A Rust-based Secure Tiny OS for ARM Cortex-M IoT Devices
SecureIoTOS is a bare-metal operating system for ARM Cortex-M microcontrollers, written in Rust. It demonstrates secure boot, memory protection, process isolation, safe drivers, cryptography, and secure communication for IoT devices.
The repository provides fully modular source code and examples to build, run, and test the OS on both QEMU and real IoT boards like STM32, ESP32, and NRF52.
SecureIoTOS is written in Rust to leverage modern safety, security, and productivity benefits that are harder to achieve in C/C++. Here are the main reasons:
- Memory Safety Without a Garbage Collector – Rust prevents dangling pointers, buffer overflows, and use-after-free errors via ownership and borrowing.
- Fearless Concurrency – Rust’s type system ensures no data races at compile time.
- No Undefined Behavior by Default – Rust makes potential memory and logic errors explicit.
- Zero-Cost Abstractions – High-level code runs as efficiently as C/C++.
- Safer Embedded Development – Memory safety reduces firmware crashes and vulnerabilities.
- Better Package & Dependency Management – Cargo simplifies building, testing, and dependency handling.
- Modern Language Features – Pattern matching, enums, traits, async/await, macros, and more reduce boilerplate.
- Security by Design – Rust reduces common IoT vulnerabilities originating from memory corruption in C/C++.
- Growing Embedded Ecosystem –
embedded-hal, RTIC, and HAL crates make Rust practical for IoT development. - Developer Productivity & Maintainability – Strong compiler guarantees reduce debugging and long-term maintenance costs.
In short, Rust combines the performance of C with the safety of modern languages, making it ideal for security-critical IoT operating systems like SecureIoTOS.
- Secure bootloader with SHA256/RSA firmware verification
- MPU-based memory protection and process isolation
- Preemptive and cooperative task scheduler
- Hardware abstraction for GPIO, UART, SPI, I2C, timers
- Safe, interrupt-driven device drivers
- Secure cryptography modules: AES, ECC, RNG
- TLS/DTLS and lightweight IoT messaging protocols: MQTT, CoAP
- Example IoT applications: sensor nodes, telemetry, “Hello World”
+----------------+
| bootloader/ |
| Secure Boot & |
| Firmware Verify|
+-------+--------+
|
v
+----------------+
| kernel/ |
| Scheduler, |
| Syscalls, MPU |
+-------+--------+
|
+---------------+----------------+
| |
v v
+------------+ +-----------+
| memory/ | | ipc/ |
| Memory Mgmt| | Messaging|
| & Rust-safe| | Channels |
| Abstractions| +-----------+
|
v
+------------+
| hal/ |
| GPIO, UART,|
| SPI, I2C |
+------------+
|
v
+------------+
| drivers/ |
| Device |
| Drivers |
+------------+
|
v
+------------+ +-----------+
| crypto/ | | net/ |
| AES, ECC, | | TLS/DTLS, |
| RNG | | MQTT, CoAP|
+------------+ +-----------+
|
v
+------------+
| examples/ |
| IoT Apps |
+------------+
| Folder | Purpose |
|---|---|
| bootloader | Secure bootloader and firmware verification |
| kernel | Core kernel: scheduler, syscalls, MPU handling |
| memory | Memory management and Rust-safe abstractions |
| ipc | Task communication primitives |
| hal | MCU peripheral abstraction (GPIO, UART, SPI, I2C, timers) |
| drivers | Safe, interrupt-driven device drivers |
| crypto | Cryptography modules (AES, ECC, RNG) |
| net | TLS/DTLS, MQTT, CoAP for secure communication |
| examples | Sample IoT applications |
| tests | Security and unit tests |
| tools | Build, flash, and QEMU scripts |
- Rust nightly (
rustup default nightly) - ARM target:
rustup target add thumbv7em-none-eabi- QEMU (optional) or IoT development board (STM32, ESP32, NRF52)
cd bootloader
cargo build --target thumbv7em-none-eabiqemu-system-arm -M stm32-p103 -kernel target/thumbv7em-none-eabi/debug/bootloaderUse the scripts in /tools to flash binaries to your board:
./tools/flash.sh <board>examples/hello_world/→ Minimal Rust “Hello World” appexamples/sensor_node/→ Reads sensor data and prints via UARTexamples/telemetry/→ Secure telemetry system sending data over MQTT/DTLS
This project is dual-licensed:
- Open-Source / Personal Use: Apache 2.0
- Commercial / Closed-Source Use: Proprietary license required
For commercial licensing inquiries or enterprise use, please contact: [email protected]
Md Mahbubur Rahman GitHub | Website
We welcome contributions!
- Fork the repo and submit pull requests
- Follow Rust coding guidelines and safety best practices
- Report issues or suggest features via GitHub Issues