tock/tock release-2.1 on GitHub

Tock 2.1 has seen numerous changes from Tock 2.0. In particular, the new system call interface introduced with Tock 2.0 has been refined to provide more guarantees to processes with respect to sharing and unsharing buffers and upcalls. Other changes include the introduction of a userspace-readable allow system call, support for new HILs and boards, and various other bug-fixes and improvements to code size and documentation.

Breaking Changes

The implemented encoding of the system call return variant "Success with u32 and u64" has been changed to match the specification of TRD 104. Accordingly, the name of the SyscallReturnVariant enum variant has been changed from SuccessU64U32 to SuccessU32U64 (#3175).
VirtualMuxAlarms now require the setup() function to be called in board set up code after they are created (#2866).

Noteworthy Changes

Subscribe and allow operations are no longer handled by capsules themselves, but through the kernel's Grant logic itself (#2906). This change has multiple implications for users of Tock:
- The Grant type accepts the number of read-only and read-write allow buffers, as well as the number of subscribe upcalls. It will reserve a fixed amount of space per Grant to store the respective allow and subscribe state. Thus, to make efficient use of Grant space, allow buffer and subscribe upcall numbers should be assigned in a non-sparse fashion.
- Legal allow and subscribe calls can no longer be refused by a capsule. This implies that it is always possible for an application to cause the kernel to relinquish a previously shared buffer through an allow operation. Similarly, subscribe can now be used to infallibly ensure that a given upcall will not be scheduled by the kernel any longer, although already enqueued calls to a given upcall function can still be delivered even after a subscribe operation. The precise semantics around these system calls are described in TRD 104.
Introduction of a new userspace-readable allow system call, where apps are explicitly allowed to read buffers shared with the kernel (defined in a draft TRD).
Introduction of a read-only state mechanism to convey information to processes without explicit system calls (#2381).
Improvements to kernel code size (e.g., #2836, #2849, #2759, #2823).

New HILs

hasher
public_key_crypto

New Platforms

OpenTitan EarlGrey CW310
Redboard Red-V B
STM32F429I Discovery development board
QEMU RISC-V 32-bit "virt" Platform

Deprecated Platforms

OpenTitan EarlGrey NexysVideo

Known Issues

This release was tagged despite several known bugs in non-tier-1 boards, so as to avoid delaying the release. These include:

Raspberry Pi Pico: process faults when running IPC examples: #3183
The cortex-m exception handler does not correctly handle all possible exception entry cases. This is not known to currently manifest on any examples, but could with unlucky timing: #3109
STM32F303 Discovery: adc app runs, but eventually hangs in the app (seems to be caught in the exit loop, but not sure why it gets there)
STM32F303 Discovery: kernel panics lead to only a partial printout of the panic message before the board enters a reboot loop
weact_f401ccu6: gpio example fails to generate interrupts on the input pin. This board is likely to be deprecated soon anyway, as it is no longer available for sale.

All Merged PRs

An exhaustive list of all merged pull requests since Tock 2.0:

stm: add adc, gpio pins and temperature (#3174 by @alexandruradovici)
rp2040: fix adc number of bits (#3184 by @alexandruradovici)
Update stored kernel version to 2.1 (#3169 by @bradjc)
stm: fix usart baud (#3180 by @alexandruradovici)
stm: fix memory length for stm32f303 (#3179 by @alexandruradovici)
syscall: Fix SuccessU32U64 format (#3175 by @dcz-self)
boards/redboard_artemis: Workaround Hard Fault Exception (#3139 by @alistair23)
stm: use rng peripherals for all stm32f4xx (#3164 by @alexandruradovici)
stm: use the adc1 channels only (A0-A2, A6, A7) (#3165 by @alexandruradovici)
stm32f4: use deferred tasks to return buffers (#3160 by @alexandruradovici)
capsules: fxos8700cq: fix i2c deactivate buf len (#3153 by @bradjc)
boards/litex: update pinned tock-litex release to 2022081701 (#3149 by @lschuermann)
Fix temperature_stm driver to use 16 bits (#3159 by @alexandruradovici)
NRF serialization: Handle restarted app in 2.0 world (#3154 by @bradjc)
tock-registers: release v0.8 (#3151 by @ppannuto)
kernel: wrap config.rs comments (#3156 by @bradjc)
pconsole: capitalize BSS (#3155 by @bradjc)
boards/esp32-c3-devkitM-1: Prepare for the 2.1 release (#3148 by @alistair23)
restore UDP kernel_buffer in event of incorrect length error (#3152 by @hudson-ayers)
arch/cortex-m: Correct end stack printing (#3147 by @alistair23)
boards/redboard_artemis_nano: Fixup app loading (#3140 by @alistair23)
Fix secondary alarm from firing immediately during alarm callback (#3136 by @jettr)
doc: boards: add CW310 readme (#3143 by @bradjc)
Notes from Core Working Group call, August 12 (#3145 by @brghena)
doc: add core notes aug 5 2022 (#3130 by @ppannuto)
Add core notes for 2022-07-29 (#3133 by @jrvanwhy)
readmes: update links (#3144 by @bradjc)
Update capsule documentation for 2.1 release (#3142 by @bradjc)
use deferred calls to report aborted reception in sam4l uart (#3134 by @hudson-ayers)
Tools: Catch error for size change estimates on new boards (#3131 by @ppannuto)
[up-keep] arch: fixup typos (#3132 by @twilfredo)
Capsules: Add an AirQuality capsule and a CCS811 Capsule (#3118 by @alistair23)
libraries: tickv: Convert panics to errors (#3120 by @alistair23)
chips/apollo3: IOM: A collection of fixes for I2C (#3117 by @alistair23)
Add QEMU riscv32 "virt" board (#2516 by @lschuermann)
tbf: make length errors all NotEnoughFlash (#3119 by @bradjc)
[trivial] tock-registers: mark two methods as const (#3126 by @brandenburg)
boards: housekeeping: fixup typos (#3128 by @twilfredo)
Change Led Matrix Syscall Capsule for Microbit (#3093 by @TeodoraMiu)
capsules: fixup up typos (#3121 by @twilfredo)
Seven Segment Display Capsule (#3106 by @TeodoraMiu)
capsules: sha256: reset total_length on init (#3115 by @bradjc)
Correct kernel data/code disambiguation in print_tock_memory_usage (#3113 by @phil-levis)
kernel: hil: sensors: AirQualityDriver improvements (#3108 by @alistair23)
Remove one use of asm_const (#3083 by @hudson-ayers)
Grant: Enter grants before initializing their contents (#3076 by @hudson-ayers)
doc: tbf: Fix Permissions TLV documentation (#3104 by @bradjc)
doc: misc updates to design and startup (#3100 by @bradjc)
doc: tbf: Fix Persistent ACL doc (#3105 by @bradjc)
boards/litex: README upkeep (fix RISC-V extensions, mention & explain tockloader flash-file support) (#3111 by @lschuermann)
raspberry_pi_pico: Add instructions on how to flash the Pico in Picoprobe mode (#3102 by @ntninja)
SparkFun RedBoard Artemis Nano Improvements and fixes (#3107 by @alistair23)
arch/cortex-m: introduce CortexMVariant trait and avoid calls through extern "C" symbols (#3080 by @lschuermann)
Remove #![feature(const_mut_refs)] (#3082 by @hudson-ayers)
tock_registers/test_fields: respect struct size padding w/ alignment (#3088 by @lschuermann)
kernel: hil: sensors: Add an AirQualityDriver (#3070 by @alistair23)
doc: porting: add note about svd2regs.py (#3073 by @bradjc)
Store Kernel Managed Grant Resource Counters in One usize Value (#2958 by @bradjc)
Trim zero-length symbol aliases in print_tock_memory_usage (#3096 by @phil-levis)
Enable all storage on nRF52840-DK #3098 (#3099 by @TheConner)
chips/lowrisc: spi_host: fixup rw1c functionality (#3097 by @twilfredo)
readme: update to clarify rust, formatting (#3074 by @bradjc)
Add support for the BME280 Temperature and Humidity Sensor (#3094 by @alistair23)
libraries/tickv: crc32: Cleanup the CRC32 interface and expose it publicly (#3090 by @alistair23)
Fix bug in print_tock_memory_usage and add -a option (#3087 by @phil-levis)
boards/redboard_artemis_nano: Setup initial tests (#3069 by @alistair23)
boards/opentitan: Misc cleanups (#3091 by @alistair23)
Makefile: update qemu commit hash (#3089 by @twilfredo)
Update Rust nightly version + Expose virtual-function-elimination (#3072 by @alistair23)
Core WG notes, July 8th 2022 (#3078 by @brghena)
build: change $CI to $NOWARNINGS (#3075 by @bradjc)
Core WG notes for 2022-03-18. (#3000 by @jrvanwhy)
Prevent rustfmt from searching parent directories for config files. (#2997 by @jrvanwhy)
Console: Print the first N bytes of the write buffer, plus doc fixes. (#2996 by @jrvanwhy)
Add core WG notes for 2022-03-04. (#2984 by @jrvanwhy)
Add core WG meeting notes for 2022-02-18. (#2978 by @jrvanwhy)
Remove the threat model's "not yet implemented" note. (#2949 by @jrvanwhy)
Fix command 0 documentation: it is an existence check, and always returns Success. (#2908 by @jrvanwhy)
Add core WG notes for 2021-11-05. (#2891 by @jrvanwhy)
add core notes July 1 2022 (#3071 by @hudson-ayers)
boards/opentitan: Update the README (#3062 by @alistair23)
chore: Set permissions for GitHub actions (#3063 by @naveensrinivasan)
Add Core Team Call Notes of 2022-06-24 (#3064 by @lschuermann)
lpm013m126: Implement turning off (#3066 by @dcz-self)
Screen syscall/HIL improvements (#3047 by @dcz-self)
Add driver for LPM013M126 display (#3009 by @dcz-self)
Software implementation of SHA-256 in a capsule (#3010 by @phil-levis)
Rework of Digest HIL (#3041 by @phil-levis)
boards/opentitan: Don't run nops when targetting Verilator (#3060 by @alistair23)
esp32c3: fixup Makefile bug (#3059 by @twilfredo)
Unify doc/wg/core/notes filename prefixes (#3058 by @lschuermann)
AES: Add HIL for AES GCM (#2985 by @alistair23)
OpenTitan: Add support for hardware RSA operations (#2899 by @alistair23)
docs: wg: core: add notes 2022-05-13 (#3054 by @bradjc)
doc/reference/trd-uart: small fixes & suggestions in response to #3046 (#3052 by @lschuermann)
Add Core Team Call Notes of 2022-05-27 (#3053 by @lschuermann)
Add Core Team Call Notes of 2022-06-10 (#3057 by @lschuermann)
Documentation: Fix Typo in syscall reference doc (#3036 by @HyperSuperMetaCtrl)
Add core WG notes for 2022-06-03 (#3051 by @jrvanwhy)
TRD for UART HIL (#2756 by @phil-levis)
Wrap VolatileCell around Cell; save the world (#3049 by @alevy)
Core WG call notes, May 20th (#3048 by @brghena)
Console: Add a way to cancel ongoing console writes. (#3043 by @jrvanwhy)
libraries/tickv: Remove space from keyword (#3044 by @alistair23)
Core working group notes of 2022-05-06 (#3042 by @lschuermann)
STM32f4xx: Properly support 4MHz SPI rate (#3032 by @LeonMatthesKDAB)
doc: Update alarm (#3033 by @dcz-self)
debug: Add dbg! from std (#3008 by @dcz-self)
docs: Clarify allow usage (#2989 by @dcz-self)
tickv: Prepare for v1.0 release (#3034 by @alistair23)
Clarify the definition of TBF's protected region (#3037 by @jrvanwhy)
boards/opentitan: fixup small typo in otbn (#3039 by @twilfredo)
boards/opentitan: Remove support for Nexys Video (#3025 by @alistair23)
kernel/dynamic_deferred_call: document multi-handle client behavior (#3038 by @lschuermann)
Core working group notes of 2022-04-22 (#3029 by @lschuermann)
screen HIL: Add separate set_power (#3023 by @dcz-self)
Add embedded data analysis tool (#2935 by @paulmure)
Remove const_fn_trait_bound feature and update nightly (Mar 2022) (#2988 by @bradjc)
Add core WG notes for 2022-04-08. (#3027 by @jrvanwhy)
Console: terminate write rather than panic if the Allow buffer is unexpectedly shortened. (#3031 by @jrvanwhy)
tickv: Fixup initialise() typo (#3026 by @alistair23)
Core WG meeting notes, April 1st (#3016 by @brghena)
Core WG notes, April 15th (#3020 by @brghena)
tock-registers: Implement From field enum value type for FieldValue. (#3014 by @qwandor)
add EuroSec 2022 paper to README (#3018 by @hudson-ayers)
tock-register-interface: Provide none method for FieldValue type. (#3013 by @qwandor)
add core notes march 25, 2022 (#3002 by @hudson-ayers)
console: Give own buffers to each component (#2999 by @dcz-self)
process_console: Add missing '\r' on command output strings (#2976 by @gustavonihei)
process_console: Handle DEL char as backspace (#2974 by @gustavonihei)
Stm32f4xx: Dma2 & USART1 + Stm32f429idiscovery BSP (#2936 by @LeonMatthesKDAB)
Core WG call notes, March 11th 2022 (#2991 by @brghena)
add redv board support (#2831 by @almindor)
mx25r6435f: Small improvements (#2992 by @dcz-self)
capsules: Add bmp280 temperature sensor (#2968 by @dcz-self)
doc/reference: fix broken links in README.md (#2990 by @vbendeb)
OpenTitan: Some SPI Host fixes (#2986 by @alistair23)
chips: move arch config to function level (#2980 by @bradjc)
Add userspace support for the Key/Value System (#2928 by @alistair23)
Update Nightly to Feb 2022 (#2959 by @bradjc)
Notes from quick meeting today (#2979 by @brghena)
Propose a draft TRD for app completion codes (#2914 by @kupiakos)
opentitan: add spi_host (#2966 by @twilfredo)
Add core notes of 2022-02-11 (#2971 by @lschuermann)
ESP32-C3: Perform minor improvements to documentation (#2973 by @gustavonihei)
OpenTitan: Convert the OTBN to use syncronous calls (#2918 by @alistair23)
make: do a makefmt pass on the board makefile (#2961 by @bradjc)
make: add support for VERBOSE=1 (#2960 by @bradjc)
kernel: process: remove duplicate address functions (#2862 by @bradjc)
opentitan: verilator: fixup test build (#2963 by @twilfredo)
libraries: cells: remove option_result_contains (#2964 by @bradjc)
doc: Update Instructions: Building build.rs requires a host toolchain for linking (#2957 by @dcz-self)
Initial commit of RSA Key support (#2839 by @alistair23)
doc: add notes for 2022-01-21 (#2956 by @bradjc)
boards/opentitan: Bump the a newer build (#2954 by @alistair23)
Core WG call notes from Jan 28th (#2952 by @brghena)
opentitan: Makefile: fixup test flash-layout (#2953 by @twilfredo)
opentitan: Verilator fixup for ot bump (#2955 by @twilfredo)
Add link to a Tock book (#2934 by @alexandruradovici)
arch/rv32i: pmp/ePMP: Fixup PMP comparision (#2947 by @alistair23)
Print prompt after the "process" command (#2946 by @alexandruradovici)
chips/earlgrey: Don't use MIP::MTIMER bit (#2939 by @alistair23)
Update readme Raspberry Pi Pico image (#2948 by @alexandruradovici)
doc: Fix broken link (#2942 by @ppannuto)
Core WG call notes, January 14th (#2944 by @brghena)
boards/opentitan: tests: siphash: remove global static buffers (#2929 by @twilfredo)
boards/opentitan: Added make options for GDB -> QEMU debugging (#2932 by @twilfredo)
boards/opentitan/README: qol update to app loading (#2938 by @twilfredo)
spi: fix issue when read buffer not present (#2945 by @jettr)
OpenTitan: Fixup the Verilator support (#2923 by @alistair23)
Add core notes of 2022-01-07 (#2937 by @lschuermann)
Have Grant::each() take FnMut instead of Fn (#2933 by @hudson-ayers)
tock-register-interface: replace register tests by const assertions (#2922 by @lschuermann)
Fix link to Core WG (#2943 by @brghena)
Core notes from December 10th meeting (#2924 by @brghena)
Add notes from 12/17/21 meeting. (#2925 by @phil-levis)
boards/opentitan: tests: otbn: Remove global static buffers (#2926 by @twilfredo)
kernel: fix typo in handle_syscall filtering comment (#2927 by @mattbonnell)
make: add memory target to run print_tock_memory_usage.py for the board (#2872 by @bradjc)
tock-register-interface: improve read_as_enum documentation (#2916 by @lschuermann)
Add a software hash to Tock and connect it to TicKV (#2812 by @alistair23)
boards/opentitan: tests: hmac: Remove global static buffers (#2920 by @twilfredo)
boards/opentitan: tests: otbn: Improve failure output (#2921 by @alistair23)
Move allow_readwrite and allow_readonly from SyscallDriver into common Grant framework (#2906 by @jettr)
esp32: UART receive (#2893 by @alexandruradovici)
Print allowed buffer's length in decimal (#2919 by @alexandruradovici)
dont reuse numeric labels in asm (#2917 by @hudson-ayers)
Updates to permissions TLV related code (#2904 by @bradjc)
Create core-notes-2021-12-03.md (#2913 by @ppannuto)
kernel: utilities: Initial commit of mut_imut_buffer (#2852 by @alistair23)
OpenTitan: Add a AES CCM test (#2911 by @alistair23)
ci: labeler: update to new OT dir structure (#2900 by @bradjc)
esp32: Update timer (#2889 by @alexandruradovici)
Update rust-toolchain to 2021-12-04 (#2915 by @lschuermann)
rv32i: use inline asm in/out register specs for semihosting (#2912 by @lschuermann)
OpenTitan: OTBN: A few more OTBN fixes (#2898 by @alistair23)
Add core notes of 2021-11-12 (#2902 by @lschuermann)
add core notes for november 19 2021 (#2905 by @hudson-ayers)
processbuffer: Add non-panicking get with range functions. (#2897 by @granaghan)
util: Add CopyOrErr trait for a non-panicing copy_from_slice. (#2896 by @granaghan)
Stored state (#2885 by @granaghan)
kernel: remove duplicate address functions (#2903 by @bradjc)
capsules: Update process console newline handling (#2894 by @alexandruradovici)
kernel: process_standard: Don't check memory regions if disabled (#2892 by @alistair23)
Create ProcessPrinter trait, use for ProcessStandard and Process Console (#2826 by @bradjc)
capsules: Add lsm6dsoxtr motion sensor (#2830 by @Cristiana959)
Create core-notes-2021-10-29.md (#2881 by @ppannuto)
Update console system call docs to match implementation and use (#2887 by @hudson-ayers)
Remove 'a lifetime constraint on &self parameters in Timer & Counter hil (#2890 by @jettr)
OpenTitan: Add support for an RSA test using OTBN (#2886 by @alistair23)
Add support for syscall filtering (#2859 by @alistair23)
opentitan: Bump the FPGA bitstream (#2883 by @alistair23)
ProcessSlice augmentation: add From<> [u8] impls and express chunks() iterator as &ProcessSlice instead of &[Cell] (#2797 by @jettr)
add core notes October 22 2021 (#2880 by @hudson-ayers)
Core working group notes for 2021-10-15 (#2879 by @alexandruradovici)
Add core notes of 2021-10-01 (#2871 by @lschuermann)
kernel: hil: symmetric_encryption: Use static buffers for AES crypto (#2876 by @alistair23)
Remove 'a lifetime constraint on &self parameters in Time hil (#2866 by @jettr)
capsules: console: remove dead code (#2864 by @bradjc)
Bump tockloader to 1.8.0 in nix shell (#2878 by @alevy)
Use const parameter for LEDs capsule to remove TakeCell (#2870 by @bradjc)
Makefile: allow using system toolchain; shell.nix: provide required components (#2877 by @lschuermann)
Kernel: store a process's completion code (#2836 by @bradjc)
Add LiteX simulator based CI (#2801 by @lschuermann)
tools: rustdocs: replace images with tock logos (#2874 by @bradjc)
doc: add core notes 2021-10-08 (#2865 by @bradjc)
Run board tests as part of the CI (#2854 by @alistair23)
doc: add various Tock procedures (#2730 by @bradjc)
Remove all uses of expect("xx"), replace with unwrap() (#2857 by @hudson-ayers)
Correct grammar errors and make context clearer in the README (#2869 by @saki-osive)
capsules: symmetric_encryption/aes: Reduce code size (#2863 by @alistair23)
kernel: process: add get_addrs(), get_sizes() (#2822 by @bradjc)
Hmac/Sha: Capsule size reduction (#2855 by @alistair23)
LiteX: add GPIO support (#2821 by @lschuermann)
update rust to nightly-2021-10-03 (#2858 by @hudson-ayers)
RFC: Allow use of cargo features to configure the kernel::CONFIG constant (#2837 by @hudson-ayers)
boards/litex/{sim,arty}: bump targeted tock-litex release (#2860 by @lschuermann)
make: use relocation-model=static (#2853 by @bradjc)
boards: build.rs: make sure all files exist (#2861 by @bradjc)
Add a tool for finding panics in a Tock .elf file (#2755 by @hudson-ayers)
capsules: lld: Copy only length of message (#2848 by @bradjc)
add a document on how to reduce Tock code size (#2849 by @hudson-ayers)
tock-tbf: Add support for parsing storage IDs and driver permissions (#2824 by @alistair23)
chips/lowrisc: Fixup the CSRNG (#2856 by @alistair23)
Add process console shell prompt (#2785 by @alexandruradovici)
Update Nightly - Sep 2021 (#2816 by @bradjc)
use -Zbuild-std=core to build the std library with our optimization settings (#2847 by @hudson-ayers)
HIL: Digest: Add SHA/HMAC verify (#2697 by @alistair23)
OpenTitan: Application fixups (#2850 by @alistair23)
Update to Rust 2021 edition (#2838 by @hudson-ayers)
Add core notes of 2021-09-17 (#2840 by @lschuermann)
Core working group notes, September 24 (#2844 by @gemarcano)
netlify: set TERM explicitly (#2843 by @ppannuto)
tock-registers: rename TryFromValue::try_from to try_from_value (#2842 by @lschuermann)
Finalize the HIL Design TRD (#2828 by @phil-levis)
kernel: process: fmt, spell chk, & update comments (#2835 by @bradjc)
Add a kernel config option to elide process printing code (#2759 by @hudson-ayers)
CI Hardware Documentation Creation (#2633 by @AnthonyQ619)
Bump the OpenTitan SHA and fix failing test cases (#2825 by @alistair23)
kernel: Read Only State (#2381 by @alistair23)
Add remove_mpu_region() functionality to mirror allocate_region() (#2728 by @jettr)
components/{gpio,button}: support both referenced and owned GPIO pins (#2819 by @lschuermann)
[Nano RP2040 Connect] Update README app flashing command (#2832 by @Cristiana959)
Rv32i/pmp: Reduce size of some inefficient constructions (#2757 by @hudson-ayers)
capsules/low_level_debug: source DRIVER_NUM from driver::NUM (#2827 by @lschuermann)
kernel: mpu: Cleanup the comment for the default config type (#2829 by @bradjc)
Core working group notes, September 10 (#2818 by @brghena)
Add core notes of 2021-09-03 (#2817 by @lschuermann)
Console: Refactor code to reduce size (#2823 by @hudson-ayers)
kernel: Add new userspace readable allow syscall (#2803 by @alistair23)
AES: Initial support for userspace AES (#2795 by @alistair23)
add core notes for August 20, 2021 (#2813 by @hudson-ayers)
OpenTitan: Bump the SHA and add CW310 support (#2804 by @alistair23)
Update trd-uart.md (#2808 by @jettr)
Correct punctuation issues in trd-uart.md (#2807 by @jettr)
add core notes 2021-08-27 (#2802 by @gemarcano)
rv32i/pmp: add clarifying comment to enumeration (#2806 by @jettr)
OpenTitan: Initial commit of the CSRNG (#2796 by @alistair23)
Kernel panic debug: Add grant region breakdown (#2747 by @bradjc)
I2C for RPi Pico (#2690 by @Gerharddc)
debug: rename begin_debug_fmt and add non-newline version (#2724 by @jettr)
kernel: add public process_map_or_external fn (#2726 by @jettr)
doc: misc updates (#2799 by @bradjc)

tock/tock release-2.1 Tock 2.1 on GitHub