TockOS is an embedded operating system designed specifically for running multiple concurrent, mutually distrustful applications. It is optimized for embedded platforms based on Cortex-M and RISC-V. The core of its design is a protection mechanism that guards against potential malicious applications and isolates device drivers. TockOS employs two mechanisms to protect different components of the operating system: first, both the kernel and device drivers are written in Rust, a systems programming language that provides compile-time memory safety and type safety. TockOS uses Rust to shield the kernel (such as the scheduler and hardware abstraction layer) from platform-specific device drivers and to isolate device drivers from each other. Secondly, TockOS uses a memory protection unit to isolate applications from each other and from the kernel.
The Design Philosophy and Features of TockOS
Active Object-Based Concurrency Model
TockOS adopts the Active Object concurrency computing model, which is safer than the traditional