Tock: From Research to Securing 10 Million Computers
It addresses the challenge of building secure and efficient operating systems for resource-constrained and security-sensitive applications, though it is incremental in applying existing languages and hardware mechanisms.
The paper examines how Tock, a research operating system initially designed for urban sensing, evolved into a widely deployed platform securing millions of devices, leveraging Rust for safety and efficiency.
Tock began 10 years ago as a research operating system developed by academics to help other academics build urban sensing applications. By leveraging a new language (Rust) and new hardware protection mechanisms, Tock enabled Multiprogramming a 64 kB Computer Safely and Efficiently. Today, it is an open source project with a vibrant community of users and contributors. It is deployed on root of trust hardware in data center servers and on millions of laptops; it is used to develop automotive and space products, wearable electronics, and hardware security tokens--all while remaining a platform for operating systems research. This paper focuses on the impact of Tock's technical design on its adoption, the challenges and unexpected benefits of using a type safe language (Rust)--particularly in security sensitive settings--and the experience of supporting a production open4source operating system from academia.