minimal bootloader with bare metal hypervisor on blue pill.
mostly it's a show case of security model. bootloader recieves calls, ensures a loaded app foolows its manifest, handles interrupts and beheaves as a supervisor for app. this includes MPU, stack protection, SVC, and etc.
SVC calls include:
- region request to a peripheral/memory based on app's manifest
- wdt kick
- exit / fault
this model provides scale for apps. UART, SPI,
GPIO and etc. happen as plain MMIO reads once SVC_REGION_REQ has granted
the region.
memory layout (assume stm32f103 - 64k flash and 20k RAM).
- hypervisor flash - 16K - protected
- hypervisor's RAM - 4K - privileged
- GUARD (MPU) - 1 K - no access
- app flash - 48K
- app's RAM and stack
build everything with make all, that includes the modules (modules.mk) and core
library.
there are also such commands:
make flash # to flash bootloader (!)
make erase # to erase the board
make clean # to clean build folder
make debug # run gdb
make modules # build apps
# various debugging stuff
make dump-boot
make sym-boot no external os or libraries required. the only optional dependency is a ed25519 implementation included as a submodule.