Struct RootCapabilityDrop 

pub struct RootCapabilityDrop {
    pub revoked_count: usize,
    pub completed: bool,
    pub final_capability_count: usize,
}

Root capability drop operation per SEC-001.

After Stage 3, this struct orchestrates:

1. Identifying capabilities to revoke
2. Revoking all non-minimum capabilities
3. Verifying the drop succeeded

Fields

revoked_count: usize

Capabilities that were revoked.

completed: bool

Whether the drop completed successfully.

final_capability_count: usize

Final capability count for root task.

Implementations

impl RootCapabilityDrop

pub fn new() -> Self

Creates a new root capability drop operation.

pub fn execute( &mut self, boot_capabilities: &BootCapabilitySet, minimum_set: &MinimumCapabilitySet, ) -> Result<(), KernelError>

Executes the capability drop.

SEC-001 Requirements

• Root task MUST lose access to all physical memory
• Root task MUST retain only minimum capability set
• Drop MUST be irreversible (cannot re-escalate)

pub fn verify(&self, minimum_set: &MinimumCapabilitySet) -> bool

Verifies the drop was successful.

Trait Implementations

impl Default for RootCapabilityDrop

fn default() -> Self

Returns the “default value” for a type.