Frosted is a free and open source operating system, currently only running on Cortex-M microcontrollers, focused on exploring the possibility of a complete user/kernel space separation through the mechanism that can be implemented on a device with physical memory mapping. The POSIX interface is uniquely exposed through the system calls, and with exactly the same signatures as mandated by the standards.
Unlike NuttX, Frosted can only run in privilege separation mode, and processes have strict parent-child relationships. The kernel memory and the stack spaces of the other processes and threads cannot be accessed by the running task, and this is enforced through the MPU, by sending a fatal signal to the offending process, which is immediately terminated. System call arguments that contain pointers to user memory areas are thoughtfully checked by the kernel before executing any requested operation in supervisor mode.
Frosted offers an in-kernel TCP/IP implementation through picoTCP, exposing a BSD socket interface through standard POSIX system calls. The kernel is designed around the hierarchy of processes and pthread, signal distribution, terminal control, and management of the resources in use. Applications are compiled as standalone binaries, by using the arm-frosted-eabi toolchain, based on GCC and integrating a modified newlib, which has been extended to implement most of the standard C library and link the POSIX function calls to the relative kernel system calls through SVCall events. System tool binaries, including a shell and other default tools, are distributed in a separate repository, compiled apart and assembled into a filesystem that is flashed on a separate partition than the one in use by kernel code.
User space code and kernel code never mix up in the same binary, or share any symbols. All applications are position-independent, linked into the GCC binary flat format and can be executed in place from the filesystem, or loaded in RAM.
The most common system calls are implemented in Frosted, offering a platform to run applications written for standard, UNIX-like systems with little or no changes to the original code. One of the subsets that are not included is the user account and permission mechanism, which does not add any useful features for the target platform and would result in a much bigger implementation. System-specific interfaces, such as power modes management, are implemented as nonstandard extensions, but still accessed through system calls.
The Frosted license model is inspired by Linux. The kernel is distributed with a GNU GPL license, but due to the separation of the kernel space with no symbol shared, and the more permissive licenses of newlib, user space code is never considered a derivative, thus applications with any license can run in user space while all the kernel code is guaranteed to be GPL only, without the need for special linking exceptions.