Address Feedback from TockWorld7 USB Security Key Tutorial

[lschuermann]

Participants have given us the following feedback on the USB security key tutorial hosted at TockWorld7:

• More guidance would be appreciated on the libtock-c part of the tutorial, in particular compared to the Encryption Oracle part. Having explicit steps, more fine-grained milestones and an introduction to libtock-c's architecture and design decisions may help.
  • We may want to give background on Tock's systems calls and userspace/kernel separation, and it's async execution model a little earlier?
• The Encryption Oracle is not giving enough background on AES, and how encryption and decryption works.
  • Illustrating the essential concepts using a simpler capsule would be better.
• For the Encryption Oracle, the Grant type and userspace-/kernel-interactions are not particularly clear.
  • It may help if we provide a C header file that illustrates the API that the Oracle capsule will later expose to userspace.

I think that these are all good remarks, and we should address them before hosting the next iteration of this tutorial. We may want to brainstorm potential alternatives to the Encryption Oracle component here on this issue.

[bradjc]

It would be helpful if we had a plugin for the book which would somehow differentiate expository text from tutorial text.

[bradjc]

One thought would be to have the kernel portion implement the same hotp functionality but in the kernel. Userspace would still handle button presses but would just request the next code from the kernel.

[lschuermann]

One thought would be to have the kernel portion implement the same hotp functionality but in the kernel. Userspace would still handle button presses but would just request the next code from the kernel.

Interesting idea! Slightly skeptical of that as

• it somewhat goes against our intended separation of concerns with userspace and kernel,
• dealing with the USB stack is not any more trivial than AES,
• doesn't show how the kernel interacts with userspace (I think that's still something we want to show, but just needs to be explained better),
• it's a bit redundant with the userspace part, which may not be great pedagogically.