openprot is a no_std Rust firmware project for Platform Root-of-Trust devices, organized as a Bazel module so that HAL traits, OS-abstraction traits, OS-agnostic services, and target-specific glue can stay decoupled.
openprot/ ├── MODULE.bazel # Bazel module + crate_universe extensions ├── workflows.json # Pigweed workflow groups (./pw …) ├── BUILD.bazel # Top-level Bazel package ├── openprot/ # Main application crate (lib.rs + main.rs) ├── hal/ │ ├── async/ # Async HAL trait crates │ ├── blocking/ # Blocking HAL trait crates │ └── nb/ # Non-blocking (nb) HAL trait crates ├── platform/ │ ├── traits/ # OS-abstraction traits │ └── impls/ # Concrete impls per host environment ├── services/ │ ├── storage/ # OS-agnostic services on top of HAL + platform │ └── telemetry/ ├── target/ │ ├── earlgrey/ # OpenTitan Earl Grey target │ └── veer/ # Caliptra VeeR-EL2 target (pw_kernel-based) ├── third_party/ │ ├── pigweed/ # Pigweed integration │ └── caliptra/ # caliptra-sw / caliptra-mcu-sw integration ├── presubmit/ # Python presubmit scripts └── docs/ # mdbook sources (this site)
The intent of the split is that anything touching hardware registers goes through a hal/ trait, anything touching the host OS goes through a platform/traits/ trait, and reusable logic lives in services/. Targets under target/ provide the silicon-specific glue (linker scripts, ePMP setup, console wiring, register definitions) without leaking those details into the rest of the tree.
The build is driven by Bazel via Pigweed's workflow launcher; there is no Cargo workspace. The relevant pieces:
MODULE.bazel declares Bazel module dependencies (bazel_skylib, pigweed, platforms, rules_rust, rules_rust_mdbook, rules_python, plus caliptra_deps and ureg via overrides).git_override pins Pigweed to a specific upstream commit (MODULE.bazel:23-27), keeping the kernel/build/log/status/toolchain pieces reproducible.pw_rust.toolchain registers Pigweed's managed Rust toolchains (MODULE.bazel:35-37); host C/C++ toolchains and the rv32imc RISC-V C/C++ toolchain are registered via register_toolchains (MODULE.bazel:39-44).crate_universe workspaces govern Rust crate dependencies:@rust_crates — cross-platform crates declared in third_party/crates_io/Cargo.toml.@rust_caliptra_crates — embedded Caliptra crates (rv32imc, no std/alloc).@rust_caliptra_crates_host — Caliptra host tools (need std)../pw is bazelisk run //:pw -- "$@" and dispatches to the named groups in workflows.json (presubmit, default, ci, upstream_pigweed).See usage.md for the everyday command surface and workflows.json for the authoritative workflow definitions.
The veer target builds on Pigweed's microkernel and runtime crates:
@pigweed//pw_kernel — the microkernel running on target/veer/. Provides scheduling, IPC channels, interrupt objects, userspace isolation, and the #[entry] / #[process_entry] macros. System images are described declaratively in system.json5 files (see target/veer/ for examples) and assembled by Pigweed's system_image() macro.@pigweed//pw_log/rust:pw_log — structured logging used throughout userspace and target code.@pigweed//pw_status/rust:pw_status — Result<T, pw_status::Error> is the syscall and IPC return type.@pigweed//pw_toolchain/riscv_clang:riscv_clang_cc_toolchain_rv32imc — RISC-V C/C++ toolchain used by the veer target's mixed-language build.For a concrete cross-process example, see design/pw-kernel-ipc.md and target/veer/ipc/.
Each silicon/SoC target lives under target/<name>/ and provides its own linker script, entry point, defs.bzl helpers, register definitions, and test/runner tooling.
target/earlgrey/ — OpenTitan Earl Grey. Verilator-driven tests are gated behind the verilator tag and only run via the earlgrey_verilator_tests build (see workflows.json).target/veer/ — Caliptra VeeR-EL2. Built on pw_kernel and exercised on the Caliptra emulator via target/veer/tooling/caliptra_runner.bzl.When adding a new target, prefer the target/<name>/defs.bzl helpers over hand-rolled rust_binary rules, and always set target_compatible_with = TARGET_COMPATIBLE_WITH so wildcard host builds skip target-only crates.
third_party/pigweed/ — local Pigweed integration including a visibility.patch.third_party/caliptra/ — integration with caliptra-sw and caliptra-mcu-sw. Version bumps go through uprev.py, which writes both versions.bzl (commit pins) and the Caliptra Cargo.lock files.third_party/crates_io/ — pinned crates.io dependencies for the main workspace; third_party/caliptra/crates_io/{embedded,host}/ for the two Caliptra crate hubs.coding-style.md — formatter configs and Rust conventions.contributing.md and development-process.md — review and merge process.design/ — focused notes on individual subsystems (e.g. pw_kernel IPC).