Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Added memory documentation #992
Pull Request Overview
Since I'm working on the MPU, I'm constantly thinking about what high-level isolation properties we want to enforce with Tock. After discussing this with several people, the idea came up to write a small document and create a pull request, which is exactly what I just did.
I've changed the existing memory layout doc, and adjusted it to include some aspects regarding isolation.
TODO or Help Wanted
I'd like some feedback on this document. Are these all the security properties we want to enforce in memory in Tock, or am I missing something? Should I go more in-depth or does this have sufficient depth and clarity? Feel free to adjust.
left a comment
Maybe a suggestion: move all of the notes about access restrictions to their own section. That section can then be very clear about the conceptual memory access restrictions, and how those are enforced by an MPU. Then it can also discuss the caveats: Rust does compile-time access restriction, processes can write their own flash (except for the header) using a capsule, etc.
left a comment
I added some more detail to memory_isolation.md, but I think this is helpful documentation.
One thing I made a little more ambiguous is around process nonvolatile memory (in our platforms, flash). While it is true that we make the process flash region read only, from an architecture point of view I don't think that is something we mean to explicitly enforce, but rather a side effect from the complexities of writing flash memory. If we were running on FRAM, I'd imagine we would be ok with apps writing their own nonvolatile code/storage regions directly.