Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

An online series designed for people new to Tock explaining the system architecture with a focus on how it can be used in their projects. The series uses the Tock online book, kernel documentation, libtock-rs and libtock-c repositories to illustrate the concepts.

Current Videos

Audience

  1. Students building course projects
  2. Job seekers creating interview-ready demos
  3. People prototyping ideas for work
  4. Rust/embedded enthusiasts curious about Tock

Materials & Setup

Core references

Tools

  • QEMU virtual environment (used throughout Section I)
  • rustup (stable), cargo, gcc (or build-essentials), Python 3
  • tockloader (pip3 install tockloader)
  • (Optional) VS Code with Rust Analyzer for debugging

Hardware (Section II–IV)

Repositories used

# Suggested clones in a dedicated workspace
git clone https://github.com/tock/tock.git
git clone https://github.com/tock/libtock-rs.git
git clone https://github.com/tock/libtock-c.git

Four Sections & Session Plan

  • Section I — Understand Tock and its use cases using QEMU (Weeks 1–6)
  • Section II — Tock on Hardware (nRF52840-DK) (Weeks 7–10)
  • Section III — Wireless with 802.15.4 and Thread (Weeks 11–13)
  • Section IV — Security & Delivery (Weeks 14–16)

Section I — Understand Tock and its use cases using QEMU (Weeks 1–6)

Session 1 — Setup Tock Tooling & First Boot on QEMU (Blink)

Outcome: Boot Tock under QEMU, install/run a Rust app, see the event loop.

Presentation: Tock overview; userspace vs kernel

Hands-on:

Session 2 — Multiple Apps on QEMU and tockloader Essentials (Blink + Buttons)

Outcome: Run multiple apps; manage them with tockloader; observe interaction with capsules.

Presentation: Processes, memory limits, and basic capsules (LEDs, Buttons).

Hands-on:

Session 3 — Under the Hood: Syscalls, Upcalls, Data Movement, and Debugging

Outcome: Understand command, subscribe, allow, yield; learn basic QEMU/VS Code debugging.

Presentation: Kernel tie-in: syscalls overview: yield, subscribe, command, allow.

Hands-on:

Session 4 — Inter-Process Communication (IPC) and C Apps on Tock

Outcome: See process isolation in action; pass data via IPC; compare C vs Rust apps.

Presentation: Why IPC in Tock; minimal surfaces; yield_for patterns.

Hands-on:

Session 5 — QEMU Virtual Screen: Text and Graphics

Outcome: Write text and simple graphics to the QEMU screen.

Presentation: Text/Screen capsules; display buffers; double-buffering basics.

Hands-on:

Session 6 — App Storage: Key-Value and Non-Volatile Storage

Outcome: Persist and retrieve app data in QEMU with Key-Value DB and non-volatile storage (this would be good to do with a Rust application instead of the C examples.)

Presentation: Understand how to use the Key-Value and non-volatile storage capsules

Hands-on:

Section II — Tock on Hardware (nRF52840-DK) (Weeks 7–10)

Session 7/8 — Board Bring-Up: Flashing Kernel & Apps; using hardware sensors with Tock

Outcome: Kernel flashed on nRF52840-DK; compile, flash and debug the temperature sensor on nRF52840

Presentation: J-Link/OpenOCD; board support; Interrupts & callbacks; temperature sensor.

Hands-on: Hands-on: Setup the temperature sensor app on the nRF52840 DK development board and debug

Hands-on:

  • Button toggles LED with interrupt; periodic LED “heartbeat” via Alarm
  • Measure callback cadence (print timestamps)

Session 9 — Using the ADC

Outcome: Sample temperature/ADC; format and print readings; basic filtering.
Presentation: Sensor capsules; synchronous user code atop async drivers (yield_for).

Hands-on:

Session 10 — USB HID Keyboard (Stage 1: Userspace)

Outcome: Act as a USB HID keyboard; inject HOTP/one-shot codes from a user app.

Presentation: USB device basics; HID report structure; event-driven app design.

Hands-on:

Section III — Wireless with 802.15.4 and Thread (Weeks 11–13)

Session 11 — 802.15.4 Basics: RX/TX and UDP Capsule

Outcome: Transmit/receive between two boards; inspect frames/packets; simple UDP.

Presentation: Radio stack overview; addressing/channel; reliability tradeoffs.

Session 12 — Thread Networking (Stage 1): Join and Inspect a Network

Outcome: Join a Thread network; observe state changes; obtain IPv6 addresses.

Presentation: Thread roles (router, end device), commissioning, security material.

Hands-on:

  • Build Thread demo; join an existing network or a provided border router
  • Show address/state in tockloader listen

Session 13 — Thread (Stage 2): Encrypted Sensor Data

Outcome: End-to-end: sensor → encrypt → send; decrypt on the other end.

Presentation: Keys/credentials; app vs kernel responsibilities; failure modes.

Hands-on:

Section IV — Security & Delivery (Weeks 14–16)

Session 14 — App Signing & Tock Binary Format

Outcome: Build/sign apps with ECDSA; verify at load/run; understand startup flow.

Presentation: Tock Binary Format (TBF), headers, versioning; boot pathway.

Hands-on:

  • Sign an app; demonstrate accepted vs tampered images

Session 15 — Threat Model & Isolation

Outcome: Map Tock’s threat model to your project; identify defenses & gaps.

Presentation: Process isolation, MPU, capabilities; least privilege in capsules.

Hands-on:

  • Create a simple threat table for your project (assets, adversaries, mitigations)

Session 16 — USB Security Key (Stage 2): Kernel Oracle & Access Control

Outcome: Move secrets to a kernel driver; enforce which app can use them.

Presentation: Capabilities & policy; userspace→kernel trust boundaries.

Hands-on:

  • Add credentials/policy to enable HID code entry only from your app
  • Show denied-by-default behavior, then allow with proper credential