Initial commit

22 files changed, 1129 insertions, 0 deletions

diff --git a/.github/workflows/cargo-vet-pr-comment.yml b/.github/workflows/cargo-vet-pr-comment.yml
new file mode 100644
index 000000000..dd8ef37a6
--- /dev/null
+++ b/.github/workflows/cargo-vet-pr-comment.yml
@@ -0,0 +1,137 @@
+# This workflow triggers after cargo-vet workflow has run.
+# It adds a comment to the PR with the results of the cargo vet run.
+# It first adds a comment if the cargo vet run fails,
+# and updates the comment if the cargo vet run succeeds after having failed at least once.
+
+name: Cargo vet PR comment
+
+on:
+  workflow_run:
+    workflows: [cargo-vet]
+    types:
+      - completed
+
+permissions:
+  contents: read
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+
+  find-pr-comment:
+    # This job runs when the cargo-vet job fails or succeeds
+    # It will download the artifact from the failed job and post a comment on the PR
+    runs-on: ubuntu-latest
+    outputs:
+      comment-id: ${{ steps.get-comment-id.outputs.comment-id }}
+      pr-number: ${{ steps.get-pr-number.outputs.pr_number }}
+    if: github.event.workflow_run.event == 'pull_request'
+    steps:
+      - name: 'Download artifact'
+        uses: actions/download-artifact@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          name: pr
+          path: pr/
+          run-id: ${{ github.event.workflow_run.id }}
+      
+      - name: 'Get PR number'
+        id: get-pr-number
+        run: echo "pr_number=$(cat ./pr/NR)" >> $GITHUB_OUTPUT
+      
+      - name: 'Find existing comment'
+        id: find-comment
+        uses: peter-evans/find-comment@v3
+        with:
+          issue-number: ${{ steps.get-pr-number.outputs.pr_number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: 'comment-tag: [cargo-vet]'
+
+      - name: 'Get comment ID'
+        id: get-comment-id
+        if: ${{ steps.find-comment.outputs.comment-id != '' }}
+        run: echo "comment-id=${{ steps.find-comment.outputs.comment-id }}" >> $GITHUB_OUTPUT
+
+  post-comment-failure:
+    # This job runs when the cargo-vet job fails
+    # It will download the artifact from the failed job and post a comment on the PR
+    runs-on: ubuntu-latest
+    needs: find-pr-comment
+    if: github.event.workflow_run.conclusion == 'failure'
+    steps:
+      - name: 'Comment on PR - Failure'
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ needs.find-pr-comment.outputs.comment-id }}
+          issue-number: ${{ needs.find-pr-comment.outputs.pr-number }}
+          body: |
+            # Cargo Vet Audit Failed
+
+            `cargo vet` has failed in this PR. Please run `cargo vet --locked` locally to check for new or updated unvetted dependencies.
+            Details about the vetting process can be found in [supply-chain/README.md](../blob/main/supply-chain/README.md)
+                      
+            ## If the unvetted dependencies are not needed
+            Please modify Cargo.toml file to avoid including the dependencies.
+                      
+            ## If the unvetted dependencies are needed
+            Post a new comment with the questionnaire below to the PR to help the auditors vet the dependencies.
+            After the auditors have vetted the dependencies, the PR will need to be rebased to pick up the new audits and pass this check.
+                      
+            ### Copy and paste the questionnaire as a new comment and provide your answers:
+                
+            **1. What crates (with version) need to be audited?**
+                
+            **2. How many of the crates are version updates vs new dependencies?**
+                
+            **3. To confirm none of the already included crates serve your needs, please provide a brief description of the purpose of the new crates.**
+                
+            **4. Any extra notes to the auditors to help with their audits.**
+            
+            <!--
+            This comment is auto-generated by the cargo-vet workflow.
+            Please do not edit it directly.
+            
+            comment-tag: [cargo-vet]
+            -->
+          edit-mode: replace
+
+      - name: 'Label PR'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: ${{ needs.find-pr-comment.outputs.pr-number }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['cargo vet']
+            })
+  
+  post-comment-success:
+    # This job runs when the cargo-vet job succeeds
+    # It will update the comment on the PR with a success message
+    runs-on: ubuntu-latest
+    needs: find-pr-comment
+    if: github.event.workflow_run.conclusion == 'success'
+    steps:
+      - name: 'Comment on PR - Success'
+        # Only update the comment if it exists
+        # This is to avoid creating a new comment if the cargo-vet job has never failed before
+        if: ${{ needs.find-pr-comment.outputs.comment-id }}
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ needs.find-pr-comment.outputs.comment-id }}
+          issue-number: ${{ needs.find-pr-comment.outputs.pr-number }}
+          body: |
+            # Cargo Vet Audit Passed
+            `cargo vet` has passed in this PR. No new unvetted dependencies were found.
+
+            <!--
+            This comment is auto-generated by the cargo-vet workflow.
+            Please do not edit it directly.
+            
+            comment-tag: [cargo-vet]
+            -->
+          edit-mode: replace
\ No newline at end of file
diff --git a/.github/workflows/cargo-vet.yml b/.github/workflows/cargo-vet.yml
new file mode 100644
index 000000000..864c138e9
--- /dev/null
+++ b/.github/workflows/cargo-vet.yml
@@ -0,0 +1,53 @@
+# This workflow runs whenever a PR is opened or updated. It runs cargo vet to check for unvetted dependencies in the Cargo.lock file.
+permissions:
+  contents: read
+on:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+name: cargo-vet
+jobs:
+  vet:
+    # cargo-vet checks for unvetted dependencies in the Cargo.lock file
+    # This is to ensure that new dependencies are vetted before they are added to the project
+    name: vet-dependencies
+    runs-on: ubuntu-latest
+    env:
+      CARGO_VET_VERSION: 0.10.1
+    
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+  
+    - uses: actions/cache@v4
+      with:
+        path: ${{ runner.tool_cache }}/cargo-vet
+        key: cargo-vet-bin-${{ env.CARGO_VET_VERSION }}
+  
+    - name: Add the tool cache directory to the search path
+      run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH
+  
+    - name: Ensure that the tool cache is populated with the cargo-vet binary
+      run: cargo install --root ${{ runner.tool_cache }}/cargo-vet --version ${{ env.CARGO_VET_VERSION }} cargo-vet
+  
+    - name: Invoke cargo-vet
+      run: cargo vet --locked
+    
+    - name: Save PR number
+    # PR number is saved as an artifact so it can be used to determine the PR to comment on by the vet-pr-comment workflow
+    # vet-pr-comment workflow is triggered by the workflow_run event so it runs in the context of the base branch and not the PR branch
+      if: ${{ failure() }} || ${{ success() }}
+      run: |
+        mkdir -p ./pr
+        echo ${{ github.event.number }} > ./pr/NR
+    - uses: actions/upload-artifact@v4
+    # Need to upload the artifact in both success and failure cases so comment can be updated in either case
+      if: ${{ failure() }} || ${{ success() }}
+      with:
+        name: pr
+        path: pr/
+        overwrite: true
\ No newline at end of file
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
new file mode 100644
index 000000000..9bf402d61
--- /dev/null
+++ b/.github/workflows/check.yml
@@ -0,0 +1,169 @@
+# This workflow runs whenever a PR is opened or updated, or a commit is pushed to main. It runs
+# several checks:
+# - commit_list: produces a list of commits to be checked
+# - fmt: checks that the code is formatted according to rustfmt
+# - clippy: checks that the code does not contain any clippy warnings
+# - doc: checks that the code can be documented without errors
+# - hack: check combinations of feature flags
+# - msrv: check that the msrv specified in the crate is correct
+permissions:
+  contents: read
+# This configuration allows maintainers of this repo to create a branch and pull request based on
+# the new branch. Restricting the push trigger to the main branch ensures that the PR only gets
+# built once.
+on:
+  push:
+    branches: [main]
+  pull_request:
+# If new code is pushed to a PR branch, then cancel in progress workflows for that PR. Ensures that
+# we don't waste CI time, and returns results quicker https://github.com/jonhoo/rust-ci-conf/pull/5
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+name: check
+jobs:
+  fmt:
+    runs-on: ubuntu-latest
+    name: stable / fmt
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+      - name: cargo fmt --check
+        run: cargo fmt --check
+
+  clippy:
+    runs-on: ubuntu-latest
+    name: ${{ matrix.toolchain }} / clippy
+    permissions:
+      contents: read
+      checks: write
+    strategy:
+      fail-fast: false
+      matrix:
+        # Get early warning of new lints which are regularly introduced in beta channels.
+        toolchain: [stable, beta]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install ${{ matrix.toolchain }}
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.toolchain }}
+          components: clippy
+      - name: cargo clippy
+        uses: giraffate/clippy-action@v1
+        with:
+          reporter: 'github-pr-check'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  # Enable once we have a released crate
+  # semver:
+  #   runs-on: ubuntu-latest
+  #   name: semver
+  #   strategy:
+  #     fail-fast: false
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #       with:
+  #         submodules: true
+  #     - name: Install stable
+  #       uses: dtolnay/rust-toolchain@stable
+  #       with:
+  #         components: rustfmt
+  #     - name: cargo-semver-checks
+  #       uses: obi1kenobi/cargo-semver-checks-action@v2
+
+  doc:
+    # run docs generation on nightly rather than stable. This enables features like
+    # https://doc.rust-lang.org/beta/unstable-book/language-features/doc-cfg.html which allows an
+    # API be documented as only available in some specific platforms.
+    runs-on: ubuntu-latest
+    name: nightly / doc
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install nightly
+        uses: dtolnay/rust-toolchain@nightly
+      - name: cargo doc
+        run: cargo doc --no-deps --all-features
+        env:
+          RUSTDOCFLAGS: --cfg docsrs
+
+  hack:
+    # cargo-hack checks combinations of feature flags to ensure that features are all additive
+    # which is required for feature unification
+    runs-on: ubuntu-latest
+    name: ubuntu / stable / features
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install stable
+        uses: dtolnay/rust-toolchain@stable
+      - name: cargo install cargo-hack
+        uses: taiki-e/install-action@cargo-hack
+      # intentionally no target specifier; see https://github.com/jonhoo/rust-ci-conf/pull/4
+      # --feature-powerset runs for every combination of features
+      - name: cargo hack
+        run: cargo hack --feature-powerset check
+
+  deny:
+    # cargo-deny checks licenses, advisories, sources, and bans for
+    # our dependencies.
+    runs-on: ubuntu-latest
+    name: ubuntu / stable / deny
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install stable
+        uses: dtolnay/rust-toolchain@stable
+      - name: cargo install cargo-deny
+        uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          log-level: warn
+          manifest-path: ./Cargo.toml
+          command: check
+          arguments: --all-features
+
+  test:
+    runs-on: ubuntu-latest
+    name: ubuntu / stable / test
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install stable
+        uses: dtolnay/rust-toolchain@stable
+      - name: cargo install cargo-hack
+        uses: taiki-e/install-action@cargo-hack
+      - name: cargo test
+        run: cargo hack --feature-powerset test
+
+  msrv:
+    # check that we can build using the minimal rust version that is specified by this crate
+    runs-on: ubuntu-latest
+    # we use a matrix here just because env can't be used in job names
+    # https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
+    strategy:
+      fail-fast: false
+      matrix:
+        msrv: ["1.85"]
+    name: ubuntu / ${{ matrix.msrv }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install ${{ matrix.msrv }}
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.msrv }}
+      - name: cargo +${{ matrix.msrv }} check
+        run: cargo check
diff --git a/.github/workflows/nostd.yml b/.github/workflows/nostd.yml
new file mode 100644
index 000000000..532235851
--- /dev/null
+++ b/.github/workflows/nostd.yml
@@ -0,0 +1,30 @@
+# This workflow checks whether the library is able to run without the std library (e.g., embedded).
+# This entire file should be removed if this crate does not support no-std. See check.yml for
+# information about how the concurrency cancellation and workflow triggering works
+permissions:
+  contents: read
+on:
+  push:
+    branches: [main]
+  pull_request:
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+name: no-std
+jobs:
+  nostd:
+    runs-on: ubuntu-latest
+    name: ${{ matrix.target }}
+    strategy:
+      matrix:
+        target: [thumbv8m.main-none-eabihf]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install stable
+        uses: dtolnay/rust-toolchain@stable
+      - name: rustup target add ${{ matrix.target }}
+        run: rustup target add ${{ matrix.target }}
+      - name: cargo check
+        run: cargo check --target ${{ matrix.target }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..6985cf1bd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,14 @@
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdb
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 000000000..ace00d468
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,14 @@
+{
+    "editor.formatOnSave": true,
+    "rust-analyzer.checkOnSave": true,
+    "rust-analyzer.check.allTargets": false,
+    "rust-analyzer.cargo.target": "thumbv8m.main-none-eabihf",
+    "rust-analyzer.cargo.features": "all",
+    "rust-analyzer.check.command": "clippy",
+    "[toml]": {
+        "editor.defaultFormatter": "tamasfe.even-better-toml"
+    },
+    "[rust]": {
+        "editor.defaultFormatter": "rust-lang.rust-analyzer"
+    }
+}
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 000000000..e2a52ae39
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1 @@
+* @felipebalbi @jerrysxie @tullom @RobertZ2011 @dymk
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 000000000..8603671fb
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,132 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[email protected].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..c45bc8e43
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,35 @@
+# Contributing to Open Device Partnership
+
+The Open Device Partnership project welcomes your suggestions and contributions! Before opening your first issue or pull request, please review our
+[Code of Conduct](CODE_OF_CONDUCT.md) to understand how our community interacts in an inclusive and respectful manner.
+
+## Contribution Licensing
+
+Most of our code is distributed under the terms of the [MIT license](LICENSE), and when you contribute code that you wrote to our repositories,
+you agree that you are contributing under those same terms. In addition, by submitting your contributions you are indicating that
+you have the right to submit those contributions under those terms.
+
+## Other Contribution Information
+
+If you wish to contribute code or documentation authored by others, or using the terms of any other license, please indicate that clearly in your
+pull request so that the project team can discuss the situation with you.
+
+## Commit Message
+
+* Use meaningful commit messages. See [this blogpost](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
+
+## PR Etiquette
+
+* Create a draft PR first
+* Make sure that your branch has `.github` folder and all the code linting/sanity check workflows are passing in your draft PR before sending it out to code reviewers.
+
+## Clean Commit History
+
+We disabled squashing of commit and would like to maintain a clean commit history. So please reorganize your commits with the following items:
+
+* Each commit builds successfully without warning
+* Miscellaneous commits to fix typos + formatting are squashed
+
+## Regressions
+
+When reporting a regression, please ensure that you use `git bisect` to find the first offending commit, as that will help us finding the culprit a lot faster.
diff --git a/Cargo.toml b/Cargo.toml
new file mode 100644
index 000000000..71c4806fe
--- /dev/null
+++ b/Cargo.toml
@@ -0,0 +1,19 @@
+[package]
+name = "embedded-rust-template"
+version = "0.1.0"
+edition = "2021"
+license = "MIT"
+repository = "https://github.com/OpenDevicePartnership/embedded-rust-template"
+rust-version = "1.85"
+
+[dependencies]
+# dependencies for all targets
+
+[target.'cfg(target_os = "none")'.dependencies]
+# dependencies for no-std targets
+
+[lints.clippy]
+suspicious = "forbid"
+correctness = "forbid"
+perf = "forbid"
+style = "forbid"
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 000000000..75092dc47
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Open Device Partnership
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 000000000..60b09c0a6
--- /dev/null
+++ b/README.md
@@ -0,0 +1,63 @@
+# embedded-rust-template
+Template repository for Embedded Rust development
+
+## Customizing This Template
+
+### Changing the Target Architecture
+
+This template is configured for `thumbv8m.main-none-eabihf`, by default, but you can modify it for other targets (i.e. `aarch64-unknown-none`):
+
+1. **VSCode Settings**: Update the target in `.vscode/settings.json`:
+   ```json
+   "rust-analyzer.cargo.target": "your-target-architecture"
+   ```
+
+
+This configuration ensures that:
+- Only the specified target architecture is analyzed, not the host platform
+- Code is checked against the no_std environment
+
+To temporarily analyze code for the host platform instead, you can remove the `rust-analyzer.cargo.target` setting.
+
+2. **GitHub Workflows**: Modify the target in two workflow files:
+   - `.github/workflows/nostd.yml`: Update the targets in the matrix:
+     ```yaml
+     matrix:
+       target: [your-target-architecture]
+     ```
+   - `.github/workflows/check.yml`: If there are any target-specific checks, update them accordingly.
+
+3. **Cargo Configuration**: If needed, you can add target-specific configuration in a `.cargo/config.toml` file.
+
+### Converting from Binary to Library
+
+To convert this project from a binary to a library:
+
+1. **Cargo.toml**: Update your project structure:
+   ```toml
+   [lib]
+   name = "your_library_name"
+   ```
+
+2. **Directory Structure**:
+   - For a library, ensure you have a `src/lib.rs` file instead of `src/main.rs`
+   - Move your code from `main.rs` to `lib.rs` and adjust as needed
+
+3. **No-std Configuration**: If you're creating a no-std library, ensure you have:
+   ```rust
+   // In lib.rs
+   #![cfg_attr(target_os = "none", no_std)]
+   // Add other attributes as needed
+   ```
+
+### Project Dependencies
+
+Update the dependencies in `Cargo.toml` based on your target platform:
+
+```toml
+[dependencies]
+# Common dependencies for all targets
+
+[target.'cfg(target_os = "none")'.dependencies]
+# Dependencies for no-std targets
+```
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..6ed358156
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,66 @@
+# Vulnerability Disclosure and Embargo Policy
+
+The Open Device Partnership project welcomes the responsible disclosure of vulnerabilities.
+
+## Initial Contact
+
+All security bugs in Open Device Partnership should be reported to the security team.
+To do so, please reach out in the form of a
+[Github Security Advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities).
+
+You will be invited to join this private area to discuss specifics. Doing so
+allows us to start with a high level of confidentiality and relax it if the
+issue is less critical, moving to work on the fix in the open.
+
+Your initial contact will be acknowledged within 48 hours, and you’ll receive
+a more detailed response within 96 hours indicating the next steps in handling
+your report.
+
+After the initial reply to your report, the security team will endeavor to
+keep you informed of the progress being made towards a fix and full
+announcement. As recommended by
+[RFPolicy](https://dl.packetstormsecurity.net/papers/general/rfpolicy-2.0.txt),
+these updates will be sent at least every five working days.
+
+## Disclosure Policy
+
+The Open Device Partnership project has a 5 step disclosure process.
+
+1. Contact is established, a private channel created, and the security report
+   is received and is assigned a primary handler. This person will coordinate
+   the fix and release process.
+2. The problem is confirmed and a list of all affected versions is determined.
+   If an embargo is needed (see below), details of the embargo are decided.
+3. Code is audited to find any potential similar problems.
+4. Fixes are prepared for all releases which are still under maintenance. In
+   case of embargo, these fixes are not committed to the public repository but
+   rather held in a private fork pending the announcement.
+5. The changes are pushed to the public repository and new builds are deployed.
+
+This process can take some time, especially when coordination is required
+with maintainers of other projects. Every effort will be made to handle the bug
+in as timely a manner as possible, however it is important that we follow the
+release process above to ensure that the disclosure is handled in a consistent
+manner.
+
+## Embargoes
+
+While the Open Device Partnership project aims to follow the highest standards of
+transparency and openness, handling some security issues may pose such an
+immediate threat to various stakeholders and require coordination between
+various actors that it cannot be made immediately public.
+
+In this case, security issues will fall under an embargo.
+
+An embargo can be called for in various cases:
+
+- when disclosing the issue without simultaneously providing a mitigation
+  would seriously endanger users,
+- when producing a fix requires coordinating between multiple actors (such as
+  upstream or downstream/dependency projects), or simply
+- when proper analysis of the issue and its ramifications demands time.
+
+If we determine that an issue you report requires an embargo, we will discuss
+this with you and try to find a reasonable expiry date (aka “embargo
+completion date”), as well as who should be included in the list of
+need-to-know people.
\ No newline at end of file
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 000000000..9ddd12fca
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,239 @@
+# This template contains all of the possible sections and their default values
+
+# Note that all fields that take a lint level have these possible values:
+# * deny - An error will be produced and the check will fail
+# * warn - A warning will be produced, but the check will not fail
+# * allow - No warning or error will be produced, though in some cases a note
+# will be
+
+# The values provided in this template are the default values that will be used
+# when any section or field is not specified in your own configuration
+
+# Root options
+
+# The graph table configures how the dependency graph is constructed and thus
+# which crates the checks are performed against
+[graph]
+# If 1 or more target triples (and optionally, target_features) are specified,
+# only the specified targets will be checked when running `cargo deny check`.
+# This means, if a particular package is only ever used as a target specific
+# dependency, such as, for example, the `nix` crate only being used via the
+# `target_family = "unix"` configuration, that only having windows targets in
+# this list would mean the nix crate, as well as any of its exclusive
+# dependencies not shared by any other crates, would be ignored, as the target
+# list here is effectively saying which targets you are building for.
+targets = [
+    # The triple can be any string, but only the target triples built in to
+    # rustc (as of 1.40) can be checked against actual config expressions
+    #"x86_64-unknown-linux-musl",
+    # You can also specify which target_features you promise are enabled for a
+    # particular target. target_features are currently not validated against
+    # the actual valid features supported by the target architecture.
+    #{ triple = "wasm32-unknown-unknown", features = ["atomics"] },
+]
+# When creating the dependency graph used as the source of truth when checks are
+# executed, this field can be used to prune crates from the graph, removing them
+# from the view of cargo-deny. This is an extremely heavy hammer, as if a crate
+# is pruned from the graph, all of its dependencies will also be pruned unless
+# they are connected to another crate in the graph that hasn't been pruned,
+# so it should be used with care. The identifiers are [Package ID Specifications]
+# (https://doc.rust-lang.org/cargo/reference/pkgid-spec.html)
+#exclude = []
+# If true, metadata will be collected with `--all-features`. Note that this can't
+# be toggled off if true, if you want to conditionally enable `--all-features` it
+# is recommended to pass `--all-features` on the cmd line instead
+all-features = false
+# If true, metadata will be collected with `--no-default-features`. The same
+# caveat with `all-features` applies
+no-default-features = false
+# If set, these feature will be enabled when collecting metadata. If `--features`
+# is specified on the cmd line they will take precedence over this option.
+#features = []
+
+# The output table provides options for how/if diagnostics are outputted
+[output]
+# When outputting inclusion graphs in diagnostics that include features, this
+# option can be used to specify the depth at which feature edges will be added.
+# This option is included since the graphs can be quite large and the addition
+# of features from the crate(s) to all of the graph roots can be far too verbose.
+# This option can be overridden via `--feature-depth` on the cmd line
+feature-depth = 1
+
+# This section is considered when running `cargo deny check advisories`
+# More documentation for the advisories section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
+[advisories]
+# The path where the advisory databases are cloned/fetched into
+#db-path = "$CARGO_HOME/advisory-dbs"
+# The url(s) of the advisory databases to use
+#db-urls = ["https://github.com/rustsec/advisory-db"]
+# A list of advisory IDs to ignore. Note that ignored advisories will still
+# output a note when they are encountered.
+ignore = [
+    #"RUSTSEC-0000-0000",
+    #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
+    #"[email protected]", # you can also ignore yanked crate versions if you wish
+    #{ crate = "[email protected]", reason = "you can specify why you are ignoring the yanked crate" },
+    { id = "RUSTSEC-2024-0370", reason = "proc-macro-error is unmaintained, no safe upgrade available, need upstream dependencies to migrate away from it." },
+    { id = "RUSTSEC-2024-0436", reason = "there are no suitable replacements for paste right now; paste has been archived as read-only. It only affects compile time concatenation in macros. We will allow it for now" },
+]
+# If this is true, then cargo deny will use the git executable to fetch advisory database.
+# If this is false, then it uses a built-in git library.
+# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
+# See Git Authentication for more information about setting up git authentication.
+#git-fetch-with-cli = true
+
+# This section is considered when running `cargo deny check licenses`
+# More documentation for the licenses section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+# List of explicitly allowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "Unicode-3.0",
+    "BSD-3-Clause",
+    #"Apache-2.0 WITH LLVM-exception",
+]
+# The confidence threshold for detecting a license from license text.
+# The higher the value, the more closely the license text must be to the
+# canonical license text of a valid SPDX license file.
+# [possible values: any between 0.0 and 1.0].
+confidence-threshold = 0.8
+# Allow 1 or more licenses on a per-crate basis, so that particular licenses
+# aren't accepted for every possible crate as with the normal allow list
+exceptions = [
+    # Each entry is the crate and version constraint, and its specific allow
+    # list
+    #{ allow = ["Zlib"], crate = "adler32" },
+]
+
+# Some crates don't have (easily) machine readable licensing information,
+# adding a clarification entry for it allows you to manually specify the
+# licensing information
+#[[licenses.clarify]]
+# The package spec the clarification applies to
+#crate = "ring"
+# The SPDX expression for the license requirements of the crate
+#expression = "MIT AND ISC AND OpenSSL"
+# One or more files in the crate's source used as the "source of truth" for
+# the license expression. If the contents match, the clarification will be used
+# when running the license check, otherwise the clarification will be ignored
+# and the crate will be checked normally, which may produce warnings or errors
+# depending on the rest of your configuration
+#license-files = [
+# Each entry is a crate relative path, and the (opaque) hash of its contents
+#{ path = "LICENSE", hash = 0xbd0eed23 }
+#]
+
+[licenses.private]
+# If true, ignores workspace crates that aren't published, or are only
+# published to private registries.
+# To see how to mark a crate as unpublished (to the official registry),
+# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
+ignore = false
+# One or more private registries that you might publish crates to, if a crate
+# is only published to private registries, and ignore is true, the crate will
+# not have its license(s) checked
+registries = [
+    #"https://sekretz.com/registry
+]
+
+# This section is considered when running `cargo deny check bans`.
+# More documentation about the 'bans' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
+[bans]
+# Lint level for when multiple versions of the same crate are detected
+multiple-versions = "warn"
+# Lint level for when a crate version requirement is `*`
+wildcards = "allow"
+# The graph highlighting used when creating dotgraphs for crates
+# with multiple versions
+# * lowest-version - The path to the lowest versioned duplicate is highlighted
+# * simplest-path - The path to the version with the fewest edges is highlighted
+# * all - Both lowest-version and simplest-path are used
+highlight = "all"
+# The default lint level for `default` features for crates that are members of
+# the workspace that is being checked. This can be overridden by allowing/denying
+# `default` on a crate-by-crate basis if desired.
+workspace-default-features = "allow"
+# The default lint level for `default` features for external crates that are not
+# members of the workspace. This can be overridden by allowing/denying `default`
+# on a crate-by-crate basis if desired.
+external-default-features = "allow"
+# List of crates that are allowed. Use with care!
+allow = [
+    #"[email protected]",
+    #{ crate = "[email protected]", reason = "you can specify a reason it is allowed" },
+]
+# List of crates to deny
+deny = [
+    #"[email protected]",
+    #{ crate = "[email protected]", reason = "you can specify a reason it is banned" },
+    # Wrapper crates can optionally be specified to allow the crate when it
+    # is a direct dependency of the otherwise banned crate
+    #{ crate = "[email protected]", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
+]
+
+# List of features to allow/deny
+# Each entry the name of a crate and a version range. If version is
+# not specified, all versions will be matched.
+#[[bans.features]]
+#crate = "reqwest"
+# Features to not allow
+#deny = ["json"]
+# Features to allow
+#allow = [
+#    "rustls",
+#    "__rustls",
+#    "__tls",
+#    "hyper-rustls",
+#    "rustls",
+#    "rustls-pemfile",
+#    "rustls-tls-webpki-roots",
+#    "tokio-rustls",
+#    "webpki-roots",
+#]
+# If true, the allowed features must exactly match the enabled feature set. If
+# this is set there is no point setting `deny`
+#exact = true
+
+# Certain crates/versions that will be skipped when doing duplicate detection.
+skip = [
+    #"[email protected]",
+    #{ crate = "[email protected]", reason = "you can specify a reason why it can't be updated/removed" },
+]
+# Similarly to `skip` allows you to skip certain crates during duplicate
+# detection. Unlike skip, it also includes the entire tree of transitive
+# dependencies starting at the specified crate, up to a certain depth, which is
+# by default infinite.
+skip-tree = [
+    #"[email protected]", # will be skipped along with _all_ of its direct and transitive dependencies
+    #{ crate = "[email protected]", depth = 20 },
+]
+
+# This section is considered when running `cargo deny check sources`.
+# More documentation about the 'sources' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
+[sources]
+# Lint level for what to happen when a crate from a crate registry that is not
+# in the allow list is encountered
+unknown-registry = "warn"
+# Lint level for what to happen when a crate from a git repository that is not
+# in the allow list is encountered
+unknown-git = "warn"
+# List of URLs for allowed crate registries. Defaults to the crates.io index
+# if not specified. If it is specified but empty, no registries are allowed.
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+# List of URLs for allowed Git repositories
+allow-git = []
+
+[sources.allow-org]
+# github.com organizations to allow git sources for
+github = ["embassy-rs"]
+# gitlab.com organizations to allow git sources for
+gitlab = []
+# bitbucket.org organizations to allow git sources for
+bitbucket = []
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
new file mode 100644
index 000000000..367cc1fc3
--- /dev/null
+++ b/rust-toolchain.toml
@@ -0,0 +1,2 @@
+[toolchain]
+components = ["rustfmt", "clippy"]
diff --git a/rustfmt.toml b/rustfmt.toml
new file mode 100644
index 000000000..753065179
--- /dev/null
+++ b/rustfmt.toml
@@ -0,0 +1 @@
+max_width = 120
diff --git a/src/baremetal/mod.rs b/src/baremetal/mod.rs
new file mode 100644
index 000000000..c03b9538b
--- /dev/null
+++ b/src/baremetal/mod.rs
@@ -0,0 +1,6 @@
+use core::panic::PanicInfo;
+
+#[panic_handler]
+fn panic(_info: &PanicInfo) -> ! {
+    loop {}
+}
diff --git a/src/main.rs b/src/main.rs
new file mode 100644
index 000000000..7111536ff
--- /dev/null
+++ b/src/main.rs
@@ -0,0 +1,18 @@
+#![cfg_attr(target_os = "none", no_std)]
+#![cfg_attr(target_os = "none", no_main)]
+
+#[cfg(target_os = "none")]
+mod baremetal;
+
+#[cfg(not(target_os = "none"))]
+fn main() {
+    println!("Hello, world!");
+}
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn it_works() {
+        assert_eq!(2 + 2, 4);
+    }
+}
diff --git a/supply-chain/README.md b/supply-chain/README.md
new file mode 100644
index 000000000..d43d50485
--- /dev/null
+++ b/supply-chain/README.md
@@ -0,0 +1,83 @@
+# Working with cargo vet
+
+## Introduction
+
+`cargo vet` is a tool to help ensure that third-party Rust dependencies have been audited by a trusted entity.
+It matches all dependencies against a set of audits conducted by the authors of the project or entities they trust.  
+To learn more, visit [mozilla/cargo-vet](https://github.com/mozilla/cargo-vet)
+
+---
+
+## Adding a new dependency
+
+When updating or adding a new dependency, we need to ensure it's audited before being merged into main.  
+For our repositories, we have designated experts who are responsible for vetting any new dependencies being added to their repository.  
+_It is the shared responsibility of the developer creating the PR and the auditors to conduct a successful audit._  
+Follow the process below to ensure compliance:
+
+### For Developers
+1. **Respond to `cargo vet` failures**:
+  - If your PR fails the `cargo vet` step, the cargo-vet workflow will add a comment to the PR with a template questionnaire
+  - Copy the questionnaire, fill it out and paste it as a new comment on the PR. This greatly helps the auditors get some context of the changes requiring the new dependencies
+
+2. **Engage with auditors**:
+  - Respond to any questions that the auditors might have regarding the need of any new dependencies
+
+3. **Rebase and verify**:
+  - At their discretion, auditors will check in their audits into either [rust-crate-audits](https://github.com/OpenDevicePartnership/rust-crate-audits) or into the same repository
+  - Once the new audits have been merged, rebase your branch on main and verify it passes `cargo vet`
+    ```bash
+    git fetch upstream
+    git rebase upstream/main
+    cargo vet
+    ```
+
+4. **Update PR**:
+  - If the audits were checked into rust-crate-audits, they will show up in _imports.lock_ on running `cargo vet`. In this case add the updated _imports.lock_ to your PR
+  - If the audits were checked into the same repository, they will be present in _audits.toml_ after rebase and you can simply force push to your PR after rebase
+    ```bash
+    git push -f
+    ```
+
+5. **Check PR status**:
+  - The existing PR comment from the previous failure will be updated with a success message once the check passes
+
+### For Auditors
+
+1. **Review the questionnaire**:
+  - Check the filled questionnaire on the PR once the developer responds to the `cargo vet` failure
+  - Respond to the developer comment in case more information is needed
+
+2. **Audit new dependencies**:
+  - Inspect the `cargo vet` failures using your preferred method
+    - Use [gh pr checkout](https://cli.github.com/manual/gh_pr_checkout) to checkout the PR and run `cargo vet --locked`
+    - Use [Github Pull Requests for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-pull-request-github) to checkout the PR and run `cargo vet --locked`
+    - For more suggestions: [Checking out pull requests locally](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally)
+
+3. **Follow `cargo vet` recommendations**:
+  - Follow the recommendations of the `cargo vet` command output, either `cargo vet diff` for version update or `cargo vet inspect` for new dependencies
+
+4. **Record audits**:
+  - Use `cargo vet certify` to add new audits to _audits.toml_
+  - Verify all dependencies pass using `cargo vet`
+
+5. **Decide audit location**:
+  - **Shared audits**: New audits should ideally be shared across ODP repositories to reduce the overhead of multiple audits for the same dependencies. To facilitate this, it's recommended to cut and paste the new audits and submit as a separate PR to the _audits.toml_ in [rust-crate-audits](https://github.com/OpenDevicePartnership/rust-crate-audits)
+  - If due to business reasons, the audits are not to be shared across repositories, copy the updated _audits.toml_ to a new branch off main in the same repository and submit the PR to update the audits
+
+6. **Communicate successful audit**:
+  - Communicate to the PR developer via a PR comment so they can update the PR and get `cargo vet` to pass
+
+---
+
+## Tips for using `cargo vet`:
+
+- **Update _imports.lock_**:
+  - Import trusted third party audits to reduce the number of new audits to be performed. Running `cargo vet` without `--locked` fetches new imports and updates _imports.lock_ with any audits that are helpful for our project.
+
+- **Add exemptions**:
+  - If an audit cannot be performed for some dependency due to time sensitivity or business justified reasons, use `cargo vet add-exemption <PACKAGE> <VERSION>` to add the dependency to exemptions in _config.toml_
+  - To add all remaining audits to exemptions at once, use `cargo vet regenerate exemptions`
+
+- **Prune unnecessary entries**:
+  - Remove unnecessary exemptions and imports using `cargo vet prune`
\ No newline at end of file
diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
new file mode 100644
index 000000000..2772ccb21
--- /dev/null
+++ b/supply-chain/audits.toml
@@ -0,0 +1,4 @@
+
+# cargo-vet audits file
+
+[audits]
diff --git a/supply-chain/config.toml b/supply-chain/config.toml
new file mode 100644
index 000000000..55618c2ff
--- /dev/null
+++ b/supply-chain/config.toml
@@ -0,0 +1,14 @@
+
+# cargo-vet config file
+
+[cargo-vet]
+version = "0.10"
+
+[imports.OpenDevicePartnership]
+url = "https://raw.githubusercontent.com/OpenDevicePartnership/rust-crate-audits/main/audits.toml"
+
+[imports.google]
+url = "https://raw.githubusercontent.com/google/rust-crate-audits/main/audits.toml"
+
+[imports.mozilla]
+url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
new file mode 100644
index 000000000..219dba4ee
--- /dev/null
+++ b/supply-chain/imports.lock
@@ -0,0 +1,8 @@
+
+# cargo-vet imports lock
+
+[audits.OpenDevicePartnership.audits]
+
+[audits.google.audits]
+
+[audits.mozilla.audits]