deviced is the device manager daemon for EriX.
- Rust 100%
| .github | ||
| src | ||
| .editorconfig | ||
| .gitignore | ||
| ARCHITECTURE.md | ||
| Cargo.toml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| linker-deviced.ld | ||
| linker-phase2-driver-capcheck.ld | ||
| linker-phase2-driver-hold.ld | ||
| linker.ld | ||
| README.md | ||
| ROADMAP.md | ||
| rustfmt.toml | ||
| SECURITY.md | ||
deviced
deviced is the device manager daemon for EriX.
It owns the device-to-driver binding registry, enforces probe+HAL-gated activation, and manages least-capability delivery for each driver through per-process CSpace windows.
Responsibilities
- Accept root-seeded driver bindings and seal the registry.
- Reconcile activation state from discovery and HAL/provider registration.
- Start drivers for seeded devices only when activation policy is satisfied.
- Configure driver CSpace windows and copy only declared capabilities.
- Forward driver lifecycle control (
start/stop) via typed driver IPC. - Expose deterministic driver state via
READ_DRIVER. - Emit driver-ready stamps from
deviceditself (ERIX_DEVICED:READY:<DRIVER>) using a dedicated log color in append flags.
IPC surface
deviced handles the following operations from lib-ipc:
IPC_PHASE2_DEVICED_OP_SEED_BINDINGIPC_PHASE2_DEVICED_OP_SEED_BINDING_V2IPC_PHASE2_DEVICED_OP_START_DRIVERIPC_PHASE2_DEVICED_OP_STOP_DRIVERIPC_PHASE2_DEVICED_OP_READ_DRIVERIPC_PHASE2_DEVICED_OP_SEALIPC_PHASE2_DEVICED_OP_REGISTER_HALIPC_PHASE2_DEVICED_OP_REGISTER_PROVIDERIPC_PHASE2_DEVICED_OP_RESOLVE_PROVIDERIPC_PHASE2_DEVICED_OP_REPORT_DEVICEIPC_PHASE2_DEVICED_OP_REPORT_HOTPLUG
Driver control IPC uses:
IPC_PHASE2_DRIVER_OP_STARTIPC_PHASE2_DRIVER_OP_STOP
Runtime model
- Registry state:
unsealed->sealed. - BootConfig is parsed by
rootd;devicedremains BootConfig-agnostic and receives lifecycle intent only through RPCs. - Seed operation is idempotent for exact tuple matches.
- Drivers are not auto-started at seal/startup.
- Activation is reconciled from:
- discovery state (
REPORT_DEVICE,REPORT_HOTPLUG) - HAL readiness (
REGISTER_HAL) - provider visibility (
REGISTER_PROVIDER)
- discovery state (
- Start is denied for unknown/unsealed/running bindings.
- Stop is denied for unknown/non-running bindings.
- Responses are deterministic and panic-free.
- Driver process creation uses delegated management-cap slots (not canonical
root slots), so
devicedcontinues functioning after rootd authority shedding checkpoints.
Build
cargo build --all-targets --all-features
Test
cargo test --all-targets --all-features
cargo clippy --all-targets --all-features -- -D warnings
License
ISC.
Build and Test Modes
This repository supports additive runtime and integration feature gates.
*-runtimeand*-runtime-phase*features select production bootstrap/runtime behavior.*-integration-smokeremains available for synthetic end-to-end validation paths.*-integration-force-failremains test-only and MUST NOT be enabled for runtime appliance builds.
Compatibility aliases are kept so existing scenario feature names continue to compile while the runtime naming becomes canonical.