Skip to content
RISC-V Microkernel Tutorial

TODO: 9. Capabilities

Raw endpoint IDs are useful for teaching IPC, but they are not a security boundary. Any process that guesses an ID can send or receive on that endpoint.

Capabilities fix that.

A capability is an unforgeable handle stored in a process-owned table. User code passes a small index to the kernel; the kernel resolves that index to an object and rights.

Planned Shape

Section titled “Planned Shape”
process capability table
  slot 0 -> endpoint object, send + receive
  slot 1 -> endpoint object, send only
  slot 2 -> address space object

The endpoint syscall ABI can stay mostly the same. The meaning of a0 changes from raw endpoint ID to capability slot.

This is the point where the tutorial becomes more clearly microkernel than small monolithic kernel.