Merge branch 'main' into spec-review/reviewed-threat-model-and-purposing-new-changes

Author: bikashpoudel43

.github/copilot-instructions.md

@@ -9,6 +9,9 @@
 - [ ] Unsafe code blocks are documented with safety comments
 - [ ] Hardware register access uses proper volatile operations
 - [ ] Cryptographic operations use constant-time implementations where applicable
+- [ ] Code is no_std compatible (no heap allocation: Vec, HashMap, String, etc.)
+- [ ] Fixed-size arrays and heapless collections used instead of dynamic allocation
+- [ ] Stack usage is bounded and reasonable for embedded targets
 
 ## Quick Reference: Forbidden Patterns
 
@@ -19,6 +22,9 @@
 | `collection[index]` | `collection.get(index).ok_or(Error::OutOfBounds)?` |
 | `a + b` (integers) | `a.checked_add(b).ok_or(Error::Overflow)?` |
 | `ptr.read()` | `ptr.read_volatile()` (for MMIO) |
+| `Vec<T>`, `HashMap<K,V>` | Fixed-size arrays `[T; N]`, `heapless::Vec<T, N>` |
+| `String` | Fixed-size string `heapless::String<N>` or `&str` |
+| `Box<T>` | Stack allocation or `&mut T` reference |
 
 ## Security-Specific Guidelines
 

Cargo.lock

@@ -7,7 +7,7 @@ members = [
     "hal/blocking",
     "hal/async", 
     "hal/nb",
-    "platform/traits",
+    "platform/traits/hubris",
     "platform/impls/baremetal/mock",
     "platform/impls/linux",
     "platform/impls/tock",
@@ -28,5 +28,6 @@ zerocopy = { version = "0.8", features = ["derive"] }
 zeroize = { version = "1.8", default-features = false, features = ["derive"] }
 subtle = { version = "2", default-features = false }
 # Pin to match Hubris ecosystem
-rand_core = { version = "0.6", default-features = false }
+rand_core = { version = "0.9", default-features = false }
 embedded-hal = "1.0"
+heapless = { version = "0.9", default-features = false }