Tock is asynchronous and all operations are non-blocking
The core kernel has access to the entire system and can use the Rust unsafe keyword
The peripheral devices can use the unsafe keyword and can directly access hardware
Capsules (where a lot of functionality is implemented) must be safe Rust
No access to hardware or core kernel features
Currently no hardware isolation in the kernel, just code design isolation (WD is working on improving this)
Allow marks a region of memory as shared between the kernel and application. Passing a null pointer requests the corresponding driver to stop accessing the shared memory region.
Subscribe assigns callback functions to be executed in response to various events.
Command instructs the driver to perform a specific action.
Yield transitions the current process from the Running to the Yielded state, and the process will not execute again until another callback re-schedules the process.
All except for yield are non-blocking
Setup Tock drivers and register callbacks
Read bytes from USB and pass to CTAP library
Send data returned from library after processing
Crypto sign and attest operations.
Currently done in software in userspace, eventually wan to offload to the Tock kernel and hardware accelerators
HMAC is off loaded to Tock and HMAC hardware
Currently no TRGN, so nonce is hardcoded
Also no flash storage, so data is lost on reboot