Figure A4 — Local Peripheral Autonomy
CTMMs identify and secure locally attached hardware (UART, GPIO, Timer, Display) without any IDE connection. Abstract GTs in the IDE address range (0xFE______) are probed at boot. Present peripherals get valid Abstract GTs; absent ones get NULL. Air-gapped and offline operation is fully supported.
CTMM BOOT — PERIPHERAL PROBE
Phase 5: Peripheral Discovery
After namespace and nucleus are loaded
Probe sequence (IDE address range):
0xFE000001 UART → PRESENT → Abstract GT created
0xFE000002 GPIO → PRESENT → Abstract GT created
0xFE000003 SPI → ABSENT → NULL GT
0xFE000004 Timer → PRESENT → Abstract GT created
0xFE000005 Display → ABSENT → NULL GT
RESULTING PERIPHERAL TABLE
Address Device Status GT
0xFE000001 UART ✔ active valid
0xFE000002 GPIO ✔ active valid
0xFE000003 SPI ✗ absent NULL
0xFE000004 Timer ✔ active valid
0xFE000005 Display ✗ absent NULL
Accessing NULL GT → FAULT
Software cannot accidentally use an absent peripheral.
AIR-GAPPED OPERATION
Connected mode
• IDE provisions Home Base Tunnel
• Network via 0xFF000000
• Remote namespaces accessible
Air-gapped mode
• No IDE connection
• Home Base Tunnel = NULL GT
• Local peripherals still work
Security guarantee
• No outbound data leakage
• No network = no exfiltration
• Hardware-enforced isolation
PERIPHERAL ACCESS MODEL
1. Abstraction holds Abstract GT for UART (0xFE000001) in its c-list
2. CALL with UART GT → hardware routes to UART peripheral (no namespace lookup)
3. TPERM checks GT permissions (R/W) before granting access
4. Read/write operations execute directly on peripheral registers
No device driver. No kernel. No system call.
The GT IS the driver. The hardware IS the protection.