A secure embedded operating system for microcontrollers
Tock 2.1.1 fixes an issue present in the Tock 2.0 and Tock 2.1 releases concerning system call error return values issued when userspace applications were issuing system calls towards non-existent capsules.
Tock 2.1 has seen numerous changes from Tock 2.0. In particular, the new system call interface introduced with Tock 2.0 has been refined to provide more guarantees to processes with respect to sharing and unsharing buffers and upcalls. Other changes include the introduction of a userspace-readable allow system call, support for new HILs and boards, and various other bug-fixes and improvements to code size and documentation.
SyscallReturnVariant
enum variant has been changed from SuccessU64U32
to SuccessU32U64
(#3175).VirtualMuxAlarm
s now require the setup()
function to be called in board set up code after they are created (#2866).Grant
logic itself (#2906). This change has multiple implications for users of Tock:
Grant
type accepts the number of read-only and read-write allow buffers, as well as the number of subscribe upcalls. It will reserve a fixed amount of space per Grant
to store the respective allow and subscribe state. Thus, to make efficient use of Grant
space, allow buffer and subscribe upcall numbers should be assigned in a non-sparse fashion.allow
operation. Similarly, subscribe
can now be used to infallibly ensure that a given upcall will not be scheduled by the kernel any longer, although already enqueued calls to a given upcall function can still be delivered even after a subscribe
operation. The precise semantics around these system calls are described in TRD 104.hasher
public_key_crypto
This release was tagged despite several known bugs in non-tier-1 boards, so as to avoid delaying the release. These include:
adc
app runs, but eventually hangs in the app (seems to be caught in the exit loop, but not sure why it gets there)gpio
example fails to generate interrupts on the input pin. This board is likely to be deprecated soon anyway, as it is no longer available for sale.const
(#3126 by @brandenburg)asm_const
(#3083 by @hudson-ayers)extern "C"
symbols (#3080 by @lschuermann)#![feature(const_mut_refs)]
(#3082 by @hudson-ayers)$CI
to $NOWARNINGS
(#3075 by @bradjc)2022-02-18
. (#2978 by @jrvanwhy)none
method for FieldValue type. (#3013 by @qwandor)memory
target to run print_tock_memory_usage.py for the board (#2872 by @bradjc)expect("xx")
, replace with unwrap()
(#2857 by @hudson-ayers)kernel::CONFIG
constant (#2837 by @hudson-ayers)This is the first testing release for Tock 2.1!
Tock 2.1 represents a year of general improvements since our last release. It includes code size improvements, progress towards stable Rust, and numerous core kernel improvements, new chip drivers, new platforms, and bug fixes. Importantly, this release will be the first post-2.0 release which libtock-rs can soundly target, thanks to the additional guarantees provided in Tock 2.1 regarding allow-buffer swapping and callback-swapping. A full change list will be included with the final release notes.
This is the second major release of Tock! Tock 2.0 comes with a revamped system call interface with clarified semantics for how resources are shared between processes and the kernel. This is a breaking change from Tock 1.x and Tock 2.0 requires apps compiled for the new syscall interface.
AllowReadOnly
and Exit
. Allow
has been renamed to AllowReadWrite
.Grant
, and each capsule may only have up to one grant.Chip
and Platform
traits in the kernel have been refactored. Chip
now only includes functions that are tightly coupled with microcontrollers. Platform
has been divided into separate, clearly defined traits.KernelResources
trait. This replaces the previous ad-hoc approach where some configuration was passed in as function arguments and others where in a trait. Additionally, individual boards can now choose to exclude chip peripherals which they do not use.feature_X.rs
, such as process_standard.rs
and process_utilities.rs
.list
GrantMemory
to GrantData
print_tock_memory_usage.py
make allaudit
ReturnCode
with Result<(), ErrorCode>
main()
unsafe
handlingmut_ptr
method from ReadWrite
traitinstall
make target for boardsfrom
fn&mut self
i2c_master
to Tock 2.0 Driver trait_start_trap()
assemblyErrorCode::From
map_or
return valuesmake prepush
commands to avoid clippy bugThis is the second testing candidate for Tock 2.0. This includes a few fixes from rc1:
This is the first testing release for Tock 2.0!
Tock 2.0 represents over a year of work towards a revised system call interface for the Tock kernel. It also includes numerous core kernel improvements, new chip drivers, new platforms, and bug fixes. A full change list will be included with the final release notes.
If you are looking to update any out-of-tree code to 2.0 there is a porting guide.
The 1.6 release of Tock includes numerous improves as we work towards the 2.0 release of Tock. Tock 2.0 will include breaking syscall changes, and before those changes we wanted to ensure the changes over the last couple months made their way into a 1.x release. So here it is!
The major change in this release is in PR #1767 which added a Scheduler
trait allowing Tock to cleanly support different schedulers. That PR also included four different schedulers that boards can choose from when configuring the kernel.
As Tock continues to run on more and more hardware, 1.6 is no different. This release includes support for:
Tock's HIL interfaces go through periodic re-designs as bugs come up and new hardware platforms expose issues or oversights. The time.rs
HIL (alarms and timers) saw the major update in 1.6 (#2089).
While Tock was originally designed for userspace processes to be compiled with PIC (meaning they can be executed at any address), both LLVM and RISC-V do not (yet?) support the PIC mode that Tock requires. While we wait, we use statically compiled TBF apps, and the tooling and kernel support for apps compiled for fixed addresses has improved significantly (#1845, #1928, #1930).
There has been some renewed interest in USB stack developments, and 1.6 includes support for UART over USB (using CDC-ACM) (#1902), as well as USB support on OpenTitan (#1846).
Release testing exposed a few minor bugs and configuration mishaps. There were a couple MPU changes between RC1 and the release, however. First, when restarting apps the MPU is correctly reconfigured. Second, the RISC-V PMP restricts access to the grant region now.
Of course those are just some highlights of development since 1.5. There have been a whole host of improvements:
AppPtr::Drop()
and Owned::Drop()
llvm_asm!
s to asm!
simpl<T: Copy>
ProcessType
sAPP_MEMORY
slice.asm
feature flagscrate_visibility_modifier
, aka crate -> pub(crate)tock-rt0
related cosmetic changes.sudo
keyThe 1.6 release of Tock includes numerous improves as we work towards the 2.0 release of Tock. Tock 2.0 will include breaking syscall changes, and before those changes we wanted to ensure the changes over the last couple months made their way into a 1.x release. So here it is!
The major change in this release is in PR #1767 which added a Scheduler
trait allowing Tock to cleanly support different schedulers. That PR also included four different schedulers that boards can choose from when configuring the kernel.
As Tock continues to run on more and more hardware, 1.6 is no different. This release includes support for:
Tock's HIL interfaces go through periodic re-designs as bugs come up and new hardware platforms expose issues or oversights. The time.rs
HIL (alarms and timers) saw the major update in 1.6 (#2089).
While Tock was originally designed for userspace processes to be compiled with PIC (meaning they can be executed at any address), both LLVM and RISC-V do not (yet?) support the PIC mode that Tock requires. While we wait, we use statically compiled TBF apps, and the tooling and kernel support for apps compiled for fixed addresses has improved significantly (#1845, #1928, #1930).
There has been some renewed interest in USB stack developments, and 1.6 includes support for UART over USB (using CDC-ACM) (#1902), as well as USB support on OpenTitan (#1846).
Of course those are just some highlights of development since 1.5. There have been a whole host of improvements:
AppPtr::Drop()
and Owned::Drop()
llvm_asm!
s to asm!
simpl<T: Copy>
ProcessType
sAPP_MEMORY
slice.asm
feature flagscrate_visibility_modifier
, aka crate -> pub(crate)tock-rt0
related cosmetic changes.sudo
keyTock 1.5 is a periodic release so that there is at least one tested 1.x release before Tock 2.0. It includes updated components, more RISC-V development, new supported boards, improved process handling, and a host of other changes.
New Features and Development
InterruptService
abstractionNew capsules
New Boards
New Documentation
setuptools
to svd2regs.nix
generated environmentUpdates in this RC: