tosca is a versatile, customizable, and secure-by-design IoT framework:

• Versatile: On one hand, the framework offers APIs to develop firmware for various hardware architectures, supporting both bare-metal and OS-based devices. On the other hand, it supplies APIs for building software that interacts with the firmware of those devices.

• Customizable: Most of the APIs are designed as a sequence of code blocks, where each block identifies a single feature or a set of features. These blocks can be combined together by adding or removing lines of code.

• Secure-by-design: Written in Rust to prevent structural security issues and other classes of bugs at compile time.

The framework is currently in an early, experimental stage of development, thus its APIs are unstable and subject to change. It is divided into two distinct yet tightly connected sides: the Firmware Side and the Controller Side, both bridged by the tosca Interface. The following sections provide a brief overview of each part.

The tosca Interface

The two framework sides are bridged by the tosca interface, a shared library crate that provides communication between the firmware and the controllers.

1. REST Routes Definition

Controllers interact with devices through REST routes. Each route represents the execution of one or more operations on a device and returns exactly one of the following response types:

• Ok — Returns a JSON object with a boolean value indicating whether device operations completed successfully.
• Serial — Returns a JSON object with information on executed device operations.
• Info — Provides metadata and descriptive information about the device.
• Stream (optional, feature-gated) — Sends large binary or multimedia data as a continuous stream of bytes.

2. Devices Description

The tosca interface also allows developers to formally describe a device in terms of:

• Internal data structures
• Available methods and operations
• Data impacting economic aspects
• Energy-related information

3. Hazards Model

The framework introduces the concept of Hazards to explicitly represent the risks associated with executing certain device operations.

Within the tosca library, a set of APIs is provided to annotate each route with one or more hazard tags. Every hazard belongs to exactly one of the following categories:

• Safety — Risks that may affect human health or physical well-being.
• Financial — Potential economic costs or financial consequences.
• Privacy — Risks related to personal data exposure, surveillance, or data management.

This hazard classification system promotes risk transparency, supports informed decision-making, and enables safer interaction with devices.

Firmware Side

The Firmware Side supports firmware-level development by providing APIs for interacting with supported microcontrollers, alogn with a set of drivers for interfacing with sensors and other hardware components.
The tosca-os and tosca-esp32c3 are the two library crates designed for developing device firmware. Both crates integrate the tosca interface data structures and methods directly into their APIs, ensuring a shared and consistent interface.

tosca-os

The tosca-os library crate targets firmware running on operating systems. It is intended for devices with significantly more resources than typical microcontrollers, including:

• Higher computational power
• Larger memory capacity
• Rich interaction with external components

Currently, firmware built with tosca-os supports:

• x86_64
• ARM

Both architectures are covered by automated testing to ensure reliability and portability.

tosca-esp32c3

The tosca-esp32c3 library crate targets firmware development for the ESP32-C3 microcontroller. Its APIs are specifically designed to:

• Guide developers in defining structured firmware
• Reduce ambiguity during firmware development
• Avoid as much as possible runtime errors

tosca-drivers

The tosca-drivers library crate provides architecture-agnostic drivers for a range of sensors and hardware components. These drivers can be reused across supported platforms, ensuring consistency and portability.

Currently supported drivers include:

• AM312 — Passive Infrared (PIR) motion sensor
• BH1750 — Ambient light sensor
• DHT22 — Temperature and humidity sensor
• DS18B20 — Digital temperature sensor

Controller Side

The Controller Side focuses on software that communicates with tosca-compliant devices by providing APIs for managing, orchestrating, and interacting with them. A device is considered tosca-compliant if its firmware has been developed using the Firmware Side crates. The tosca-controller library crate contains all the APIs required to build a controller that enables:

• Device discovery
  Automatically discovering all tosca-compliant devices within the network.
• Device operations execution via REST
  Constructing and sending REST requests to devices in order to execute their commands.
• Privacy policy enforcement
  Defining hazard-aware privacy policies that allow or block requests
• Event interception and monitoring
  Subscribing to brokers where device events are published and intercepting those events for further processing.

Features yet to be added

• Secure communication between firmware devices and controllers, ensuring confidentiality, integrity, and authentication
• Over-the-Air (OTA) firmware updates, enabling remote and reliable device upgrades
• Bluetooth stack integration for wireless connectivity and device communication
• Accurate energy and performance metrics, allowing precise on-device monitoring and analysis
• Support for additional microcontroller architectures, expanding hardware compatibility and portability
• Command scheduling system, enabling controllers to execute device commands at specific times or according to defined schedules
• Reduced heap allocations on firmware devices, improving memory efficiency, predictability, and suitability for resource-constrained environments

1 post - 1 participant

Read full topic