OS Selection document #73
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Remove ARM-specific MPU reference to make document architecture-agnostic - Remove NIST SP 800-193 firmware resiliency reference (not specifically required) - Remove TCG RTM specification reference - Correct author name from "Fife, C." to "Biffle, C. L." - Clean up orphaned citation references [7], [9], [10] in text - Maintain technical content while removing architecture-specific dependencies The document now focuses on OS evaluation criteria without tying to specific hardware architectures or standards that don't mandate the discussed features.
- Replace inaccurate "garbage collection capabilities" with correct description of deterministic memory reclamation through Rust's ownership system - Remove incorrect claim about fragmentation in grant-based allocation - Update technical comparison to accurately reflect Tock's grant mechanism and immediate cleanup on process termination
FerralCoder
requested changes
Oct 22, 2025
- Reframe Tock's dynamic features as valuable capabilities rather than problems - Remove dismissive language about complexity and resource management issues - Update conclusion to emphasize choice based on avoiding complexity vs. gaining flexibility - Acknowledge both systems as sophisticated, well-engineered approaches - Replace outdated "research platform" characterization with recognition of Tock's production deployments in security-critical systems (reflecting 2025 maturity) - Remove inappropriate multi-tenancy references for embedded systems - Present decision as context-specific trade-off rather than universal superiority - Maintain technical accuracy while respecting both architectural approaches
- Remove Hubris-specific implementation details from evaluation criteria section - Replace specific mentions of Hubris features with generic requirements - Focus criteria on what OpenPRoT is looking for rather than how systems implement it - Maintain clear separation between requirements (criteria) and solutions (technical analysis) - Keep evaluation criteria neutral and implementation-agnostic
- Replace inaccurate "unforgeable access tokens" with correct description - Change "Minimal HAL" to "Direct Register Access" for clarity - Remove capability-based permissions terminology that doesn't apply to Hubris - Accurately describe that tasks directly manipulate hardware registers - Clarify that permissions are statically configured at compile time
- Add debuggability and system observability as 6th evaluation framework criterion - Include detailed comparison of Hubris's kernel-aware debugging vs Tock's console interfaces - Document Humility debugger's Debug Binary Interface (DBI) architecture - Highlight security advantages of external debugging vs in-application consoles - Add comprehensive coverage of core dump support for post-mortem analysis - Emphasize production-grade debugging capabilities for security-critical systems
FerralCoder
requested changes
Oct 22, 2025
FerralCoder
reviewed
Oct 22, 2025
- Restructure opening paragraph for better flow and readability - Add paragraph explaining Rust OS requirement rationale
…provements - Add Memory Architecture and SRAM Efficiency analysis to comparison tables - Correct technical understanding of both Hubris and Tock as XIP-capable systems - Replace "Task Model" with "System Composition" for clearer terminology - Update memory efficiency descriptions to use "suitable memory regions" terminology - Improve accuracy of OS characterizations based on actual architectures This enhances the technical accuracy and completeness of the OS evaluation framework.
- Add DOI link for Levy et al. Tock OS academic paper - Fix OpenPRoT GitHub organization reference capitalization - Add link to official online Rust book documentation - Ensure all references are clickable and accessible All references now have proper links for reader access to source materials.
FerralCoder
requested changes
Oct 23, 2025
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a comprehensive technical whitepaper documenting the OpenPRoT workgroup's evaluation and selection of Hubris as the operating system for the platform root of trust implementation. The document compares Hubris and Tock OS across six critical dimensions and provides detailed technical rationale for the selection decision.
Key changes:
- New design document explaining OS selection criteria and methodology
- Detailed technical comparison of Hubris vs Tock OS architectures
- Justification for selecting Hubris based on security-critical requirements
* moved mention of Hubris from Criteria to Analysis section * removed dead references [9,10]
Co-authored-by: Copilot <[email protected]>
FerralCoder
approved these changes
Oct 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.