clippy recommendations
    • #1401 arch/rv32i: Fixup MIE bit fields
    • #1403 put something useful in boards/README.md
    • #1404 turn the "getting started" guide into more of a tutorial
    • #1405 nrf52: add nRF52840 support to ficr.rs
    • #1406 allow GPIOs to be switched on
    • #1407 fix TOCK_KERNEL_VERSION
    • #1410 Add macro to generate register structs, and apply it to nrf52/clock (Fix #1400)
    • #1411 replace env! with option_env!
    • #1412 HiFive1: Add support for Machine Mode Interrupts
    • #1414 doc: fix various links and formatting
    • #1415 tools: add link checking script
    • #1417 Update rust and add update script
    • #1418 Fix path for kernel_layout.ld in nordic boards' build.rs.
    • #1420 SAM4L: create GLOC peripheral driver
    • #1421 make: freshen up board Makefile
    • #1422 Add support for multiple GPIO ports in chips/nrf5x.
    • #1425 RISCV addition for cycle and instruction counting
    • #1426 Add more variants to chips/nrf52/src/ficr.rs and keep them ordered in alphanumerical order
    • #1427 Add USB register mapping (for nRF52840-DK) to chips/nrf52.
    • #1428 Add MPU information to panic!() print
    • #1430 Implement the low-level-debug capsule.
    • #1431 fix slack invite link
    • #1432 Remove duplicate app register saving on context switch
    • #1434 Move USB control transaction handling to a separate module and add more descriptors.
    • #1435 Extend nrf52's UICR (NFC) and only erase its memory when needed
    • #1436 Remove impossible if-condition in cortex-m3 MPU
    • #1437 Add hifive1 support for user application
    • #1438 Add MIT to list of contributors
    • #1440 Make process_detail_fmt work with unknown app heap/stack pointers.
    • #1443 Add strace feature to trace syscalls in the kernel.
    • #1445 SiFive: PWM: Slight MMIO address correction
    • #1446 Use MaybeUninit in static_init instead of transmuting an option.
    • #1448 Drop messages instead of panicking when the debug buffer is full (Fix #1442).
    • #1450 Add comments to kernel/platform
    • #1451 rust2018: do not need macro_use
    • #1452 components: add generic spi, add to hail
    • #1453 components: make si7021 generic, add to hail
    • #1454 board: arty: use components
    • #1455 libraries: release tock-register-interface v0.4
    • #1456 Add DebugWriter component, use console component
    • #1458 register_structs!: Make output type public
    • #1460 Add the Ibex CPU and the OpenTitan Board
    • #1461 Add support for explicit visibility in register_structs.
    • #1463 Remove cargo.lock
    • #1466 doc/Design.md: Add 'Some in-kernel design principles` section
    • #1468 Update Nordic nrf52 chip model and variant
    • #1469 Fixed a typo.
    • #1471 RISC-V: OpenTitan Preparation
    • #1473 Replace IRC badge with Slack badge on README
    • #1474 Disable adc for deep sleep
    • #1476 UDP port binding + virtualization between apps and capsules
    • #1478 Add transmit_sync for sifive UART for use in panic
    • #1479 boards/hifive1: Remove duplicate PLIC enable
    • #1480 Rewrite TBF parsing logic
    • #1481 regs: Add Copy and Clone to InMemoryRegister
    • #1483 Remove dead code that double-checks the checksum
    • #1484 tools: Add setuptools to svd2regs.nix generated environment
    • #1486 Ensure the create_capability! macro cannot be called from capsules
    • #1487 Add missing panic! documentation in Porting Guide
    • #1488 boards/Makefile.common: Minor cleanup
    • #1489 register_structs!: Fix breakage of custom_test_frameworks
    • #1490 map the NRF52840-DK GPIOs correctly
    • #1492 Add support for the nrf52840_dongle board.
    • #1493 Remove direct dependency on nrf5x from nrf52dk_base.
    • #1494 Add support for power management in nrf52 chips.
    • #1495 Fix memory overuse in HiFive1 board
    • #1497 Mechanically align static_init_half with updated static_init macro.
    • #1498 Use the gpio::Pin enum in nRF52-based boards instead of raw numbers.
    • #1499 Add tests to capsules/alarm.rs
    • #1502 nRF52 UART updates - CTS/RTS optional, support PORT1 pins
    • #1503 Components: add GPIO, LED, AlarmMux, UartMux
    • #1504 nrf52: gpio: make disable_input a no-op
    • #1505 Add an InterruptService for chips of the nRF5x family.
    • #1506 doc: add style doc
    • #1507 doc: Add missing table of contents to docs
    • #1508 doc/policy: Core Team Information
    • #1509 doc: updating porting guide
    • #1510 RFC: Register visibility granularity
    • #1511 Migrate the last of the old arch stuff to the new registers interface
    • #1514 Add debug statements to show how and where process are loaded from flash to sram.
    • #1516 Fix nrf5x's counter register to use 24 bits instead of 32 (fix #1515).
    • #1519 doc: Add explicit Code of Conduct to top-level README
    • #1520 Fix in-kernel storage allocation macro and section.
    • #1522 Transitions virtual UART to use a deferred callback
    • #1523 Add a notice about QEMU support
    • #1525 update adc capsule to use grant
    • #1527 Improve display of MPU layout in Cortex-M panic handler
    • #1528 libraries/tock-cells: remove unsafe from TakeCell
    • #1529 Fix restarting apps
    • #1530 capsules: show process restarts in process console
    • #1531 Fix counting the number of syscalls a process has called.
    • #1533 libraries: cells: add more to numeric cell
    • #1535 Fix formatting bug in markdown
    • #1536 kernel: lib: make process::Error public
    • #1537 tock-registers: release v0.5
    • #1539 Update nrf52840dk README
    • #1540 Add a simple alarm test. It fires the first alarm in about 10 seconds.
    • #1541 use new components for nrf52 boards
    • #1543 Add support for USB bulk/interrupt on the nrf52 chip.
    • #1546 Update Rust nightly version
    • #1547 Use static_init in the DebugWriter component to create debug buffers.
    • #1548 Add kernel::debug::IoWrite trait and remove unsound str::from_utf8_unchecked (fix #1449)
    • #1550 readme: add link to docs.tockos.org
    • #1551 Add Analog_Comparator for nrf52840
    • #1553 doc: restore documentation for hidden items
    • #1554 Add support for structs with a lifetime parameter in register_structs.
    • #1556 Refactor Segger RTT and add a usb_debugging mode on the nRF52840-DK board
    • #1558 Fixing GPIO component and missing FloatingState
    • #1561 Add make audit command based on Cargo audit.
    • #1562 arch/rv32i: Implement proper atomic helper
    • #1564 chips: doc: update supported HIL table
    • #1565 kernel: Add trait for process restart policies
    • #1566 kernel: Add an "identifier" to AppId
    • #1567 libraries/riscv-csr: Fix warning under cargo test
    • #1570 CI: build the rust tools during CI
    • #1571 Update booting information with some details about RISC-V
    • #1574 arch/rv32i: Simplify mcause CSR parsing
    • #1578 boards/opentitan: Add support for the LED HIL
    • #1579 add set_vector_table_offset()
    • #1580 Create a log storage capsule
    • #1581 Layered networking capabilities
    • #1582 doc: fix syntax highlighting tag
    • #1587 arch/rv32i: Rework switch_to_userspace handler
    • #1588 kernel: give processes unique identifiers
    • #1589 Add support for RISC-V PMP
    • #1590 Printing system state refactoring between Chip and Process
    • #1592 chips/ibex: update for register layout changes
    • #1593 Removed useless allow(dead_code) in components.
    • #1594 Add OpenTitan Working Group
    • #1595 arch/rv32i: Fix up the PMP CFG offsets
    • #1596 Fix broken link to JTAG instructions
    • #1598 chips/ibex: Normalize timer interrupt handler
    • #1599 nrf52: remove duplicate radio reference
    • #1600 boards/opentitan: Hookup Low Level Debug (lldb)
    • #1601 Print out syscall return value as a format instead of a number
    • #1603 rv32i: pmp: use TOR in disable_mpu
    • #1604 arty-e21: enable PMP
    • #1605 opentitan: Increase the App memory
    • #1606 boards/opentitan: Fix bad pointer dereference
    • #1608 Correct Name Spelling
    • #1609 ADC Capsule: More work on supporting restarts.
    • #1610 boards/opentitan: Connect the GPIO capsule
    • #1611 Enable AES hardware block for OpenTitan
    • #1612 nRF51 Serialization: Support restarting apps
    • #1613 kernel: don't cache the process appid in main loop
    • #1614 CRC: Add set_client to HIL
    • #1615 opentitan: notes 2020-02-14
    • #1617 Update nrf52dk README
    • #1620 Notes from 2/21 call.
    • #1621 doc: wg: Add Silvestrs to the OpenTitan WG
    • #1622 doc: OpenTitan: add 2020-02-21 notes
    • #1623 Flash HIL: return buffers if errors
    • #1627 [libraries enum primitive]: fix failing tests
    • #1631 Update rust Feb, 2020
    • #1632 Add a threat model to Tock's documentation.
    • #1633 Updated the number of User LEDs for Nucleo_F429ZI
    • #1636 Fix race condition between DynamicDeferredCall and interrupts.
    • #1637 doc: notes from 2/28 core call
    • #1638 doc: ot: add 2020-02-28 notes
    • #1642 kernel: Fix recording last syscall
    • #1643 rust: remove all unused feature pragmas
    • #1644 chips/e310x: Fix spelling of suppress_all
    • #1645 doc: Update architecture diagram
    • #1647 chips/e310x: Remove unstable pragma
    • #1648 kernel: use NonNull, iterate on grant and appslice interfaces
    • #1649 chips/saml4: remove unstable pragma
    • #1653 kernel: stdize process_each and process_each_cap
    • #1655 Add new restart policy and configure hail to restart failed apps
    • #1656 kernel+process console: add grant usage
    • #1658 Add panic_button component and update the GPIO HIL accordingly.
    • #1659 Make UART control flow pin optional on Nordic boards.
    • #1660 DRAFT rust: disable frame pointers in the Tock kernel
    • #1661 Handle device register aliases explicitly
    • #1664 Generalize chip_layout.ld to Nordic boards and increase ROM size on nrf52840.
    • #1667 Implement a debug_enqueue! macro that writes to a ring buffer flushed only upon panicking.
    • #1668 Add --remap-path-prefix to make builds more deterministic and smaller.
    • #1669 Print a SHA-256 sum of built binaries, to check for reproducibility.
    • #1670 update rust to 2020-03-06
    • #1671 doc: ot: add notes 2020-03-06
    • #1672 Notes from Core-WG call 03/06
    • #1674 Porting to STM32F303 and STM32F3Discovery kit
    • #1677 [USB] Split each endpoint's state into independent IN and OUT sides.
    • #1678 Update I2cMaster driver number according to doc/syscalls/README.md
    • #1680 kernel: Add syscall filter to platform trait
    • #1681 Make nrf52* based boards compatible with bootloader.
    • #1683 Add @jrvanwhy to core team list
    • #1684 Updated nucleo to use components for led and alarm
    • #1686 Removed loop from io.rs panic_fmt for nucleo
    • #1687 Notes from core-WG call 03/13/20
    • #1688 Revert PR #1660
    • #1689 doc: ot: add notes from 2020-03-13
    • #1693 Fix remove_pending_callbacks formatting.
    • #1699 SAM4L: Update DMA peripheral driver
    • #1700 doc: wg: add core working group charter
    • #1704 opentitan: Disable aes_test
    • #1705 OpenTitan WG Roadmap
    • #1706 doc: ot: add notes 2020-03-19
    • #1708 Create core-notes-2020-03-20
    • #1709 added system call to set alarm to a relative tics
    • #1710 Add tock-on-titan's print_memory_usage.py script to the tools/ directory.
    • #1711 Updates size tool to have fixes requested in #1673
    • #1714 Use a Cargo workspace to make builds reproducible and speed up CI.
    • #1715 Capsule for HD44780 LCD
    • #1716 doc: ot: add 03-26-2020 notes
    • #1717 rv32i: pmp: Fix the app allocation calculator
    • #1719 tools: remove fixed bash interpreter path
    • #1722 stop running size reporting script in travis
    • #1723 capsule for l3gd20 3 axis gyro and temperature sensor
    • #1724 Remove option encapsulation in Kernel get_process_iter
    • #1725 added i2c component
    • #1729 added riscv toolchain to shell.nix
    • #1731 doc: ot: add notes 04-02-2020
    • #1732 doc: wg: opentitan: Move notes into right path
    • #1733 Cleanup core files in working group folder
    • #1734 move imix kernel tests into subdirectory
    • #1737 rust: Disable frame pointers on RISC-V targets only
    • #1738 rust: Turn on aggressive identical code folding
    • #1740 Core WG notes 04/03/2020
    • #1742 stm32f{3,4}xx: remove unused deferred calls code
    • #1743 Update stm32 boards makefiles
    • #1746 Fixed USART number for panic of stm32f3 boards
    • #1747 Notes from core-WG call 03/27/20
    • #1748 kernel: grant: fix allocation
    • #1749 add core-wg call notes from 4-10-2020
    • #1750 nRF52: Fix dynamic deferred calls
    • #1753 Bring back Travis memory reporting
    • #1755 capsules: remove block comment, rustfmt
    • #1757 capsules: virtual_uart: avoid double receive, check rx len, support custom buffer
    • #1759 doc: Update GPIO syscall for pseudo-stabilization
    • #1763 small grammar fixes + fix broken link
    • #1768 Notes from Core WG 04/17/2020 call
    • #1772 small fixes to docs
    • #1774 minor fixes to docs
    • #1778 rv32i,ibex: use ',' as sections specifier
    • #1779 capsules: process console: add fault to help msg
    • #1781 boards: hail: fix gpio pin assignments
    • #1782 OpenTitan fixes for 1.5
    • #1783 Updated instructions on running HiFive under qemu
    • #1785 fix imix in-kernel networking tests
    • #1786 rv32i: try a different section identifier
    • #1788 OpenTitan: README: Update the OpenTitan SHA
    • #1789 doc: Add syscall filter to syscall documentation
    • #1792 fix capability check error
    • #1793 Hifive updates
    • #1796 mark get_pin_mut() as unsafe
    • #1798 Add core WG talk notes for 2020-04-24.
    • #1804 doc: fix stack/data position on arch diagram
    • #1809 arty-e21 updates
    Source code(tar.gz)
    Source code(zip)
  • release-1.4.1(Nov 1, 2019)

  • release-1.4(Oct 8, 2019)

    For Tock 1.4 we had five milestones for the release:

    • #1230 (Docs: Add README.md to /libraries/enum_primitive)
    • #1215 (Tracking: Unified Course)
    • #1167 (UART HIL re-design)
    • #1233, #1297 (GPIO HIL re-design)
    • #1234 (Time HIL re-design)

    The major changes are around updating HIL interfaces (UART, Time, and GPIO). Other changes include:

    • Initial support for RISC-V architectures.
    • Update to Userland-Kernel boundary interface.
    • Add nucleo-based boards.
    • Add ACD52832 board.
    Source code(tar.gz)
    Source code(zip)
  • release-1.4-rc3(Oct 4, 2019)

    Updates:

    • Queued callbacks that haven't been issued when the callback is canceled or replaced are now removed.
    • PMP driver removed for arty-e21.
    • Several documentation updates.
    Source code(tar.gz)
    Source code(zip)
  • release-1.4-rc2(Sep 26, 2019)

  • release-1.4-rc1(Sep 24, 2019)

    This is a feature-based release based on updates to three HILs: GPIO, UART, and Time.

    Other major changes:

    • Initial support for RISC-V architectures.
    • Update to Userland-Kernel boundary interface.
    • Add nucleo-based boards.
    • Add ACD52832 board.
    Source code(tar.gz)
    Source code(zip)
  • release-1.3(Nov 30, 2018)

    This is a large milestone-based release of Tock that encompasses numerous changes made by many contributors over the last five months. We set two main goals for this release which were tracked in the following issues:

    • [#985] Make Tock Architecture Agnostic: The core Tock kernel should support running on non-Cortex-M platforms.
    • [#1154] Userland UDP: There is now an interface to send and receive UDP packets from userland.

    We re-architected the core kernel to (hopefully!) remove all assumptions that Tock is running on a Cortex-M platform, and moved all of the architecture-specific code to the /arch crates. This will enable Tock to run on other architectures in the future, like Cortex-MF or RISC-V.

    We also significantly improved the IPv6/6LoWPAN based networking stack in Tock (built on top of 802.15.4) to enable UDP packet send and receive from userland. This is a promising step towards a full networking stack in Tock.

    While we waited to complete these two goals before doing a release, numerous other changes were also made along the way. To briefly summarize:

    • The debug module in the kernel now includes a generic panic!() routine used by many boards.
    • The kernel debug module is now a direct user of a UART object rather than a psuedo-process. This provides more flexibility and simplifies the kernel internals.
    • Capabilities are a new feature for controlling access to sensitive (but public) internal Tock APIs.
    • The ADC HIL changed to handle different resolution ADCs.
    • The UART HIL changed to include a configure() method.
    • The randomness HILs now support multiple widths and entropy and RNG versions.
    • Tock switched to the LLVM toolchain, removing the need for ARM gcc.

    More details can be found in the CHANGELOG file.

    Stability Guarantees

    This release does not include any new API stability guarantees.

    Testing and Board Support

    This release was tested on these platforms:

    • nRF51DK
    • nRF52DK
    • Hail
    • imix
    • LaunchXL CC26x2
    Source code(tar.gz)
    Source code(zip)
  • release-1.3-rc5(Nov 30, 2018)

    More little fixes:

    • Fix version handling when Tock is used from a .zip rather than git.
    • Imix supports 4 processes.
    • Few doc fixes.
    • make in root lists boards properly.
    Source code(tar.gz)
    Source code(zip)
  • release-1.3-rc4(Nov 30, 2018)

    This RC includes a couple changes:

    • Fix nRF51 main.rs to work with recent Tock changes.
    • Update the imix LED mapping to be more consistent with the PCB labels.
    Source code(tar.gz)
    Source code(zip)
  • release-1.3-rc3(Nov 29, 2018)

    This includes a couple minor fixes:

    • Fixes for the imix kernel tests to bring them up-to-date.
    • Fix pin mappings for nrf52dk platforms.
    • Fixes in the configuration of the launchxl platforms.
    Source code(tar.gz)
    Source code(zip)
  • release-1.3-rc2(Nov 26, 2018)

  • release-1.3-rc1(Nov 19, 2018)

    First release candidate for testing Tock 1.3.

    Primary Changes in this Release

    • [#985] Make Tock Architecture Agnostic: The core Tock kernel should support running on non-Cortex-M platforms.
    • [#1154] Userland UDP: There is now an interface to send and receive UDP packets from userland.
    Source code(tar.gz)
    Source code(zip)
  • release-1.1-2018-04(Apr 25, 2018)

    This is the second rolling release. This release includes 365 commits with bug fixes and feature additions.

    Major improvements over 1.0 include a new register interface, automatic deep sleep for most SAM4L peripherals, and moving the BLE subsystem our of the NRF5x crates.

    Ports to the nRF52 development kit and Hail and imix, based on the Atmel SAM4L, are considered stable and are backwards compatible with 1.0. An initial port to the CC26xx series of platforms is included but not yet stable. It also includes system call drivers that comply with the 1.0 system call ABI for process loading and:

    • Alarm
    • Console
    • LEDs
    • Buttons
    • GPIO
    • ADC
    • Ambient Temperature
    • Humidity
    Source code(tar.gz)
    Source code(zip)
    blink.tab(10.00 KB)
    buttons.tab(10.00 KB)
    hail.elf(2.05 MB)
    hail.tab(200.00 KB)
    imix.elf(2.76 MB)
    nrf52dk.elf(1.38 MB)
    sensors.tab(60.00 KB)
  • release-1.0-2018-02(Feb 13, 2018)

    This is the first rolling release. It includes ports to the nRF52 development kit and Hail and imix, based on the Atmel SAM4L. It also includes system call drivers that comply with the 1.0 system call ABI for process loading and:

    • Alarm
    • Console
    • LEDs
    • Buttons
    • GPIO
    • ADC
    • Ambient Temperature
    • Humidity
    • Luminance
    Source code(tar.gz)
    Source code(zip)
Owner
Tock Embedded OS
Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on low-memory and low-power microcontrollers
Tock Embedded OS
A lightweight microkernel/IPC based operating system built with Rust which is not a clone of any existing operating system

Noble Operating System Noble is a lightweight microkernel and IPC based operating system built with Rust which is not a clone of any existing operatin

Revolution Xenon 3 Jan 10, 2022
A Real Time Operating System in Rust for Cortex M3 embedded systems

A Real Time Operating System in Rust for Cortex M3 embedded systems

Manuel Forcén Muñoz 5 Jun 1, 2022
Writing an OS in Rust, To Study Operating System and Computer System

Hun Os Writing an OS in Rust, To Study Operating System and Computer System Reference Os Written In Rust https://github.com/seonghun-dev/blog_os https

Jung Seonghun 2 Dec 15, 2022
Hubris is a microcontroller operating environment designed for deeply-embedded systems

A lightweight, memory-protected, message-passing kernel for deeply embedded systems.

Oxide Computer Company 2.1k Jan 6, 2023
A hobby operating system, in Rust

intermezzOS: kernel intermezzOS is a hobby operating system. This repository is for its kernel. See the website for more. License This project is dual

intermezzOS 1.3k Jan 1, 2023
The Stupid Operating System

Stupid Operating System SOS is a simple, tiny toy OS implemented in Rust. I'm writing this mostly for fun, to learn more about OS design and kernel ha

SOS 241 Dec 15, 2022
Aero is a new modern, unix based operating system. It is being developed for educational purposes.

Areo Aero is a new modern, unix based operating system written in Rust and is being developed for educational purposes. Aero follows the monolithic ke

Anhad Singh 623 Dec 24, 2022
A new operating system kernel with Linux binary compatibility written in Rust.

Kerla Kerla is a monolithic operating system kernel from scratch in Rust which aims to be compatible with the Linux ABI, that is, runs Linux binaries

Seiya Nuta 3.1k Jan 1, 2023
Operating system written in Rust for NumWorks calculator (model n0110)

RustWorks An OS (eventually) for the Numworks calculator (model n0110). Setup First install Rust by following these instuctions then: rustup target ad

null 30 Nov 10, 2022
The official kernel for Popcorn OS, and operating system designed for handheld devices.

About Popkern is the kernel for Popcorn OS, an operating system designed for handheld devices. As such, the kernel is (to be) optimised at all levels

Team Scena 3 Sep 19, 2021
Geng wanzheng ([a] more complete) asynchronous operating system

更完整系统(GWZOS) 更完整系统的目的是编写一个异步功能完整的异步操作系统。我们希望尽可能完整地实现异步内核的核心概念,提供相应的驱动、软件生态系统,为未来内核的设计探索可能的实现方案。对比不同解决方案的性能开销,得到较详细的内核验证结论。 感谢大家对项目的支持!接龙链接 设计文档请参考: 无相

Luo Jia 10 Aug 26, 2021
SteinsOS is an operating system written in Rust

SteinsOS is an operating system featuring non-preemptive kernel targeting on single-core armv8 architecture.

Sheng 84 Dec 15, 2022
Xrs is a POSIX-subset operating system kernel written in Rust.

XRS-OS ( ?? WIP) Xrs is a POSIX-subset operating system kernel written in Rust. Current project team members 0x5459 core developer (he/him) 0x5457 cor

null 7 Nov 16, 2022
A simples rust operating system that prints hello world.

rust-os-helloworld A simples rust operating system that prints hello world. Just run: cargo install bootimage and: cargo bootimage Install QEMU and: q

null 3 Nov 24, 2021
An attempt at an operating system written in Rust

Rust Operating System An attempt at a simple operating system in Rust and a semester project for the Operating Systems course at CS@UCU. Documentation

Andriy Sultanov 10 Jan 15, 2022
A small operating system, for my own learning

taos This project is the result of following Philipp Oppermann's series of tutorials in building a small operating system kernel targeting x86-64, alo

null 0 Nov 7, 2021
Cute tiny operating system for RISC-V. ฅ•ω•ฅ

MoeOS ⁄(⁄ ⁄•⁄ω⁄•⁄ ⁄)⁄ ٩(^ᴗ^)۶欢迎参观MoeOS的仓库,MoeOS是一个小巧可爱(并不)的操作系统,目前全力支持RISC-V中。 (*≧▽≦)因为还只是一个玩具操作系统,就别要求她能做太多事情啦!现在功能还不完善,会慢慢加的! 编译 呐,你想给我找个家么? 目前MoeOS

Rui Li 30 Nov 11, 2022
Rux - An x86_64 toy operating system kernel written in Rust

Rux - An x86_64 toy operating system kernel written in Rust. Rux is a port of the Hux kernel, my x86 32-bit single-CPU toy kernel written in C, following the OSTEP book structure and terminology.

Guanzhou Jose Hu 6 Feb 26, 2022
A RISC-V and unix-like operating system developed just for fun.

Orca 虎鲸 A RISC-V and unix-like operating system developed just for fun. Schedule [*] bootloader (use RustSBI-qemu) [ ] linker & stack [ ] memory alloc

Mr.Z 4 May 29, 2022