Camelot OS


 Merlin : un framework de drivers userspace embarqués sécurisé

Dans un projet embarqué, écrire un driver n’est rarement qu’un problème de registres. Il faut aussi raccorder correctement le matériel décrit dans le DeviceTree, gérer le cycle de vie du périphérique, éviter les séquences d’initialisation fragiles, partager les bus proprement entre couches logicielles, et conserver…

Continue reading...

Why Formal Verification Matters in the Sentry Microkernel

Micro-kernels such as Sentry aim to provide strong isolation, minimal trusted computing bases, and high assurance for embedded and security-critical systems. However, achieving these goals in practice is difficult: subtle bugs in low-level code, memory protection, or context switching can completely undermine the intended security…

Continue reading...

Exploring Pointer-Free Data Exchange in Sentry

When diving into Sentry-micro-kernel concepts, one design choice really stood out: no pointer passing between user space and kernel space. Instead of relying on pointers, Sentry uses a dedicated buffer called svc_exchange to transfer data between applications and the kernel. This simple but powerful approach:…

Continue reading...

Formal proof in embedded systems part 3

Alongside noRTE coverage, the Sentry kernel aims to hold functional proofs for its critical functions. One of them is the memory management part, that is responsible to ensure the W^X property of all memory regions mapped, for both kernel an user tasks. This work has…

Continue reading...

Sentry Kernel key concepts part 1: Basics

When it comes to embedded systems, security and reliability aren’t just features—they’re requirements. That’s why we built the Sentry Kernel, a preemptive micro-kernel designed for micro-controllers, with security baked in from the ground up. 🔑 Key Highlights: Minimal attack surface: Only critical devices (like DMA)…

Continue reading...