Brad Campbell

I would like to see the HIL split up so that there is a "down" path and a separate callback "up" path. Combining them tends to make things imperceptibly confusing...

> It seems strange to couple security policy decisions (application credential checking) with context switch callback implementations. Put another way, there should be a distinction between kernel implementation decisions and...

> Yes, they are coupled in the API. I think having multiple parameters is better, because it forces you to design and think through what the parameters are (i.e., design...

> Would the kernel no longer holding a reference to the verifier complicate the process of verifying dynamically loaded apps, down the line? It's a good question. My thinking is...

What should happen if the kernel attempts to start a process that is not unique? Right now this PR puts it in the `CredentialsFailed` state, which may be confusing as...

I plan on finishing this PR (specifically updating all boards), but I would like some more clarity on AppUniqueness vs. AppVerification first. Currently I don't understand the coupling, what configuration...

@alexandruradovici

This is only tangentially related, but Tock's bootloader supports key-value "attributes" that we use to automatically identify what kind of board is connected (https://github.com/tock/tock/blob/master/doc/Memory_Layout.md#flash-1). Also, a while ago we discussed...

Can one of you please open a tracking issue for the screen/display stack? It would be helpful to have a rough list of todos and a roadmap for what the...

I would like to see this updated and merged to make progress on #3079