Rust-Tock release-2.0: tock — A secure embedded operating system for Cortex-M based microcontrollers

Latest Release: release-2.0

This is the second major release of Tock! Tock 2.0 comes with a revamped system call interface with clarified semantics for how resources are shared between processes and the kernel. This is a breaking change from Tock 1.x and Tock 2.0 requires apps compiled for the new syscall interface.

System Call Interface Changes

  • Two new system calls: AllowReadOnly and Exit. Allow has been renamed to AllowReadWrite.
  • System calls can now return up to 4 registers of values to userspace. This flexibility introduces some additional restraints on capsule code, see for more details.
  • Additional restrictions on how capsules implement Subscribe and Allow, with some in-kernel checks of these restrictions.

New Requirements in Tock 2.0

  • All apps must include a TBF header specifying the minimum supported kernel version they require. By default, the process loader will check this header and refuse to load apps which are not explicitly compatible with 2.0.
  • All capsules must store any process state in a Grant, and each capsule may only have up to one grant.

Other Major Changes

  • The Chip and Platform traits in the kernel have been refactored. Chip now only includes functions that are tightly coupled with microcontrollers. Platform has been divided into separate, clearly defined traits.
  • How boards configure the kernel has been clarified. All resources the kernel needs to operate for a specific board are specified in the KernelResources trait. This replaces the previous ad-hoc approach where some configuration was passed in as function arguments and others where in a trait. Additionally, individual boards can now choose to exclude chip peripherals which they do not use.
  • The kernel crate has been reorganized. Kernel exports are more clearly structured, and use full module paths by default. Inside the kernel crate, related files are namespaced as, such as and
  • The process console now is able to print memory maps.

New Platforms

  • Nano RP2040 Connect
  • Clue nRF52840
  • BBC Micro:bit v2
  • WeAct F401CCU6 Core Board
  • i.MX RT 1052 Evaluation Kit
  • Teensy 4.0
  • Pico Explorer Base
  • Rapsberry Pi Pico
  • LiteX on Digilent Arty A-7
  • Verilated LiteX simulation
  • ESP32-C3-DevKitM-1

New HILs

  • key/value store
  • 8080 bus (for LCDs)
  • text screen
  • screen
  • touch

All Merged PRs

All merged pull requests
  • #2799: doc: misc updates
  • #2798: doc: wg: core: maintenance update
  • #2778: [clue_nrf52840] Integrate tock bootloader
  • #2793: capsules: pconsole: fix kernel print
  • #2789: [cortex-m0+] Enable unprivileged mode and fix fault handler
  • #2744: Changelog for 2.0 release.
  • #2769: docs: syscalls: Update stability guarantees for 2.0
  • #2753: readme: update with 2.0 news!
  • #2794: capsules: update touch driver
  • #2792: process console: update doc comment with recent changes
  • #2714: make: add aliases for root makefile commands
  • #2752: kernel: load_processes: do not skip indices for padding apps
  • #2768: add core notes 2021-08-13
  • #2784: [stm32] Update stm32 boards
  • #2783: ESP32-C3: Add support for running apps
  • #2786: [imxrt1050-evkb] Fix GPIO interrupts
  • #2787: [spi] Update virtual_spi to report errors
  • #2791: Update touch panel and ft6x06 drivers
  • #2790: [nano_rp2040] Update makefile
  • #2725: First step on SPI documentation
  • #2779: Adjust app's watermark only for memory buffers
  • #2765: OpenTitan: Flash fixes
  • #2742: [arm] Cortex M0+ region
  • #2781: capsules/alarm: remove command 4 "set absolute expiration"
  • #2780: [imxrt1050-evkb] Fix number of processes supported and add process console
  • #2774: Update bus to prevent adding the SPI to the MUX twice
  • #2777: [nano33ble] Enabled ADC
  • #2776: Update Clue nRF52840
  • #2767: nrf: pwm: handle 0 hz case
  • #2766: Quick fix elf2uf2 installation steps
  • #2761: boards/litex: bump targeted tock-litex release
  • #2762: Minor updates to SD card docs and error codes
  • #2758: boards/redboard_artemis_nano: Fixup issues with release tests
  • #2738: Update Microbit v2 README
  • #2764: boards/nrf52840: fix button driver number in Grant allocation
  • #2719: [rp2040] Use clocks frequency to set UART baud rate
  • #2729: Core working group notes of 2021-07-30
  • #2712: make: update stack-analysis format
  • #2749: A few OpenTitan fixes for 2.0
  • #2745: Fix the multi_alarm_test to provide output, refactor it
  • #2750: boards/esp32c3: Fixup tests
  • #2751: [rp2040] Fixed gpio pin numbers in interrupt handler
  • #2748: fix broken error handling in allow for udp
  • #2746: fix log test
  • #2743: fix MLFQ component after kernel reorg
  • #2737: Core wg call notes, August 6th
  • #2740: Rename allow's argument from slice to buffer
  • #2739: kernel: syscall driver: fix sample code path
  • #2735: Display driver number in hex for allocation warning
  • #2736: Fix LED Matrix message typo
  • #2731: cdc: delay before sending data
  • #2722: Process console: only print one process if two have the same name
  • #2732: capsules: hts221: fix i2c read command
  • #2720: Process console: iterate each process on command list
  • #2718: pconsole: separate hello message from start()
  • #2733: kernel: sched: priority: get correct proc index
  • #2723: arch: cortex-m: defend against large stack pointer
  • #2715: Move boards that have large main stack frames to get_peripherals
  • #2692: trd/104-syscalls: clarify guarantees w.r.t. returned Allow buffers
  • #2566: Make SPI return buffers upon error
  • #2687: Create core-notes-2021-07-23
  • #2701: Separate schedule_upcall number and values through Rust types
  • #2716: readme: update chip support table
  • #2669: [rfc] Comptibility header (v1)
  • #2713: make: remove rustup nonsense with make V=1
  • #2705: boards/litex: bump targeted tock-litex release
  • #2710: doc: add capsules to capsule readme
  • #2708: doc: various link and spelling fixes
  • #2681: Add Arduino Nano RP2040 Connect
  • #2695: virtual_alarm: handle large dt values more resiliently
  • #2706: capsules: hmac: A few small fixes
  • #2644: OpenTitan: Bump the FPGA bitstream
  • #2665: kernel/hil/time: allow time to be a dyn trait object
  • #2688: Add new time trd with ConvertTicks trait
  • #2703: Flash components
  • #2675: Added troubleshooting for microbit v2 if openOCD could not find MEM-AP
  • #2698: Updated lps25hb to handle i2c errors
  • #2177: TBF Header Persisent Access Control
  • #2694: Update hts221 to handle i2c errors
  • #2682: I2c return buffer for fxos8700cq
  • #2683: Update isl29035 to handle i2c errors
  • #2704: readme: spelling
  • #2581: Add I2C error verifications for lsm303
  • #2702: fixed led matrix toggle bug
  • #2686: capsules: sha: Support a shorter destination buffer
  • #2689: msp432/adc: document safety invariants on &[u8] to &[u16] conversion
  • #2699: Fix make indentation for ST boards READMEs
  • #2659: Reorganize kernel/ Crate
  • #2696: Update the Pico Explorer Base
  • #2578: Initial support for the ESP32-C3 early dev board
  • #2680: Add Pico Explorer Base development board
  • #2691: Core working group notes of 2021-07-16
  • #2674: Notes from Tock Core WG meeting July 9th
  • #2685: hil/gpio: add Copy and Clone to enums
  • #2679: [st77xx] make reset pin as optional
  • #2677: Makefile: Add setup support for dnf systems
  • #2678: Add SPI to RP2040
  • #2673: Update imxrt to use new kernel exports
  • #2664: Add core WG notes from 2021-07-02
  • #2672: Update nucleo
  • #2671: Update stm32f412gdiscovery
  • #2667: Update stm32f3 discovery
  • #2668: Update raspberry pi pico
  • #2666: Update microbit_v2
  • #2653: Update text_screen driver to avoid re-enter to grant
  • #2638: Rename Driver trait parameters for consistency
  • #2656: kernel: schedule upcall, bool -> Result
  • #2632: Support aliasing of process-allowed memory
  • #2614: OpenTitan: Add SHA support
  • #2663: Auto implement Group Traits
  • #2655: kernel: hil: aes: Allow returning an error when setting mode
  • #2662: Update CRC system call driver
  • #2661: TRD104 changing "identifier" to "number"
  • #2660: doc: trd104 minor edits
  • #2639: Tock 2.0: implement Upcall swapping restrictions (v4)
  • #2636: Redesign CRC HIL & fix SAM4L implementation
  • #2658: Minor updates to
  • #2657: Update screen to avoid grant re-enter
  • #2647: Add a Makefile rule to run cargo-bloat
  • #2648: Move kernel code out of monomorphized functions
  • #2446: Tock 2.0 Alpha1
  • #2506: kernel: Reorganize
  • #2643: Add working group notes for 6/25/2021
  • #2634: OpenTitan: Run tests
  • #2652: raspberry_pi_pico: delete semihosting comment
  • #2182: Stm32f412g: Add rng support
  • #2651: kernel: grant: rename GrantMemory to GrantData
  • #2645: rp2040: SysInfo peripheral
  • #2650: doc: trd104: spell check
  • #2646: Tock registers v0.7
  • #2629: OpenTitan: AES: Update the AES implementation
  • #2642: Tock reg UIntLike
  • #2601: Change qemu-path to relative path.
  • #2618: tock-register-interface: reorganize & document
  • #2623: imxrt10xx: Add DMA peripheral, integrate DMA into LPUART
  • #2640: fixed broken hyperlinks to the "getting started" page
  • #2442: board: Raspberry Pi Pico Tock port
  • #2627: Core working group notes of 2021-06-11
  • #2599: Add integration test support in the kernel, create tests for OpenTitan
  • #2626: boards/nordic/nrf52840dk: Connect the userspace SPI capsule
  • #2619: Add I2C slave support for nRF
  • #2595: OpenTitan: Initial support for OTBN
  • #2621: Add core WG notes for 2021-06-04.
  • #2617: Update TRD104 to more clearly state the expectations for allowed buffers.
  • #2624: Fixes three printing bugs in
  • #2622: [led_matrix] LEDs array macro
  • #2511: Define StatusCode which uses ErrorCode's numeric encoding
  • #2612: Update the nRF I2C
  • #2616: Fix a bug in the SPI controller capsule.
  • #2580: Add I2C error verifications for Bus and St77xx
  • #2585: boards/Makefile: remove relative libtock-c path assumptions
  • #2611: Add I2C error verifications for touch
  • #2607: Add I2C error verifications for apds9960
  • #2608: shell.nix: add cxxfilt Python package
  • #2620: Rename Platform structure to MicroBit
  • #2587: New ProcessConsole features
  • #2598: doc: trd-hil: add tips from tock-book
  • #2606: build with codegen-units = 1 to reduce code size
  • #2609: opentitan: README: Update the QEMU requirement
  • #2586: OpenTitan: Update the HMAC Implementation
  • #2613: fix Yaffs1 link in tickv README
  • #2582: document compiler fence before switching to userspace
  • #2605: allow size printing tool to be used on non-arm architectures
  • #2596: boards: make: check for rustup
  • #2604: Add core WG notes for 2021-05-28
  • #2592: Add core WG notes for 2021-05-21.
  • #2602: Fix: Replaced the cfg file with the rev B version.
  • #2600: Fix make allaudit
  • #2589: Bump rust nightly version to 2021-05-27 to fix tock-registers
  • #2597: opentitan: Bump the OpenTitan bitstream
  • #2538: Make I2C trait return buffers upon request error
  • #2588: add core notes 2021-05-07
  • #2584: add notes for core wg meeting 2021-05-14
  • #2583: doc/ Add the missing TbfHeaderV2Permissions length
  • #2509: opentitan: Bump the OpenTitan bitstream SHA and enable ePMP
  • #2172: TBF Header Permissions
  • #2517: tock-registers: use traits for accessing / manipulating registers
  • #2576: litex/uart: fix TX race condition of unexpected txfull interrupt
  • #2577: Nonvirtualized userspace driver Grant migration fixes
  • #2572: capsules/l3gd20: migrating non-virtualized driver to Grants
  • #2565: April 30th, Core WG Call Notes
  • #2574: capsules/lsm303agr: migrating non-virtualized driver to Grants
  • #2575: capsules/ltc294x-grant: migrating non-virtualized driver to Grants
  • #2571: chips: e310x: check for pending mtimer interrupt
  • #2567: Led HIL for LedMarix
  • #2552: Core working group notes of 2021-04-23
  • #2562: capsules/gpio_async: enforce grant/single-process
  • #2558: capsules/spi_controller: migrate non-virtualized driver to Grants
  • #2547: capsules/i2c_master_slave_driver: use grant, enforce single process
  • #2559: capsules/spi_peripheral: migrate non-virtualized driver to Grants
  • #2560: capsules/sdcard: migrate non-virtualized userspace driver to Grants
  • #2549: Notes for April 16 core call
  • #2554: capsules/pca9544a: use grant, enforce single process …
  • #2555: capsules/mlx90614: use grant, enforce single process
  • #2556: capsules/lps25hb: use grant, enforce single process
  • #2557: capsules/tsl2561: use grant, enforce single process
  • #2553: capsules/max17205: use grant, enforce single process
  • #2550: Update error code text in HIL TRD.
  • #2542: Change the Nano33BLE to the StopWithDebug fault response
  • #2520: tools/board-runner: Improve documentation and OpenTitan support
  • #2543: Update micro:bit readme
  • #2546: Implement driver for HTS221 temperature sensor
  • #2528: Add a "panic" command to process console
  • #2518: Lsm303dlhc: Enforce use by a single process, move callback to Grant
  • #2544: doc: Fix broken link
  • #2537: kernel: Change ProcessFaultPolicy to a trait, add StopWithDebug policy
  • #2507: Rename AppId to ProcessId (v2)
  • #2541: Fix NRF52 802.15.4 radio bug on CCA busy + add UDP/802154 driver to Nano 33
  • #2535: Proximity capsule: don't double enter grant
  • #2431: Polishing pass on Tock 2.0 system call TRD.
  • #2510: Rewrite the interface between and
  • #2524: Finalizing TRD 101.
  • #2529: Rewrite of GPIO TRD to follow the new traits.
  • #2523: TRD for HIL design
  • #2534: kernel: introduce debug::panic_print for boards without LEDs
  • #2521: capsules: Convert analog comparator to use grant
  • #2503: boards: reduce stack frame size of main()
  • #2532: Add Leon Schuermann to the core developers list.
  • #2533: tock-cells/OptionalCell: rename get-method to extract
  • #2525: doc: add core notes 2021-04-09
  • #2531: tock-cells/OptionalCell: add get-method for retrieving inner Option
  • #2530: Update to properly parse Rust symbols.
  • #2526: kernel: sched: check for process.ready()
  • #2508: Replace ReturnCode with Result<(), ErrorCode>
  • #2522: Update stack-analysis script: reset_handler is now main()
  • #2515: doc: add core notes 2021-04-02
  • #2519: RISC-V: Update the timer implementations to use the arch mtimer
  • #2505: Create core-notes-2021-03-26
  • #2513: Add i.MX RT clock configuration
  • #2486: sifive: Move the machine timer from rv32i
  • #2512: rv32i: use atomic CSR instructions for rv32i::support::atomic
  • #2514: wg/core/notes: fix file extension of 2021-03-26 notes
  • #2504: add core notes 2021-03-19
  • #2040: chips: plic: Disable only specific interrupts in the top half
  • #2204: lowrisc: flash_ctrl: Convert erase_page to be async
  • #2273: kernel: hil: Add a KV Store HIL
  • #2392: TicKV: Update the TicKV implementation
  • #2424: kernel: sched: Allow Platform to handle app faults
  • #2423: RISC-V: Add support for ePMP
  • #2499: SweRVolf: Add support for the platform timers
  • #2502: arch: Update arm cortex-m0, add cortex-m0p
  • #2497: kernel: process: Remove unsafe by switching flash function from add to wrapping_add
  • #2494: kernel: remove memory slice from Process struct
  • #2376: MicroBit v2 bootloader
  • #2489: litex/{sim, arty}: bump tock-litex release (updating LiteX packages)
  • #2498: Update Tock Readme with Note about 2.0.
  • #2501: tools: sdv2regs allow registers with no fields and fix imports
  • #2461: Implement RT0 in assembly
  • #2493: [tools] Update svd2regs to work without description
  • #2492: Update Rust Nightly to 2021-03-19
  • #2500: Fix ADC 2.0 Bug
  • #2477: Remove variables which are never read
  • #2495: Remove @niklasad1 from Core Working Group
  • #2481: Initial support for SweRV EH1 and SweRVolf
  • #2488: add Makefile rules for analyzing stack frames
  • #2452: arch: use target-feature for thumbv7em
  • #2439: Tock 2.0: Remove userspace IEEE 802.15.4 driver from Imix platform
  • #2454: Transitions Callback to Upcall for 2.0. In a seprate PR for review sanity.
  • #2491: Corrected hifive1
  • #2487: allow: move allow system calls handling to
  • #2483: Core working group notes from 2021-02-26
  • #2482: Core WG notes from March 12, 2021
  • #2484: shell.nix: fix missing lib import
  • #2422: OpenTitan: Enable PMP for kernel regions
  • #2472: riscv: Convert CSRs to use const generics
  • #2475: doc: add core notes 2021-03-05
  • #2469: shell.nix: remove deprecated stdenv.lib
  • #2478: Cortex-m: document that userspace stack pointer will always be aligned on entry to the kernel
  • #2479: Remove ExitCall type, don't specify representation of YieldCall type
  • #2476: Tock 2.0: from_command_result -> from_command_return
  • #2450: arch: cortex-m0: switch to asm!()
  • #2458: RFC: kernel: change unsafe handling
  • #2474: Tock 2.0: Remove mut_ptr method from ReadWrite trait
  • #2464: Tock 2.0 - AppSlice: fix unsoundness with arbitrary pointers in slices
  • #2465: Tock 2.0 - ReadWriteAppSlice: require mutable borrow for ReadWrite::mut_map_or
  • #2232: Makefile: Don't require root permissions to install npm modules
  • #2420: RISC-V: Add support for detecting locked PMP regions, no need to sort
  • #2437: kernel: process: Add debug information on panic for grants
  • #2449: arch: cortex-m: update to asm!
  • #2440: RFC: Add install make target for boards
  • #2468: Pr 2446 comment cleanup
  • #2466: arch: cortex-m: clarify panic
  • #2463: Bump tockloader to version 1.6.0
  • #2460: CI: format on ubuntu, separate clippy
  • #2459: make: rustup now prints to stderr
  • #2455: 2.0 courses update
  • #2456: Filtering fix 2.0
  • #2447: Core WG notes for Feburary 19th
  • #2435: arch: cortex: fix MPU rounding calculation
  • #2428: Create
  • #2448: Better method parsing for accounting for code size.
  • #2430: 2.0: Remove SuccessWithValue
  • #2444: Tock 2.0: Remove LegacyDriver
  • #2443: 2.0: lps25hb
  • #2441: Change process setup to minimize the initially-accessible amount of memory.
  • #2433: use const generics to remove duplicate code for cortex-m MPU
  • #2434: Tock 2.0 IPC
  • #2407: Tock 2.0: port #2383 (kernel: Remove setting/tracking the stack pointer in
  • #2137: Simplify grant implementation and fix soundness errors
  • #2393: Port NRF Serialization to 2.0
  • #2405: Tock 2.0: clarify subscribe behavior w.r.t. invalid/refused callback
  • #2323: Make out-of-tree builds easier
  • #2419: add core notes from january 15 2021
  • #2421: Add core WG notes for 2021-02-05.
  • #2427: boards: doc: update readme
  • #2416: boards: nano33ble: update instructions to overwrite second bootloader
  • #2400: Double stack buffer for i.MX RT-based boards, prune panic! allocations
  • #2414: Remove tab characters & protect against accidentally introducing them
  • #2411: Port BLE advertising to new 2.0 driver interface
  • #2418: 2.0: kernel: change filter_syscall to ErrorCode
  • #2417: Updates SDCard capsule to Tock 2.0 system call API
  • #2387: Transition I2CMaster system call driver to 2.0 syscall API
  • #2412: ErrorCode: adjust ErrorCode discriminators to match system call TRD
  • #2410: Port the PCA9544a system call driver to 2.0
  • #2409: Port MAX17205 system call capsule to 2.0
  • #2408: OpenTitan: Connect TicKV
  • #2401: Working group notes for 01-29-2021
  • #2363: rv32i: transition llvm_asm! to asm!
  • #2390: MSP432 I2C driver
  • #2406: Tock 2.0: fix system call return variant discriminators
  • #2403: Tock 2.0 TRD: Allow new error codes to be added in the future.
  • #2402: Tock 2.0 syscall TRD: Allow us to add new return variants in the future.
  • #2255: boards: BBC Micro:bit v2 (nRF52833)
  • #2404: boards: Update Micro:bit v2 readme
  • #2383: kernel: Remove setting/tracking the stack pointer in
  • #2399: doc: Add note on Take/Optional Cell differences
  • #2398: Clarify that the driver ID and syscall ID are 32-bit values.
  • #2378: Add Exit system call class to Tock 2.0.
  • #2397: HiFive1b: Fix QEMU app load address in
  • #2395: trd: syscalls, 8-bit byte vs word
  • #2388: capsules: mlx90614: Update to the Tock 2.0 Driver
  • #2384: Update I2C master/slave driver to 2.0 syscall API.
  • #2389: Add ROSEdu and Wyliodrin to list of authors
  • #2354: kernel: syscall: use from fn
  • #2377: Create
  • #2380: sam4l: i2c: set clocks
  • #2385: MicroBit v2: process console
  • #2382: tsl12561: Update to use Tock 2.0 Driver
  • #2379: microbit_v2: fix kernel stack overflow
  • #2351: Yield 2.0
  • #2373: usb: Update to use Tock2.0 Driver
  • #2375: GPIO for Tock 2.0.
  • #2367: ctap: Update to use Tock2.0 Driver
  • #2368: hmac: Update to use Tock2.0 Driver
  • #2361: Add core notes of 2021-01-08
  • #2374: Add University of Stuttgart to list of authors
  • #2358: kernel: move tbf code to its own library
  • #2339: Apollo3 llvm_asm -> asm
  • #2371: Migrate the LowLevelDebug capsule to the Tock 2.0 syscall API.
  • #2372: Deleted unused driver code ft6x06 and st77xx drivers
  • #2364: Tock 2.0: update sound pressure driver
  • #2335: Tock 2.0: update text_screen driver to 2.0 API
  • #2357: Backport 802.15.4 deferred call update from 2.0
  • #2356: Backport SPI component updates from 2.0 branch
  • #2362: Tock 2.0: port nonvolatile storage & app flash driver
  • #2297: rng: port to Tock 2.0 system call interface
  • #2322: Tock 2.0 / rv32i: fix system call return value encoding
  • #2308: rv32i: fix race condition of interrupt in switch_to_process
  • #2290: litex: update LiteX revision, use "Secure"/"TockSecureIMC" cpu variant and integrate PMP
  • #2203: Port to LiteX+VexRiscv-based SoCs
  • #2287: Fix serial console line breaks in process fault message
  • #2239: net/ipv6: remove stale module, remove redundant module hierarchy
  • #2359: cortex-m: fix hardfault in systick_handler due to naked_fn noreturn
  • #2341: Use const generics for nrf gpio pins
  • #2353: arch: rv32i: rename stored state
  • #2156: TicKV: Implement a persistent key/value storage
  • #2333: capsules: ltc294x: update to 2.0 syscall
  • #2343: Use Tock Bootloader on Nano 33 BLE Board
  • #2350: fix cortex-m hard fault handler bug
  • #2317: ARM Cortex-m hardfault handler: remove UB and fix warnings on newer nightlies
  • #2349: remove const_panic feature
  • #2346: Remove associated_type_defaults feature
  • #2325: Add support for WeAct board based on the stm32f401ccu6 chip
  • #2342: use const generics to tie number of IPC regions to number of processes on board
  • #2229: kernel: Fix potential unsoundness in dynamic grant allocation
  • #2336: Make: Use -nmagic linker flag
  • #2289: OpenTitan: Bump the bitstream SHA to use the new addresses
  • #2338: github actions: auto label PRs based on files they change
  • #2328: Core notes from 2020-12-18
  • #2324: LED: remove need for &mut self
  • #2288: hil: Sound Pressure
  • #1875: netlify: try cacheing the build if we can
  • #2294: doc: wg: core: add notes
  • #2340: const generics instead of macro for pmp configuration
  • #2334: update rust january 7 2021
  • #2329: Port i2c_master to Tock 2.0 Driver trait
  • #2331: Port buttons driver to Tock 2.0 Driver trait
  • #2319: riscv: more llvm_asm --> asm
  • #2303: llvm_asm -> asm: arty-e21
  • #2299: Add CSR support for 64 Bit RISC-V
  • #2327: fix bug in _start_trap() assembly
  • #2330: Add riscv32i-unknown-none-elf arch to Nix shell
  • #2318: cortex-m naked functions: llvm_asm --> asm
  • #2309: chips/lowrisc: Ensure we don't write over the flash region
  • #2079: Added TextScreen HIL and driver and integrated HD44780 capsule
  • #2311: Board based instantiation of chip drivers and interrupt mappings: imxrt10xx
  • #2306: chips: stm: llvm_asm -> asm
  • #2301: rv32i: debug print use CSR interface
  • #2296: Misc documentation fixes
  • #2302: doc: add missing crate readmes
  • #2300: library: registers: support usize
  • #2278: usb: cdc: add 1200 baud reset interface
  • #2275: nrf52: usb: read size after EPDATA
  • #2262: nrf52: nvmc: remove global static
  • #2316: Update SPI peripheral syscalls to 2.0 API
  • #2313: Tock 2.0: screen write update
  • #2315: Tock 2.0: update multi touch
  • #2312: Tock 2.0: update ADC driver to 2.0 API
  • #2307: Updating Alarm syscall driver to 2.0 syscall API
  • #2295: Tock 2.0: lsm303 and led matrix update to tock 2.0 api
  • #2292: Tock 2.0: buzzer driver update
  • #2304: Remove unused features
  • #2293: Tock 2.0: update l3gd20 capsule to 2.0 API
  • #2284: Proximity driver to Tock 2.0 system-call interface
  • #2274: Update IEEE-802.15.4 driver to Tock 2.0
  • #2277: chips: nrf52: add gpregret setter/getter
  • #2258: Update touch and ft60x6 drivers to Tock 2.0
  • #2285: Port DAC driver to 2.0 system call interface
  • #2286: Update CRC capsule to use 2.0 API.
  • #2276: Update Gpio-async driver to 2.0
  • #2281: Ambient light 2.0
  • #2279: Tock 2.0 memop
  • #2266: Update UDP driver to Tock 2.0 system calls
  • #2283: arch: remove unused llvm-asm feature
  • #2244: Adafruit Clue SHT3x temperature and humidity sensor and I2C fix
  • #2243: Add core notes of 2020-12-04
  • #2174: Add core notes of 2020-10-23
  • #2213: kernel,arch,components: accept trailing commas in macro_rules
  • #2197: tock-registers: accept trailing comma in bitfields and bitmasks
  • #2267: VirtualSchedulerTimer: fix incorrect set_alarm invocation
  • #2194: capsules/led: migrate from hil::gpio::Pin to hil::led::Led
  • #2212: Unbreak CI by updating the package repositories
  • #2268: boards overview: update HiFive1 to Rev B
  • #2261: capsules: usb: cdc: implement receive_abort
  • #2263: boards: nrf52840dk: fix
  • #2272: nrf52: i2c: address shift update
  • #2265: Adafruit Clue Buzzer initialization
  • #2271: Update ninedof capsule to Tock 2.0 syscalls API
  • #2269: Tock 2.0 analog comparator: use ErrorCode::From
  • #2253: Spi controller 2.0
  • #2257: Update screen driver syscalls to Tock 2.0
  • #2245: Update analog comparator to tock 2.0 syscalls
  • #2264: Tock 2.0: don't constrain map_or return values
  • #2202: Virtual RNG
  • #2251: Updating temperature driver to 2.0.
  • #2252: Tock 2.0: Deprecate SuccessWithValue
  • #2250: Add information about erasing apps
  • #2242: reorder make prepush commands to avoid clippy bug
  • #2220: tock-registers: remove duplicate code, make local register copy read-write
  • #2225: arch/cortex-m: change more llvm_asm! to asm!
  • #2241: MSP432: Misc platform fixes
  • #2236: nano33ble: increase .rom section, add process console
  • #2238: Fix grammar
  • #2200: Add Teensy 4 board
  • #2234: nano 33 ble & adafruit clue increase the number of deferred calls slots
  • #2227: Fix ST77XX screen rotation offset
  • #2230: Parameterize debug_writer
  • #2224: Port log tests from imix to nano33ble
  • #2228: Adafruit CLUE enabled BLE and 15.4
  • #2196: Virtual AES Driver
  • #2221: usb-cdc: fake successful uart transmissions so that blocking debug calls resume
  • #2215: remove all uses of unstable const_in_array_repeat_expressions feature
  • #2216: add 15.4 and ble to nano33ble
  • #2226: opentitan: Bump the bitstream commit
  • #2208: Adafruit CLUE nrf52840
  • #2189: Board based instantiation of chip drivers and interrupt mappings: Msp432
  • #2198: build: handle missing tty gracefully
  • #2223: Stack size update for STM32F4 boards
  • #2207: Apollo3: A few more I2C fixes
  • #2188: Board based instantiation of chip drivers and interrupt mappings: Stm32f4
  • #2218: Allow processes to read from buffers shared with read-only allow
  • #2210: Add missing IntLike implementation
  • #2217: bring back borrow_interior_mutable_const clippy lint
  • #2209: Core WG call notes November, 20th
  • #2211: doc: fix broken link.
  • #2206: boards: Rename opentitan to earlgrey-nexysvideo
  • #2193: Clarify the semantics of erase_page
  • #2199: tools/qemu: Bump to the latest QEMU
  • #2191: tock-registers: release v0.6
  • #2192: Apollo3: Some I2C fixes and improvements
  • #2187: Board based instantiation of chip drivers and interrupt mappings: Stm32f3
  • #1918: Add Cortex-M7 Architecture and i.MX RT 1052 EVKB Board
  • #2176: No more globals E310 / HiFive
  • #2153: Board based instantiation of chip drivers and interrupt mappings: Arty_e21
  • #2122: Board based instantiation of chip drivers and interrupt mappings: Earlgrey/Opentitan
  • #2084: Board-based instantiation of chip drivers and interrupt mappings for nordic boards/chips
  • #2175: rust: update to 2020-10-25
  • #2108: MSP432: ADC support
  • #2069: Board-based instantiation of chip drivers and interrupt --> driver mapping for Apollo3 + SAM4L
  • #2183: Core WG notes for October 30
  • #2186: Removing bad comment in Alarm syscall driver as per Leon's suggestion.
  • #2094: USB: CTAP: Initial support for the FIDO CTAP HID Spec
  • #2140: OpenTitan: Initial support for the Flash Controller
  • #2178: Synchronous panic output over USB for nano33ble
  • #2179: build capsules/examples in CI
  • #2142: generic components for UDP, UDP for nrf52840dk
  • #2042: Intel 8080 parallel interface HIL, Bus library with I2C, SPI and Intel 8080 parallel interface implementation
  • #2171: add core notes october 16 2020
  • #2173: riscv: pmp: disallow access above app brk
Source code(tar.gz)
Source code(zip)


tock-ci slack

Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on Cortex-M and RISC-V based embedded platforms. Tock's design centers around protection, both from potentially malicious applications and from device drivers. Tock uses two mechanisms to protect different components of the operating system. First, the kernel and device drivers are written in Rust, a systems programming language that provides compile-time memory safety, type safety and strict aliasing. Tock uses Rust to protect the kernel (e.g. the scheduler and hardware abstraction layer) from platform specific device drivers as well as isolate device drivers from each other. Second, Tock uses memory protection units to isolate applications from each other and the kernel.

Learn More

How would you like to get started?

Learn How Tock Works

Tock is documented in the doc folder. Read through the guides there to learn about the overview and design of Tock, its implementation, and much more.

Use Tock

Follow our getting started guide to set up your system to compile Tock.

Head to the hardware page to learn about the hardware platforms Tock supports. Also check out the Tock Book for a step-by-step introduction to getting Tock up and running.

Find example applications that run on top of the Tock kernel written in both Rust and C.

Develop Tock

Read our getting started guide to get the correct version of the Rust compiler, then look through the /kernel, /capsules, /chips, and /boards directories. There are also generated source code docs.

We encourage contributions back to Tock and are happy to accept pull requests for anything from small documentation fixes to whole new platforms. For details, check out our Contributing Guide. To get started, please do not hesitate to submit a PR. We'll happily guide you through any needed changes.

Keep Up To Date

Check out the blog where the Talking Tock post series highlights what's new in Tock. Also, follow @talkingtock on Twitter.

You can also browse our email group and our Slack to see discussions on Tock development.

Code of Conduct

The Tock project adheres to the Rust Code of Conduct.

All contributors, community members, and visitors are expected to familiarize themselves with the Code of Conduct and to follow these standards in all Tock-affiliated environments, which includes but is not limited to repositories, chats, and meetup events. For moderation issues, please contact members of the @tock/core-wg.


Licensed under either of

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


  • [WIP] Stm32f4xx: Dma2 & USART1 + Stm32f429idiscovery BSP
    [WIP] Stm32f4xx: Dma2 & USART1 + Stm32f429idiscovery BSP

    Jan 7, 2022

    Pull Request Overview

    This PR originates from my need to get Tock OS running on a Stm32f429i discovery board. The board layout was copied & adapted from the Nucleo_f429zi code.

    The ST-Link connector that this board uses to connect to the PC is only connected to USART1, which must be configured with the DMA2 controller. This PR therefore adds the ability for Tock OS to enable the DMA2 & USART1 on the Stm32f4xx platforms.

    Even though the Stm32f429iDISC BSP should probably not be added to Tock OS, adding the DMA2 and USART1 is surely useful.

    Testing Strategy

    This pull request was tested by connecting to the the STM32F429IDiscovery board via it's ST-Link interface. UART output this way is working for both in- and output. The Tock OS console is accessible that way.

    I'd be happy to receive suggestions on how to automate testing for this :thinking:


    • [ ] Merge more code of Dma1 & Dma2 into the shared dma module (e.g. DmaClock)
    • [ ] Fix wildcard use super::* in and
    • [ ] Adapt other Stm32f4xx chips&boards to the new API

    Help Wanted

    As this introduces a new dma peripheral, as well as a new USART stream, it breaks the internal Kernel API in quite a few places. Is this approach viable, or should complete API backward-compatibility be the target? This doesn't change any User-Space APIs though.

    I've kept Dma1&2 as separate types for now, so that Dma2 peripherals can not accidentally be passed into the Dma1 or vice-versa. That does however mean, that the code for Usart, as well as all BSPs based on the Stm32f4xx boards need to be adapted to deal with this. If someone knows a way to implement this backwards-compatible, that would be great!

    Currently, I've added a generic DmaPeripheral as well as Stream enum types that simply wrap either a Dma1Peripheral/Dma2Peripheral or Stream respectively, so that i.e. Usart can deal with either. Feedback on this approach is much appreciated. I can also see something based on traits and dyn references to be viable, but I'm unsure if this is suitable in the embedded context of Tock OS.

    Documentation Updated

    • As this change is entirely chip and board specific code, no additional changes in doc should be required.


    • [ ] Ran make prepush. Still TODO, depends on the other BSPs to be fixed as well.
  • chips/earlgrey: Don't use MIP::MTIMER bit
    chips/earlgrey: Don't use MIP::MTIMER bit

    Jan 12, 2022

    Pull Request Overview

    The RISC-V specification provides the MIP:MTIMER bit to indicate when a timer interrupt occurs. OpenTitan also provides a RVTIMERTIMEREXPIRED0_0 interrupt for the same functionality.

    We should be only using one of the timer interrupt sources, currently we report the MIP::MTIMER bit, but never act on it, instead handling the interrupt generated from RVTIMERTIMEREXPIRED0_0.

    This patch removes all of the MIP::MTIMER functionality and disables the interrupt in MIE to ensure that we don't get double handle a timer interrupt. We now only use the RVTIMERTIMEREXPIRED0_0 interrupt as passed from the PLIC.

    This issue was found by @thulithwilfred when he tried to use a delay in libtock-c on the OpenTitan QEMU model.

    Testing Strategy

    Running the test on OT FPGA hardware

    TODO or Help Wanted

    Documentation Updated

    • [X] Updated the relevant files in /docs, or no updates are required.


    • [X] Ran make prepush.
  • Buffer mutability in hil::digest
    Buffer mutability in hil::digest

    Jan 14, 2022

    Currently, the Digest HIL takes only mutable buffers. This is a problem if you want to compute a digest over data in flash (e.g., verify the hash on a binary).

    For example, DigestData::add_data takes a LeasableBuffer, which wraps around a mutable buffer. This is evident from the return value of add_data.

    We either need to take an approach similar to RSA (having separate traits for mutable and immutable buffers) in #2839 or come up with a general solution (which will eventually involve some unsafe code).

  • register_structs! macro: reached recursion limit during macro expansion
    register_structs! macro: reached recursion limit during macro expansion

    Jan 14, 2022

    I'm using svd2regs to parse the SVD for the STM32MP157 (which can be obtained here) and get an generated source which won't compile due to recursion limits in macros.


    • Download and extract STM32MP157x svd
    • Run svd2regs for the RCC component python3 ./tools/ --svd stm32mp157.svd --save RCC
    • (Other small issue) Fix the outdated imports by changing kernel::common to kernel::utilities
    • Try compiling

    Here's an archive with pre generated code, run cargo check to replicate sv2regs_issue.tar.gz (The tock directory is missing for archive size reasons, clone or change the path in Cargo.toml)

    I'd be happy to help if needed

  • Print prompt after the
    Print prompt after the "process" command

    Jan 19, 2022

    Pull Request Overview

    This pull request fixes the missing prompt print for the process command within the process console.

    The issue surfaced due to the addition of the process printer which seems to handle process printing with its own internal states. When it finishes, the process console loop does not go through the Empty state, and does not print the prompt.

    Testing Strategy

    This pull request was tested using an esp c3 devkit m1.

    TODO or Help Wanted


    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.


    • [x] Ran make prepush.
  • arch/rv32i: pmp/ePMP: Fixup PMP comparision
    arch/rv32i: pmp/ePMP: Fixup PMP comparision

    Jan 21, 2022

    Pull Request Overview

    PMP addresses are not inclusive on the high end, that is

    pmpaddr[i-i] <= y < pmpaddr[i]

    So let's change the overlaps() logic to take that into account. This fixes PMP errors when two regions are right next to each other.

    Testing Strategy


    TODO or Help Wanted

    Documentation Updated

    • [X] Updated the relevant files in /docs, or no updates are required.


    • [X] Ran make prepush.
  • Time redesign v3
    Time redesign v3

    Sep 1, 2020

    Pull Request Overview

    This pull request updates the time HIL to address a series of bug reports with the previous API (#1651, #1691, #1513). It also incorporates proposed changes by @gendx to generalize the width of counters/alarms/timers with an associated type rather than assume 32 bits (#1521).

    This has been implemented on all of the chips. It has been tested for the 24-bit nRF52 series, the 32-bit SAM4L, and 64-bit OpenTitan.

    The overall design and summary of the traits is described in

    We will update this document and give it a TRD number when ready to merge.

    There is also an update to the system call API: a new command for Alarm passes both a reference time and a dt. This new API can be used by using the timer_v3_updates branch of libtock-c.

    Testing Strategy

    This pull request was tested by compiling and testing on nrf52, SAM4L (imix), and OpenTitan (FPGA) boards. For imix and OT, it was tested using the multi_alarm_test and multi_timer_test tests in the kernel. On imix, it was tested in userspace by running a pair of multi_alarm_test processes.

    I was not able to test the userspace alarm driver on OpenTitan -- after struggling to get libtock-rs applications to run and librtock-c ones to compile I gave up. This is an important test because the capsule is 32 bits, and tries to automatically handle an underlying 64-bit Alarm.

    TODO or Help Wanted

    This pull request needs userspace testing on OT (to test that 64-to-32 conversion works correctly for the userspace API). This PR updates the mtimer implementation to seed it with a value close to a 32-bit overflow. So you do not have to run the test very long. Any userspace application that uses an alarm should be a good test.

    This pull request needs kernel testing on

    • [x] arty_e1 (@bradjc )
    • [x] hifive (@alevy )
    • [x] msp (@hudson-ayers )
    • [x] nano33ble (OK)
    • [x] nucleo ()
    • [x] redboard (@alistair23 )
    • [x] stm32f ()

    To test, you need run a multi_alarm_test. I've added a multi_alarm_test for each board and modified each board's to invoke it. Double-check you see a call to multi_alarm_test::run_multi_alarm(mux_alarm).

    This test starts 3 alarms (A, B, C). The dt of these alarms is random, with one in 11 alarms (randomly) having a dt of 0. A typical output of the test looks something like this (this is from OpenTitan):

    [email protected](17033607736): Expected at Ticks64(17033607729) (diff = Ticks64(7)), setting alarm to Ticks64(17033616266) (delay = Ticks64(8537))
    TestB: Alarm fired.
    [email protected](17033614398): Expected at Ticks64(17033614391) (diff = Ticks64(7)), setting alarm to Ticks64(17033626851) (delay = Ticks64(12462))
    TestC: Alarm fired.
    [email protected](17033614581): Expected at Ticks64(17033614576) (diff = Ticks64(5)), setting alarm to Ticks64(17033618165) (delay = Ticks64(3592))
    TestA: Alarm fired.
    [email protected](17033616273): Expected at Ticks64(17033616266) (diff = Ticks64(7)), setting alarm to Ticks64(17033629481) (delay = Ticks64(13214))
    TestC: Alarm fired.
    [email protected](17033618172): Expected at Ticks64(17033618165) (diff = Ticks64(7)), setting alarm to Ticks64(17033626435) (delay = Ticks64(8270))

    The delay value is the dt set for the next invocation of this Alarm. The diff value is the number of ticks between the desired firing time and a call to now in the firing. Note that this value is large (e.g., 7 ticks above!) mostly because of these print statements: formatting the numbers takes significant cycles at these timescales.

    The three things to look for to make sure the test is running properly are:

    • All 3 Alarms are firing (one has not been lost or dropped or otherwise miscalculated)
    • The diff values are always positive
    • The diff of alarm firings after a delay of 0 are not excessively high (they will be higher than non-zero delays)

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.


    • [X] Ran make prepush.
    P-Significant last-call release-blocker 
  • Move allow_readwrite and allow_readonly from SyscallDriver into common Grant framework
    Move allow_readwrite and allow_readonly from SyscallDriver into common Grant framework

    Nov 19, 2021

    Pull Request Overview

    Similar to how we removed subscribe from the SyscallDriver trait in favor of the kernel always managing the data, do the same for read-only and read-write process buffers.

    This has multiple advantages

    • It reduces boilerplate code in almost every SyscallDriver implementation
      • Each boiler plate implementation of allow_readonly or allow_readwrite costs about 170 bytes of flash
    • It allows libtock-rs implementation to rely on the fact that there cannot be improperly behaving capsule that holds on to process buffers when application calls allow with 0 (i.e. unsubscribe)

    Note each commit builds and compiles (but isn't necessarily functional)

    Testing Strategy

    So far, I have tried this code out locally with a modification in kernel that handles both the SyscallDriver and new Grant-based process buffer allows. I didn't upload that, but I was able to convert a few capsules over to the new approach and they worked correctly.

    Once we migrate all of the capsules, we would need to test again of course

    TODO or Help Wanted

    • [x] Help with converting the reset of the capsule code to use the new common framework style of accessing buffers. So far I only converted ADC as an example. Once people agree this is a good way forward, we would need to convert the rest of the capsules
      • [x] boards/
      • [x] capsules//.rs (files in subfolders within capsules)
      • [x] capsules/[a-c]*.rs
      • [x] capsules/[d-i]*.rs
      • [x] capsules/[j-m]*.rs
      • [x] capsules/[n-r]*.rs
      • [x] capsules/[a-z]*.rs
    • [x] Once all capsules are converted, we should remove the allow_readonly and allow_readwrite function on the SyscallDriver trait
    • [ ] ~~Potential cleanup: we may no longer need the Default implementation on ReadOnlyProcessBuffer and ReadWriteProcessBuffer since they no longer needed in a capsule specific grant region, which required Default.~~
    • [ ] ~~Potential cleanup: if we can remove Default and impl for process buffers, then we should be able to directly put a lifetime constraint on the process buffer structs themselves. This will allow us to drop the Refs versions and permit the unsafe callers of new to more easily uphold the invariant of the pointer lifetime~~
    • [ ] ~~Potential cleanup: add a access_grant_inner function to de-monomorphize if needed for size reduction.~~

    Documentation Updated

    • [x] Updated the relevant files in /docs


    • [x] Ran make prepush.
    kernel P-Significant WG-OpenTitan 
  • kernel: Read Only State
    kernel: Read Only State

    Jan 25, 2021

    Pull Request Overview

    Based on the proposal here: this is a vDSO style read only syscall where userspace can quickly read values from memory instead of performing an entire syscall.

    This allows user space to implement a quick_yield() where we only perform a syscall if there is a pending task. This also allows userspace to easily read the current time without performing a syscall.

    In order to allow ROS, this PR also adds shared allow syscalls, based on

    Some of the TRD update is borrowed from:

    The idea of these syscalls is to handle capsules that expect userspce to access a buffer while the kernel has access.

    Add a shared allow that is similar to read/write allow except that the app is expected to be able to access the buffer.

    This is different to allow_readwrite() in that the app is allowed to read/write the buffer once it has been passed to the kernel. For more details on how this can be done safely see TRD104.

    Testing Strategy

    Tested on the nRF with libtock-c.

    TODO or Help Wanted

    Documentation Updated

    • [X] Updated the relevant files in /docs, or no updates are required.


    • [X] Ran make prepush.
    kernel last-call 
  • RFC: update trd104
    RFC: update trd104

    May 21, 2021

    Pull Request Overview

    This pull request modifies the text of trd104 to reflect that the kernel cannot prevent applications from accessing buffers that have been "allowed". It also modifies the text to no longer forbid applications from reading from allowed buffers -- given that the kernel cannot stop apps from doing so, I do not really see the benefit of this restriction. It gains us nothing in terms of soundness in the kernel, and can't be relied on as a security policy to prevent apps from accessing kernel data.

    Testing Strategy


    TODO or Help Wanted


    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.


    • [x] Ran make prepush.
    documentation rfc 
  • Release 2.0
    Release 2.0

    Feb 12, 2021

    This issue serves as a list of all tasks that need to be completed before an official Tock 2.0 release can be made. Please edit this list to add new tasks when they come up, or to check off tasks once they are completed. I am not including any tasks completed before I created this issue.

    • [x] #1905 prevent callbacks from violating appslice / callback swap invariants: #2462
    • [x] #2632 support aliasing of process-allowed memory
    • [x] #1088 reorganize kernel exports
    • [x] update changelog
    • [ ] Somehow fix tockloader install blink as that will install the 1.0 compatible version right now.
    • [x] Review and update stability guarantees as needed. Compile apps which validate this for future testing.
    • [x] Finalize system call TRD docs/reference/ as TRD104 #2431
    • [x] #2508, #2511 Update callbacks to pass errorcodes instead of returncodes (non-blocking -- see #2320)
    • [x] #2184 rename AppId to ProcessId
    • [x] Update libtock-c to properly return EBADVAL when return types do not match.
    • [x] #2235 port all system call drivers to new API
    • [x] #1769 remove guarantees on memory size for userspace apps: #2441
    • [x] #2430 remove all uses of and references to SuccessWithValue
    • [x] update docs/ and docs/
    • [x] update the tock book to reflect tock 2.0 system calls
    • [x] #2444 remove the legacy system call interface in the kernel, and update all the boards to reflect this. start here:
    • [x] remove the legacy system call interface in userspace:
    • [x] rename "command2, subscribe2" etc. to command, subscribe in libtock-c:
    • [x] merge master into tock-2.0-dev,
    • [x] #2446 create a PR to master for review by core team
    • [x] #2369 memory reference in
    • [x] Update nightly to post LLVM12 nightly.
    • [x] Address tock/libtock-c#217

    I am not putting this on #1607 because that issue was more "what should we do for Tock 2.0" and has lots of irrelevant discussion to this.

    cc @phil-levis

    tracking release-blocker tock-2.0 
  • Add the Ibex CPU and the OpenTitan Board
    Add the Ibex CPU and the OpenTitan Board

    Nov 14, 2019

    Pull Request Overview

    This PR adds initial support for the RISC-V LowRISC Ibex CPU and the OpenTitan development board.

    OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips.

    OpenTitan is a public project (

    This PR adds support for the Ibex CPU ( which is the core CPU that OT uses. It also adds support for the LowRISC UART driver to allow us to print output.

    This work was all done with the publicly available information from:

    Testing Strategy

    This was tested using the snapshot-20191101-2 release on a Nexys Video FPGA, as described here:

    Tock successfully boots and prints the initialisation complete message.

    TODO or Help Wanted

    This is the current list I have before this is ok to merge. Let me know if I need/don't need anything.

    • [x] Convert the register mappings for the UART device to the new tock-register-interfece (should be straightforward)
    • [x] Update the documentation to give details about the new CPU/boards
    • [x] Get writes to the PLIC working
    • [x] Get interrupts overall working
    • [x] Add a GPIO driver
    • [x] Get the kernel to run in the main loop
    • [x] Update UART to use transmitted_buffer() transmit

    Documentation Updated

    • [x] Updated the relevant files in /docs, or no updates are required.


    • [X] Ran make formatall.