Espressif Privilege Separation Framework
APACHE-2.0 License
ESP Privilege Separation is an approach to separate out traditional monolithic RTOS firmware into 2 independent executables, protected_app
and user_app
, with different privilege levels and a clearly defined system-call
interface between them. Protected app executes in a higher privilege mode, with full access to entire system memory and all peripherals; whereas the user application has a restricted memory and peripheral access (as defined and granted by the protected app).
The entire firmware comprises of 2 different executables:
vTaskDelay()
from the user-space will internally be redirected to usr_vTaskDelay()
which actually executes the system call.To get started, please try out the examples. Each example has README with all setup instructions.
Please refer to the documentation for latest version at: https://docs.espressif.com/projects/esp-privilege-separation/en/latest/esp32c3/index.html. This documentation is built from the docs directory of this repository.
The ESP Privilege Separation framework is under active development. There are a wide range of problems that are unsolved yet, and are quite interesting to explore. We will be addressing these in the days to come. With this release, our goal is to enable a minimal set of functionality that can achieve the user-kernel privilege separation with minimal memory bloat for user applications, at the same time, maintaining simplicity and backward compatibility for the ESP-IDF APIs.
If you have a specific requirement that you believe fits well in this framework, or if solving such problems excites you, we'd love to talk to you for collaboration.