Tock Core Notes 2021-10-08

Attendees

• Amit Levy
• Leon Schuermann
• Alexandru Radovici
• Hudson Ayers
• Jett Rink
• Philip Levis
• Gabe Marcano
• Johnathan Van Why
• Vadim Sukhomlinov
• Brad Campbell

Updates

• Brad: Hard/impossible to get debug printing traits for everything, but does work for printing the memory map. PR is open and updated.
• Phil: Using autogenerated registers for OpenTitan. Plan to keep them separate files for now (since they change often). Eventually merge them into the driver file once stabilized.
  • No longer just constants, actually generating the register macro now.
• Jett: Going to update the time HIL to remove the 'a lifetime.

AppID

• https://github.com/tock/tock/blob/appid/doc/reference/trd-appid.md
• End of section 4.
• Challenge: generate compiled binary, then want to include TBF header. Integrity protection needs to cover code binary and headers, but not the credentials header.
• Header has length. Need to pick some length, then compute header value and then insert in TBF header.
• Should an app be signable serially? Or do all signatures have to happen at once?
• Do signatures stack? Or does the second signature sign the previous signature?
  • Idea: signature 2 signs over previous signature. Benefit would be could add an arbitrary number of signatures.
• Verifier decides how to handle if there are multiple signatures.
• Examples would help with why multiple signatures.
  • Do Tock users want to do this?
  • Work on use cases.
• Idea: put signature/credentials in a "container" separate from TBF.
• Idea: put signatures at the end, perhaps as some sort of list.
• Various technical implementations proposed and discussed.
• note: ARM MPU requires power of 2, appending to the binary would today double the length.
• Signatures could be large (kilobytes) so reserving space could add a fair bit of speculative overhead.

UART HIL

• Incorporated comments.
  • "Word" -> "Character"
• API change
  • abort() result. https://github.com/tock/tock/blob/d834efc6a880a2561019b86162e9e5b08dc22f10/doc/reference/trd-uart.md#3-transmit-and-transmitclient
  • Used to be: Ok() gets callback, Err() does not.
  • Now has AbortResult, whether abort worked, and whether there will be a callback.
    • Idea: use three different fields in enum, no bool. Can add helper functions.

PR Merges

• To squash or not to squash?