diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..7432e37 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,63 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# Sample workflow for building and deploying a Jekyll site to GitHub Pages +name: Deploy Jekyll site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: ["main"] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Ruby + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 + with: + ruby-version: '3.1' # Not needed with a .ruby-version file + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + cache-version: 0 # Increment this number if you need to re-download cached gems + - name: Setup Pages + id: pages + uses: actions/configure-pages@v3 + - name: Build with Jekyll + # Outputs to the './_site' directory by default + run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}" + env: + JEKYLL_ENV: production + - name: Upload artifact + # Automatically uploads an artifact from the './_site' directory by default + uses: actions/upload-pages-artifact@v2 + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f40fbd8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +_site +.sass-cache +.jekyll-cache +.jekyll-metadata +vendor diff --git a/404.html b/404.html new file mode 100644 index 0000000..086a5c9 --- /dev/null +++ b/404.html @@ -0,0 +1,25 @@ +--- +permalink: /404.html +layout: default +--- + + + +
+

404

+ +

Page not found :(

+

The requested page could not be found.

+
diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..2b345e5 --- /dev/null +++ b/Gemfile @@ -0,0 +1,37 @@ +source "https://rubygems.org" +# Hello! This is where you manage which Jekyll version is used to run. +# When you want to use a different version, change it below, save the +# file and run `bundle install`. Run Jekyll with `bundle exec`, like so: +# +# bundle exec jekyll serve +# +# This will help ensure the proper Jekyll version is running. +# Happy Jekylling! +gem "jekyll", "~> 4.3.2" +# This is the default theme for new Jekyll sites. You may change this to anything you like. +gem "minima", "~> 2.5" +# Try this theme +gem "minimal-mistakes-jekyll" +# If you want to use GitHub Pages, remove the "gem "jekyll"" above and +# uncomment the line below. To upgrade, run `bundle update github-pages`. +# gem "github-pages", group: :jekyll_plugins +# If you have any plugins, put them here! +group :jekyll_plugins do + gem "jekyll-feed", "~> 0.12" + gem 'jekyll-scholar' +end + + +# Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem +# and associated library. +platforms :mingw, :x64_mingw, :mswin, :jruby do + gem "tzinfo", ">= 1", "< 3" + gem "tzinfo-data" +end + +# Performance-booster for watching directories on Windows +gem "wdm", "~> 0.1.1", :platforms => [:mingw, :x64_mingw, :mswin] + +# Lock `http_parser.rb` gem to `v0.6.x` on JRuby builds since newer versions of the gem +# do not have a Java counterpart. +gem "http_parser.rb", "~> 0.6.0", :platforms => [:jruby] diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..5a4818c --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,132 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.5) + public_suffix (>= 2.0.2, < 6.0) + base64 (0.1.1) + bibtex-ruby (6.0.0) + latex-decode (~> 0.0) + citeproc (1.0.10) + namae (~> 1.0) + citeproc-ruby (1.1.14) + citeproc (~> 1.0, >= 1.0.9) + csl (~> 1.6) + colorator (1.1.0) + concurrent-ruby (1.2.2) + csl (1.6.0) + namae (~> 1.0) + rexml + csl-styles (1.0.1.11) + csl (~> 1.0) + em-websocket (0.5.3) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0) + eventmachine (1.2.7) + faraday (2.7.11) + base64 + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-net_http (3.0.2) + ffi (1.16.3) + forwardable-extended (2.6.0) + google-protobuf (3.24.4-arm64-darwin) + http_parser.rb (0.8.0) + i18n (1.14.1) + concurrent-ruby (~> 1.0) + jekyll (4.3.2) + addressable (~> 2.4) + colorator (~> 1.0) + em-websocket (~> 0.5) + i18n (~> 1.0) + jekyll-sass-converter (>= 2.0, < 4.0) + jekyll-watch (~> 2.0) + kramdown (~> 2.3, >= 2.3.1) + kramdown-parser-gfm (~> 1.0) + liquid (~> 4.0) + mercenary (>= 0.3.6, < 0.5) + pathutil (~> 0.9) + rouge (>= 3.0, < 5.0) + safe_yaml (~> 1.0) + terminal-table (>= 1.8, < 4.0) + webrick (~> 1.7) + jekyll-feed (0.17.0) + jekyll (>= 3.7, < 5.0) + jekyll-gist (1.5.0) + octokit (~> 4.2) + jekyll-include-cache (0.2.1) + jekyll (>= 3.7, < 5.0) + jekyll-paginate (1.1.0) + jekyll-sass-converter (3.0.0) + sass-embedded (~> 1.54) + jekyll-scholar (7.1.3) + bibtex-ruby (~> 6.0) + citeproc-ruby (~> 1.0) + csl-styles (~> 1.0) + jekyll (~> 4.0) + jekyll-seo-tag (2.8.0) + jekyll (>= 3.8, < 5.0) + jekyll-sitemap (1.4.0) + jekyll (>= 3.7, < 5.0) + jekyll-watch (2.2.1) + listen (~> 3.0) + kramdown (2.4.0) + rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) + latex-decode (0.4.0) + liquid (4.0.4) + listen (3.8.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + mercenary (0.4.0) + minima (2.5.1) + jekyll (>= 3.5, < 5.0) + jekyll-feed (~> 0.9) + jekyll-seo-tag (~> 2.1) + minimal-mistakes-jekyll (4.24.0) + jekyll (>= 3.7, < 5.0) + jekyll-feed (~> 0.1) + jekyll-gist (~> 1.5) + jekyll-include-cache (~> 0.1) + jekyll-paginate (~> 1.1) + jekyll-sitemap (~> 1.3) + namae (1.1.1) + octokit (4.25.1) + faraday (>= 1, < 3) + sawyer (~> 0.9) + pathutil (0.16.2) + forwardable-extended (~> 2.6) + public_suffix (5.0.3) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.6) + rouge (4.1.3) + ruby2_keywords (0.0.5) + safe_yaml (1.0.5) + sass-embedded (1.69.3-arm64-darwin) + google-protobuf (~> 3.23) + sawyer (0.9.2) + addressable (>= 2.3.5) + faraday (>= 0.17.3, < 3) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + unicode-display_width (2.5.0) + webrick (1.8.1) + +PLATFORMS + arm64-darwin-22 + +DEPENDENCIES + http_parser.rb (~> 0.6.0) + jekyll (~> 4.3.2) + jekyll-feed (~> 0.12) + jekyll-scholar + minima (~> 2.5) + minimal-mistakes-jekyll + tzinfo (>= 1, < 3) + tzinfo-data + wdm (~> 0.1.1) + +BUNDLED WITH + 2.4.20 diff --git a/_bibliography/cl-pubs.csl b/_bibliography/cl-pubs.csl new file mode 100644 index 0000000..38dc39b --- /dev/null +++ b/_bibliography/cl-pubs.csl @@ -0,0 +1,144 @@ + + diff --git a/_bibliography/publications.bib b/_bibliography/publications.bib new file mode 100644 index 0000000..feed6db --- /dev/null +++ b/_bibliography/publications.bib @@ -0,0 +1,26 @@ +@techreport{amar2023cheriot, +author = {Amar, Saar and Chen, Tony and Chisnall, David and Domke, Felix and Filardo, Nathaniel and Liu, Kunyan and Norton-Wright, Robert and Tao, Yucong and N. M. Watson, Robert and Xia, Hongyan}, +title = {CHERIoT: Rethinking security for low-cost embedded systems}, +institution = {Microsoft}, +year = {2023}, +month = {February}, +abstract = {Small embedded cores have little area to spare for security features and yet must often run code written in unsafe languages and, increasingly, are exposed to the hostile Internet. CHERIoT  (Capability Hardware Extension to RISC-V for Internet of Things) builds on top of CHERI and RISC-V to provide an ISA and software model that lets software depend on object-granularity spatial memory safety, deterministic use-after-free protection, and lightweight compartmentalization exposed directly to the C/C++ language model. This can run existing embedded software components on a clean-slate RTOS that scales up to large numbers of isolated (yet securely communicating) compartments, even on systems with under 256 KiB of SRAM.}, +url = {https://www.microsoft.com/en-us/research/uploads/prod/2023/02/cheriot-63e11a4f1e629.pdf}, +number = {MSR-TR-2023-6}, +} + +@inproceedings{cheriotmicro2023, + author = {Amar, Saar and Chisnall, David and Chen, Tony and Wesley, Nathaniel Filardo and Laurie, Ben and Liu, Kunyan and Norton, Robert and Moore, Simon W. and Tao, Yucong and Watson, Robert N. M. and Xia, Hongyan}, + title = {{CHERIoT}: Complete Memory Safety for Embedded Devices}, + doi = {ttps://doi.org/10.1145/3613424.3614266}, + year = {2023}, + month = {October}, + location = {Toronto, Canada}, + publisher = {Association for Computing Machinery}, + booktitle = {proceedings of the 56th IEEE/ACM International Symposium on Microarchitecture}, + abstract = {The ubiquity of embedded devices is apparent. The desire for increased functionality and connectivity drives ever larger software stacks, with components from multiple vendors and entities. These stacks \emph{should} be replete with isolation and memory safety technologies, but existing solutions impinge upon development, unit cost, power, scalability, and/or real-time constraints, limiting their adoption and production-grade deployments. As memory safety vulnerabilities mount, the situation is clearly not tenable and a new approach is needed. + + To slake this need, we present a novel adaptation of the CHERI capability architecture, co-designed with a green-field, security-centric RTOS. It is scaled for embedded systems, is capable of fine-grained software compartmentalization, and provides affordances for full inter-compartment memory safety. We highlight central design decisions and offloads and summarize how our prototype RTOS uses these to enable memory-safe, compartmentalized applications. Unlike many state-of-the-art schemes, our solution deterministically (not probabilistically) eliminates memory safety vulnerabilities while maintaining source-level compatibility. We characterize the power, performance, and area microarchitectural impacts, run microbenchmarks of key facilities, and exhibit the practicality of an end-to-end IoT application. The implementation shows that full memory safety for compartmentalized embedded systems is achievable without violating resource constraints or real-time guarantees, and that hardware assists need not be expensive, intrusive, or power-hungry.}, + pdf = {papers/2023-micro-cheriot-uarch.pdf}, + poster = {papers/2023-11-31-MIRCRO-CHERIoT-Poster.pdf} +} diff --git a/_config.yml b/_config.yml new file mode 100644 index 0000000..4092d58 --- /dev/null +++ b/_config.yml @@ -0,0 +1,47 @@ +title: CHERIoT Platform +description: >- + Welcome to the CHERIoT Platform, a hardware-software co-design project + that provides game-changing security for embedded devices. +baseurl: "" # the subpath of your site, e.g. /blog +url: "https://cheriot.org" +github_username: CHERIoT-Platform + +# Build settings +theme: minima +#theme: minimal-mistakes-jekyll +plugins: + - jekyll-feed + - jekyll-scholar + +markdown: kramdown +kramdown: + toc_levels: "2,3" + + +scholar: + bibliography_template: bib + style: ./_bibliography/cl-pubs + bibliography: publications.bib + sort_by: year + order: descending + + +# Exclude from processing. +# The following items will not be processed, by default. +# Any item listed under the `exclude:` key here will be automatically added to +# the internal "default list". +# +# Excluded items can be processed by explicitly listing the directories or +# their entries' file path in the `include:` list. +# +# exclude: +# - .sass-cache/ +# - .jekyll-cache/ +# - gemfiles/ +# - Gemfile +# - Gemfile.lock +# - node_modules/ +# - vendor/bundle/ +# - vendor/cache/ +# - vendor/gems/ +# - vendor/ruby/ diff --git a/_includes/contents.markdown b/_includes/contents.markdown new file mode 100644 index 0000000..c33ada3 --- /dev/null +++ b/_includes/contents.markdown @@ -0,0 +1,15 @@ +
+ + + + + + +
+

Contents

+ +* TOC generated as unordered list here: +{:toc} + +
+
diff --git a/_layouts/bib.html b/_layouts/bib.html new file mode 100644 index 0000000..e801350 --- /dev/null +++ b/_layouts/bib.html @@ -0,0 +1,54 @@ +--- +--- +{% assign doi = null %} +{% assign url = null %} +{% assign pdf = null %} +{% if entry.doi %} + {% if entry.doi contains '://' %} + {% assign doi = entry.doi %} + {% else %} + {% capture doi %}http://doi.org/{{entry.doi}}{% endcapture %} + {% endif %} +{% endif %} +{% if entry.pdf %} + {% assign url = entry.pdf %} +{% elsif entry.url %} + {% assign url = entry.url %} +{% elsif doi %} + {% assign url = doi %} +{% endif %} +{% if url %} +{% capture cite %}{{ reference | replace: entry.title, "\0" | replace: '%%URL_PLACEHOLDER%%', url }}{% endcapture %} +{% else %} +{% capture cite %}{{ reference | replace: entry.title, "\0" }}{% endcapture %} +{% endif %} +{{ cite }} +{% if entry.pdf %} + {% assign pdf = entry.pdf %} +{% elsif entry.url %} + {% if entry.url contains '.pdf' %} + {% assign pdf = entry.url %} + {% endif %} +{% endif %} +{% if pdf %} +[pdf] +{% endif %} +{% if entry.slides %} +[slides] +{% endif %} +{% if entry.poster %} +[poster] +{% endif %} +{% if doi %} +[doi] +{% endif %} +
+ BibTeX +
{{ entry.bibtex }}
+
+{% if entry.abstract %} +
+ Abstract +

{{ entry.abstract | strip | newline_to_br }}

+
+{% endif %} diff --git a/_posts/2023-10-17-ibex-now-in-dev-container.markdown b/_posts/2023-10-17-ibex-now-in-dev-container.markdown new file mode 100644 index 0000000..3b6a344 --- /dev/null +++ b/_posts/2023-10-17-ibex-now-in-dev-container.markdown @@ -0,0 +1,71 @@ +--- +layout: post +title: "Ibex simulator now available in the devcontainer" +date: 2023-10-17 11:38:13 +0100 +categories: jekyll update +--- + +Since its creation, the CHERIoT DevContainer has included the simulator built from the Sail formal model. +This is an instruction-accurate simulator and is the gold model for the CHERIoT ISA. + +With the work from Microsoft on providing a [complete FPGA simulation environment for the CHERIoT Ibex](https://github.com/microsoft/cheriot-safe), it's now possible to build a complete simulation. +If you have an Arty A7, you should be able to build this platform and run at a realistic speed. + +For the rest of us, there's [verilator](https://verilator.org). +Verilator builds a software simulation from the verilog. +This is now built in two configurations in the dev container: + + - `cheriot_ibex_safe_sim` runs the simulation. + - `cheriot_ibex_safe_sim_trace` runs the simulation and writes a file with per-instruction tracing. + +These expect two files containing hex dumps of memory in the `firmware` directory (a subdirectory of the working directory). +The first, `cpu0_irom.vhx` contains ROM bootloader code. +It's sufficient for this to contain a single jump instruction that branches to `cpu0_iram.vhx`. + +Creating these is not completely trivial and so we've included [a script to run with the simulator](https://github.com/microsoft/cheriot-rtos/blob/main/scripts/run-ibex-safe-sim.sh). +This script, in turn, is invoked by `xmake run`. +If you're in the dev container, it will find all of the tools that it needs automatically. + +This means that you can now build and run the examples in a simulation that behaves like real hardware (only much slower): + +``` +$ cd cheriot-rtos/examples/01.hello_world/ +$ xmake config --sdk=/cheriot-tools/ --board=ibex-safe-simulator +checking for platform ... cheriot +checking for architecture ... cheriot +generating /home/cheriot/cheriot-rtos/sdk/firmware.ldscript.in ... ok +$ xmake +[ 23%]: cache compiling.release ../../sdk/lib/atomic/atomic2.cc +... +[ 95%]: linking firmware build/cheriot/cheriot/release/hello_world +[ 95%]: Creating firmware report build/cheriot/cheriot/release/hello_world.json +[ 95%]: Creating firmware dump build/cheriot/cheriot/release/hello_world.dump +[100%]: build ok, spent 1.58s +warning: /home/cheriot/cheriot-rtos/sdk/xmake.lua:102: unknown language value 'c2x', it may be 'c89' +warning: add -v for getting more warnings .. +$ xmake run +Reading firmware/cpu0_irom.vhx +%Warning: firmware/cpu0_irom.vhx:33: $readmem file ended before specified final address (IEEE 2017 21.4) +%Warning: firmware/cpu0_iram.vhx:9449: $readmem file ended before specified final address (IEEE 2017 21.4) +Hello world compartment: Hello world +Error handler: Thread exit CSP=0x20040930 (v:1 0x20040730-0x20040930 l:0x200 o:0x0 p: - RWcgml -- ---) +swci_main exiting with return code 00 +``` + +If something goes wrong, you can try rerunning with `cheriot_ibex_safe_sim_trace`: + +``` +$ cd build/cheriot/cheriot/release +$ $ /cheriot-tools/bin/cheriot_ibex_safe_sim_trace +Reading firmware/cpu0_irom.vhx +%Warning: firmware/cpu0_irom.vhx:33: $readmem file ended before specified final address (IEEE 2017 21.4) +%Warning: firmware/cpu0_iram.vhx:9449: $readmem file ended before specified final address (IEEE 2017 21.4) +TOP.swci_vtb.dut.msftDvIp_cheri0_subsystem_i.msftDvIp_cheri_core0_i.msftDvIp_cheri_core_wrapper_i.ibex_top_i.u_ibex_tracer.printbuffer_dumpline.unnamedblk1: Writing execution trace to trace_core_00000000.log +Hello world compartment: Hello world +Error handler: Thread exit CSP=0x20040930 (v:1 0x20040730-0x20040930 l:0x200 o:0x0 p: - RWcgml -- ---) +swci_main exiting with return code 00 +$ ls -lah trace_core_00000000.log +-rw-r--r--. 1 cheriot cheriot 13M Oct 17 13:11 trace_core_00000000.log +``` + +Note that these trace files can get quite large: 13 MiB from the hello world example! diff --git a/_sass/_bib.scss b/_sass/_bib.scss new file mode 100644 index 0000000..64425f9 --- /dev/null +++ b/_sass/_bib.scss @@ -0,0 +1,12 @@ +label.biblink { + color: #003c79; +} +label.biblink:hover { + text-decoration: underline; +} +pre.bibtex, p.abstract { + background-color: #eef; + margin: 0 10px 0 10px; + padding: 10px; +} + diff --git a/assets/main.scss b/assets/main.scss new file mode 100644 index 0000000..01cfe2c --- /dev/null +++ b/assets/main.scss @@ -0,0 +1,7 @@ +--- +# Only the main Sass file needs front matter (the dashes are enough) +--- + +@import + "minima", + "bib"; diff --git a/images/fpga.jpeg b/images/fpga.jpeg new file mode 100644 index 0000000..5c9884c Binary files /dev/null and b/images/fpga.jpeg differ diff --git a/index.markdown b/index.markdown new file mode 100644 index 0000000..2769cdf --- /dev/null +++ b/index.markdown @@ -0,0 +1,30 @@ +--- +# Feel free to add content and custom Front Matter to this file. +# To modify the layout, see https://jekyllrb.com/docs/themes/#overriding-theme-defaults + +layout: post +--- + +FPGA running CHERIoT Ibex + +The Capability Hardware Extension to RISC-V for IoT (CHERIoT) platform was originally developed at Microsoft and is now part of an effort spanning multiple companies. +It builds on top of [CHERI](https://cheri-cpu.org) to provide a solid foundation for secure embedded devices. +CHERI provides referential integrity (pointers cannot be forged), spatial memory safety (pointers carry bounds that cannot be extended), call gates, and so on. + +CHERIoT extends this with a complete platform providing deterministic use-after-free protection, a lightweight compartment model, lexically-scoped delegation of objects across compartment calls, and many more benefits. + +The CHERIoT project comprises several repositories: + + - The [formal model of the CHERIoT ISA](https://github.com/microsoft/cheriot-sail). + This is used to build an executable simulator and to prove properties of both the ISA and of implementations. + - The [CHERIoT RTOS](https://github.com/microsoft/cheriot-rtos), a clean-slate RTOS designed to take advantage of CHERIoT features. + This provides the compartment model, a heap that can be safely shared across mutually distrusting compartments, and a host of other features. + - [CHERIoT LLVM](https://github.com/CHERIoT-Platform/llvm-project) provides the toolchain for building the RTOS and other software that runs atop it. + - The [CHERIoT Ibex](https://github.com/microsoft/cheriot-ibex), an area-optimised core that implements the ISA. + This is very slightly larger than the Ibex with a 16-element Physical Memory Protection unit, yet provides object-granularity memory safety and scales to a number of compartments bounded only by available memory. + - The [CHERIoT small and fast FPGA emulator](https://github.com/microsoft/cheriot-safe) platform. + This provides a set of peripherals such as a UART and interrupt controllers that provide a minimal useful integration of the Ibex. + +The [CHERIoT dev container](https://github.com/orgs/CHERIoT-Platform/packages/container/package/devcontainer) includes the toolchain, the simulator built from the formal model, and a verilator simulation of the Ibex. +This can be used explicitly via Docker / Podman or by opening the RTOS repository in Visual Studio Code or another editor that supports dev containers. + diff --git a/news.md b/news.md new file mode 100644 index 0000000..1deeb11 --- /dev/null +++ b/news.md @@ -0,0 +1,6 @@ +--- +title: News +layout: home +--- + +CHERIoT is under active development (see the various repositories), but we'll try to post regular updates here for people that don't want to consume the commit-message firehose. diff --git a/papers/2023-11-31-MIRCRO-CHERIoT-Poster.pdf b/papers/2023-11-31-MIRCRO-CHERIoT-Poster.pdf new file mode 100644 index 0000000..343f396 Binary files /dev/null and b/papers/2023-11-31-MIRCRO-CHERIoT-Poster.pdf differ diff --git a/papers/2023-micro-cheriot-uarch.pdf b/papers/2023-micro-cheriot-uarch.pdf new file mode 100644 index 0000000..3c5af02 Binary files /dev/null and b/papers/2023-micro-cheriot-uarch.pdf differ diff --git a/publications.markdown b/publications.markdown new file mode 100644 index 0000000..4293dbd --- /dev/null +++ b/publications.markdown @@ -0,0 +1,41 @@ +--- +layout: default +title: Publications +--- + +{% comment %} +This page will list all of the publications and is generated from +`_bibliography/publications.bib`. The Articles and Books subheadings will only +appear if the BibTeX file contains entries of the relevant type (everything +that is not of type book is counted as an article, currently). +{% endcomment %} + +[Download a complete list of publications as BibTeX](publications.bib) + +{% include contents.markdown %} + +{% capture articles %}{% bibliography --query @article, @inproceedings %}{% endcapture %} +{% if articles.size != 30 %} +Articles +-------- + +{{ articles }} +{% endif %} + +{% capture books %}{% bibliography --query @book %}{% endcapture %} + +{% if books.size != 30 %} +Books +----- + +{{ books }} +{% endif %} + +{% capture techreports %}{% bibliography --query @techreport %}{% endcapture %} + +{% if techreports.size != 30 %} +Tech Reports +------------ + +{{ techreports }} +{% endif %}