A secure embedded operating system for microcontrollers that runs multiple concurrent, mutually distrustful applications on Cortex-M and RISC-V platforms.
Tock is an embedded operating system designed for microcontrollers that focuses on security and protection in resource-constrained environments. It enables multiple concurrent applications to run while maintaining isolation between them and the kernel, using Rust for memory safety and hardware memory protection units for isolation. This makes it suitable for IoT and embedded systems where safety and security are critical.
Embedded systems developers and engineers building secure IoT devices, medical devices, industrial controllers, or other safety-critical applications on Cortex-M and RISC-V based microcontrollers. Researchers and academics studying secure embedded operating systems may also find it valuable.
Developers choose Tock over alternatives because it uniquely combines Rust's compile-time memory safety with hardware-enforced application isolation, providing strong security guarantees for resource-constrained embedded systems. Its design specifically addresses running multiple mutually distrustful applications concurrently while protecting both the kernel from drivers and drivers from each other.
A secure embedded operating system for microcontrollers
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
The kernel and device drivers are written in Rust, providing compile-time memory and type safety to prevent vulnerabilities like buffer overflows, as highlighted in the SOSP'17 paper.
Uses hardware memory protection units to isolate applications from each other and the kernel, enabling secure concurrent execution of untrusted code, a core design principle mentioned in the README.
Provides a HAL that protects the kernel from platform-specific drivers and isolates drivers from each other, improving portability and security for embedded platforms.
Runs on both Cortex-M and RISC-V based microcontrollers, offering flexibility for different hardware choices, as stated in the GitHub description.
Requires proficiency in Rust and embedded systems concepts, which can be a barrier for developers accustomed to C-based RTOSes, despite the available Tock Book and tutorials.
Has fewer pre-built device drivers compared to mature alternatives like FreeRTOS or Zephyr, often necessitating custom driver development for new hardware.
Setting up Tock for a new board involves significant configuration and understanding of the build system, as implied by the detailed contributing guide and hardware abstraction requirements.