This work proposes and implements a microkernel operating system designed for secure and efficient execution of multiple programs on resource-constrained embedded devices. By integrating the memory-safe Rust programming language with a novel hardware-based isolation mechanism, the system uniquely combines type safety with hardware-enforced memory protection to achieve strong memory safety and robust multi-tenant isolation. The design balances academic innovation with industrial-grade reliability, enabling both research flexibility and real-world deployment at scale. Developed through an open-source collaboration model, the platform has been successfully deployed across tens of millions of devices, spanning server root-of-trust modules, laptops, automotive electronics, wearable devices, and aerospace systems, thereby bridging the gap between academic research and large-scale industrial application.

Tock began 10 years ago as a research operating system developed by academics to help other academics build urban sensing applications. By leveraging a new language (Rust) and new hardware protection mechanisms, Tock enabled Multiprogramming a 64 kB Computer Safely and Efficiently. Today, it is an open source project with a vibrant community of users and contributors. It is deployed on root of trust hardware in data center servers and on millions of laptops; it is used to develop automotive and space products, wearable electronics, and hardware security tokens--all while remaining a platform for operating systems research. This paper focuses on the impact of Tock's technical design on its adoption, the challenges and unexpected benefits of using a type safe language (Rust)--particularly in security sensitive settings--and the experience of supporting a production open4source operating system from academia.