Before writing CHERIoT RTOS, we evaluated whether we could adapt an existing RTOS to a CHERI platform. Unfortunately, we found two things that made this hard. First, most existing RTOSs began life on platforms with no possible mechanism for isolation and where every byte mattered. This meant that they often lacked even software-engineering boundaries around components (for example, we found optional ThreadX components that directly manipulated internal data structures of the ThreadX scheduler...
