Skip to content

Commit 837c4d7

Browse files
authored
my-tap-journey.markdown (#33)
1 parent bb66db6 commit 837c4d7

File tree

1 file changed

+65
-0
lines changed

1 file changed

+65
-0
lines changed
Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
---
2+
layout: post
3+
title: "My TAP Journey"
4+
date: 2025-03-14
5+
categories: tap sonata cheriot-rtos
6+
author: Adam Finney
7+
---
8+
9+
Over the past few months, I have had the opportunity to work with CHERIoT and Sonata in ways that have really pushed me as a developer.
10+
When I started this project, I knew that CHERI's capability based memory model was something special, but I did not fully appreciate how much it would change the way I think about secure embedded systems.
11+
This has been more than just a technical challenge. It has been a genuine learning experience that has reshaped how I approach programming, security, and system design.
12+
13+
# Discovering CHERIoT and Sonata
14+
15+
When I first started working with CHERIoT, I knew it was designed to tackle one of the biggest problems in embedded development: security, buffer overflows, memory corruption, and other memory related issues have plagued embedded systems for decades.
16+
CHERIoT's capability based memory model offers a fundamentally different way of handling these problems at the hardware level.
17+
Instead of patching the symptoms, it removes the underlying vulnerabilities.
18+
19+
Sonata, as the development platform for CHERIoT, gave me the chance to put these ideas into practice.
20+
It was a bit daunting at first. Figuring out how to structure code within that framework required a real shift in mindset.
21+
But once it started to click, I began to see how powerful it could be.
22+
Instead of constantly worrying about memory safety and unexpected crashes,
23+
I could focus more on building functionality, knowing that the hardware was helping to protect me from some of the most common programming mistakes.
24+
25+
# Pushing Through Challenges
26+
27+
There were definitely some challenging moments along the way. Early on, I tried to implement lwIP for networking, but it became clear that it was not the right fit.
28+
After seeing the [Hugh the Lightbulb](https://github.com/cheriot-Platform/cheriot-demos) demo, I switched to FreeRTOS plus TCP, and that turned out to be the right move.
29+
FreeRTOS plus TCP integrated much more smoothly with CHERIoT.
30+
31+
Networking was a big focus for me.
32+
I have been working on finalising the IPv6 and UDP stack and preparing it for open source release.
33+
The packet sniffing and IPv6 proof of concept has been open source for a while now, but I realised it was using more power than it should because the filters were completely pass-through.
34+
Fixing that turned out to be more complicated than I expected.
35+
36+
IPv6 and DTLS add an extra layer of complexity that required more than just tweaking the code.
37+
This was solved with the help of the community with compiler optimisations and the integration of HyperRAM.
38+
At the time of writing, the stack is in the shake down phase.
39+
That frustrating but exciting period where you know you are close to the finish line, but the last ten percent of the work feels like half the effort.
40+
41+
# Shifting My Approach to Code
42+
43+
One of the biggest changes for me has been how I now think about code structure.
44+
Before CHERIoT, I would organise code by function, grouping similar tasks together to keep things tidy and efficient.
45+
But CHERIoT's memory model encourages a different way of thinking.
46+
47+
I started organising code by safety boundaries rather than function.
48+
I separated input and output from parsing and business logic, setting up compartments where failures in one area could not compromise the whole system.
49+
It required more upfront design work, but the payoff was huge.
50+
Debugging became easier, failures were contained, and the overall stability of the system improved significantly.
51+
52+
Compartmentalisation has changed the way I write code, not just on CHERIoT but across other projects as well.
53+
It makes you more thoughtful about how data flows through a system and where the vulnerabilities might be hiding.
54+
55+
# What I Have Learned
56+
57+
I think the biggest lesson I have taken away from this experience is that the hardest problems often need a completely new way of thinking.
58+
Trying to fix memory safety at the software level will only take you so far.
59+
You need to solve it at the hardware level, which is exactly what CHERIoT does.
60+
61+
Working with a strong community makes a huge difference.
62+
Being able to ask questions, share ideas, and learn from others' experiences has made the process so much smoother.
63+
The idea of combining a top down strategy with a bottom up, grassroots approach feels like the right way to drive adoption and make CHERIoT and Sonata a success.
64+
65+

0 commit comments

Comments
 (0)