Every chapter recovered a cost CSA-101 paid. The capstone collects all of them.
What you are building
Virtus OS v2 is the full-featured successor to the Virtus OS v1 you built in CSA-101. The v1 ran in a flat physical address space, in a single privilege level, with no memory protection, no scheduler, no drivers, and no filesystem. It ran on Tang Primer 25K.
Virtus OS v2 runs on DE10-Nano. It adds: U/S privilege separation, an Sv32 page table, PMP W^X enforcement, stack canaries, a tracing GC, a round-robin scheduler, three device drivers (SSD1306 OLED, SD card, ENC28J60 Ethernet), and a FAT16 filesystem walker. The compiler that produces its userland code is the CSA-201 compiler from Modules 3-6.
The target machine: Cyclone V 5CSEBA6U23I7, 41,910 ALMs, 1 GB DDR3 SDRAM, SD card slot, USB-Blaster II JTAG, HDMI out, GPIO header.
Tier 1: The six silicon-cert gates (pass/fail)
Tier 1 is a pass/fail gate. All six gates must pass before your Tier 2 score counts. A failed gate scores zero on Tier 2.
Gate 1: OS boots. Virtus OS v2 boots on DE10-Nano from a cold reset. The OLED shows a boot message within 10 seconds of power-on. No intervention required after power-on.
Gate 2: U/S transition demonstrated. A user-mode process calls ECALL. The waveform dump (or SignalTap capture) shows the privilege register transitioning from U-mode to S-mode at the ECALL instruction. SRET returns to U-mode. If S-mode is not implemented, U-mode to M-mode is accepted; document which privilege levels your OS uses.
Gate 3: Page-fault handler running. Write a user-mode test program that accesses an unmapped page (an address not present in the page table). The OS page-fault handler runs (confirmed by a log message to the OLED) and either kills the process cleanly or maps the page and resumes it. Either outcome is acceptable; random crashes are not.
Gate 4: PMP W^X enforced. Configure a PMP region covering a code page as X-only (not writable). Attempt to write to that region from user mode. The write triggers a PMP fault; the OS handles it cleanly (kills the process or logs the fault). Confirm via SignalTap or waveform that the PMP hardware intercepted the write before it reached the memory bus.
Gate 5: Round-robin scheduler running. Two user-mode processes run concurrently. The scheduler preempts each process on a timer interrupt and switches to the other. Each process outputs a progress counter to the OLED. Both counters advance (confirming both processes are running). The context-switch cycle cost matches (within 20%) the measurement from Lab 2.1.
Gate 6: SSD1306 OLED shows live output. The SSD1306 driver is working. The OLED displays: the OS version string, the running process names, and at least one value that changes as the OS runs (a counter or timestamp). All three are visible simultaneously.
Tier 2 scoring (40/30/30)
Tier 2 is scored only if all six Tier 1 gates pass.
40%: Mitigation depth
Does your OS enforce the security properties, or does it simulate them?
Full credit (36-40 pts). All four mitigations are hardware-enforced: (a) PMP W^X intercepts writes to code pages before they reach the memory bus (verified with SignalTap that the bus sees no write transaction); (b) stack canaries detect return-address overwrites before control transfer (the canary value is checked before every ret; a corrupted canary kills the process, not the kernel); (c) CFI shadow stack catches at least one constructed ROP gadget (demonstrate by injecting a forged return address; the shadow stack mismatch fires before the ret executes); (d) the page-fault handler uses a whitelist to decide which pages to map on demand (not a blacklist, not "map everything").
Partial credit (20-35 pts). Two or three of the four mitigations are hardware-enforced. The remainder are present in software but do not involve hardware enforcement.
Minimal credit (0-19 pts). One or zero mitigations are hardware-enforced, or the Tier 1 gates are marginal (pass but barely).
30%: Measurement quality
Are your speedup and cost measurements credible, precise, and reproducible?
Full credit (27-30 pts). Each of the following measurements is present with: the exact cycle count, the hardware (DE10-Nano vs Verilator), the clock frequency, and the methodology (how you measured it -- SignalTap, mcycle CSR, or external logic analyzer):
mulvs Math.multiply speedup (from Module 1)- Trap round-trip cycle cost (from Module 2)
- Compiler emit reduction: allocator only, allocator + peephole, full pipeline (from Modules 3-5)
- Context-switch cycle cost (from Module 11)
- GC cycle cost on Memory.lib: without GC vs with tracing GC (from Module 10)
- SSD1306 driver I2C transaction time measured with the logic analyzer or SignalTap
Partial credit (15-26 pts). Three to five measurements present with methodology.
Minimal credit (0-14 pts). Fewer than three measurements, or measurements without methodology.
30%: Demo and write-up
Is the demo clear and the write-up honest?
Full credit (27-30 pts). Demo video (3-5 minutes): shows cold boot, each of the six Tier 1 gates in sequence, and one feature beyond the gate requirements (e.g., FAT16 file read, ENC28J60 ping response, or multi-process output on the OLED). Write-up (6-8 pages): six sections (see below). Honest accounting of what does not work.
Partial credit (15-26 pts). Demo covers 4-5 gates. Write-up 4-5 pages with at least 4 of the 6 sections.
Minimal credit (0-14 pts). Demo under 2 minutes or missing multiple gates. Write-up under 3 pages.
Write-up sections
Section 1: Architecture (1-2 pages)
Describe your Virtus OS v2 design. How is the address space laid out? Where does the kernel live vs userland? What is the page-table structure (how many page tables, what size pages, how much physical RAM is mapped)? What is the PMP configuration at boot?
Section 2: What each gate required (1-2 pages)
For each Tier 1 gate, one paragraph: what hardware and software you built to pass it, and the specific module(s) in CSA-201 that provided the foundation.
Section 3: Measurements (1-2 pages)
The full measurement table from Tier 2/30%. One row per measurement with methodology.
Section 4: What does not work (0.5-1 page)
Honest accounting. Every OS has bugs. List the known limitations: which PMP regions are not enforced, which edge cases in the page-fault handler are not covered, whether the ENC28J60 driver actually sends and receives packets or just writes to registers. A specific known limitation is worth more than vague hedging.
Section 5: What surprised you (0.5-1 page)
One thing that caught you off-guard during the build. Technical content preferred: a hardware behavior you did not predict, a subtle interaction between the MMU and the PMP checker, a compiler bug that only appeared under S-mode.
Section 6: What next (0.5 page)
If you continue with VCA-ARM-201, VCA-EMB-201, or VCA-NET-201, what does Virtus OS v2 unlock? What would you change about the CSA-201 design before teaching it to the next cohort?
Deliverable package
Submit a single zip file: csa201-capstone-{your-name}.zip
├── bitstream/
│ └── virtus-os-v2-de10nano.sof # Quartus .sof file for DE10-Nano
├── hdl/ # Verilog source for your CPU + MMU + PMP
├── firmware/ # Virtus OS v2 kernel + bootloader + drivers
├── compiler/ # Your CSA-201 compiler (allocator + peephole + inliner)
├── measurements/ # Measurement data (SignalTap captures, cycle counts)
├── demo/
│ └── capstone-demo.mp4 # 3-5 minute demo video
└── writeup.pdf # 6-8 page write-up
Sha-256 all binaries and include checksums.txt.
B- minimum policy
A B- on Tier 2 (total Tier 2 score >= 70%) is required for the VCA-CSA-201 Certificate of Completion. Students who pass all six Tier 1 gates but score below 70% on Tier 2 receive a completion acknowledgment but not the certificate. Retake is permitted once per term; the Tier 1 gates must be re-demonstrated.