AppID Roadmap

[bradjc]

This is a place to document and discuss the roadmap for AppID. The goal is to ensure the mechanism supports varied use cases while making it robust and easy to use.

The AppID TRD does a great job of describing the intended use cases and general flexibility of Tock's AppID mechanism.

• Add async process loading. Add an Asynchronous Process Loader #3828 Add Asynchronous Process Loader, Split Credential Traits, Make Process Checking pre-Kernel Loop #3849
• Separate the credential checking policy trait from the AppID assignment traits. Add Asynchronous Process Loader, Split Credential Traits, Make Process Checking pre-Kernel Loop #3849
  • This makes it straightforward to compose an app id policy with a credential policy.
• Support cryptographic signature credentials.
  • Provide the framework (HIL support and a policy). HIL: Add Signature::verify with const L:usize and process checker for signatures #3878
  • Implement RSA2048 signatures.
  • Implement ECDSA signatures.
  • For this task we really need a no_std (ie no alloc) signature implementation in Rust.
• Add a Short ID TBF header. This allows developers to specify the Short ID used at app compilation time.
• Resolve the tension between write_id and ShortID.
  • Both are 32 bit app identifiers. Write_id is designed for persistent storage. However, it is isn't clear why an app would want those to be different.
• Rename the ShortID type to ShortId. This matches ProcessId. Add Asynchronous Process Loader, Split Credential Traits, Make Process Checking pre-Kernel Loop #3849
• Implement credential checking on a process loaded at runtime.
• Add components for AppID to make it easier for boards to use.

[bradjc]

One impact of the changes to the way process credentials are checked is that if require_credentials() returns false, we can no longer tell if a process had valid credentials or not. This has impacts for the hotp tutorial which used credentialed versus not to change how the kernel treats processes.