Skip to main content

Crate ruvix_boot

Crate ruvix_boot 

Source
Expand description

§RVF Boot Loading for RuVix Cognition Kernel

This crate provides the RVF (RuVector Format) boot loading infrastructure for the RuVix Cognition Kernel as specified in ADR-087.

§Boot Sequence (ADR-087 Section 9.1)

The kernel boot follows a five-stage process:

StageNameDescription
0Hardware InitPlatform-specific initialization (mocked in Phase A)
1RVF VerifyParse manifest + ML-DSA-65 signature verification
2Object CreateCreate root task, regions, queues, witness log
3Component MountMount components + distribute capabilities
4First AttestationBoot attestation to witness log

§Security (SEC-001)

This crate implements critical security fixes:

  • Signature failure: PANIC IMMEDIATELY, no fallback boot path
  • Root task capability drop: After Stage 3, root task drops to minimum set
  • Witness log integrity: Append-only, cryptographically linked

§Features

  • std: Enable standard library support (default)
  • alloc: Enable alloc crate support
  • metrics: Enable boot metrics collection
  • verbose: Enable verbose boot logging
  • baremetal: Phase B bare metal (no std, no libc)

§Example

use ruvix_boot::{BootLoader, BootConfig};

let config = BootConfig::default();
let mut loader = BootLoader::new(config);

// Load and verify the RVF boot image
let manifest_bytes = include_bytes!("boot.rvf.manifest");
let signature = include_bytes!("boot.rvf.sig");

// This will PANIC if signature verification fails (SEC-001)
loader.boot(manifest_bytes, signature)?;

Modules§

stage
Boot stage constants.

Structs§

AttestationEntry
Witness log entry for attestation.
BootAttestation
Boot attestation entry recorded as the first witness log entry.
BootCapabilitySet
The complete set of initial capabilities for the root task.
BootConfig
Boot loader configuration.
BootLoader
Main boot loader.
BootResult
Boot result containing all boot artifacts.
CapabilityDistribution
Capability distribution result from Stage 3.
ComponentDecl
Component declaration within an RVF package.
ComponentGraph
Component graph representing the DAG of WASM components.
InitialCapability
Initial capability descriptor for boot-time creation.
MemorySchema
Memory schema containing region declarations.
MinimumCapabilitySet
Minimum capability set for root task after SEC-001 drop.
MountConfig
Configuration for RVF mount operations.
MountResult
Result of an RVF mount operation.
ProofAttestation
A proof attestation recorded in the kernel witness log.
ProofPolicy
Proof policy containing per-component tier requirements.
QueueWiring
Queue wiring between components.
RegionHandle
Handle to a memory region.
RollbackHook
Rollback hook (WASM function for state rollback).
RootCapabilityDrop
Root capability drop operation per SEC-001.
RvfManifest
RVF Manifest containing the complete package description.
RvfMount
RVF mount operation handler.
RvfMountHandle
Handle to a mounted RVF package.
SignatureVerifier
Signature verifier for RVF packages.
Stage0Hardware
Stage 0: Hardware initialization.
Stage1Verify
Stage 1: RVF manifest parse + signature verification.
Stage2Create
Stage 2: Kernel object creation.
Stage3Mount
Stage 3: Component mount + capability distribution.
Stage4Attest
Stage 4: First attestation (boot attestation to witness log).
TaskHandle
Handle to a task (unit of concurrent execution).
WitnessLog
Witness log for boot and runtime attestation.
WitnessLogConfig
Witness log configuration.
WitnessLogEntry
Complete witness log entry (header + payload).
WitnessLogPolicy
Witness log policy configuration.

Enums§

BootStage
Boot stage enumeration.
KernelError
Kernel error codes.
ProofTier
Proof tier determining verification complexity.
RegionPolicy
Memory region access policy.
RvfVerifyStatus
RVF package verification status.
TaskPriority
Task scheduling priority.
VerifyResult
Result of signature verification.

Constants§

MAX_COMPONENTS
Maximum number of components in an RVF package.
MAX_MANIFEST_SIZE
Maximum manifest size in bytes.
MAX_QUEUE_WIRINGS
Maximum queue wiring connections per manifest.
MAX_REGION_DECLS
Maximum region declarations per manifest.
ML_DSA_65_PUBLIC_KEY_SIZE
ML-DSA-65 public key size in bytes.
ML_DSA_65_SIGNATURE_SIZE
ML-DSA-65 signature size in bytes (NIST FIPS 204).

Type Aliases§

Result
Result type for boot operations.