Codasip opens up SDK for CHERI protection on RISC-V chips
Alliance commits to Integrating the architecture into all high-tech products
by Dan Robinson · The RegisterProcessor design outfit Codasip is donating an SDK it developed for the CHERI security architecture to the industry body that promotes the technology, saying this will allow its unrestricted use by anyone implementing CHERI on RISC-V.
CHERI - stands for Capability Hardware Enhanced RISC Instructions - has grown out of a research project from the University of Cambridge in the UK and US-based SRI International that aims to fix the memory access vulnerabilities that underpin many attacks on computer systems.
The technology was demonstrated by Arm back in 2022, when it produced prototype chips that implemented CHERI in extensions to the Arm v8.2-A instruction set architecture (ISA) as part of the chip designer's Morello research program, and distributed these to researchers for testing.
Earlier this year, the CHERI Alliance was formed with the aim of driving the adoption of this technology in as many processor architectures as possible.
Codasip, however, designs RISC-V processors, and introduced CHERI in a commercially available and licensable processor design in 2023. RISC-V is an ideal ISA for implementing CHERI, the outfit says, because of its open nature and that it was created with extensibility in mind, permitting anyone to create a RISC-V design to support custom functions in code.
But to be able to use the technology, developers must have access to software tools and packages that are adapted for CHERI, such as a compiler capable of generating code that uses the additional instructions in the modified ISA and the core design.
Codasip says it has developed these tools using existing open-source projects in collaboration with other CHERI Alliance members. This would be to support its own silicon at first, of course. But the firm says it is now donating them as a software development kit (SDK) to the organization, which will allow unrestricted use by anyone seeking to implement CHERI with RISC-V. The SDK is available on GitHub.
The SDK is available from the CHERI Alliance GitHub, and includes the following:
- C/C++ compiler and toolchain based on LLVM17
- CHERI-RISC-V Sail model
- QEMU open-source emulator
- OpenSBI implementation of the RISC-V Supervisor Binary Interface
- Das U-Boot bootloader
- Linux kernel 6.10
- FreeRTOS
- The GNU Debugger
- Yocto build system for Linux
- Basic user space environment based on Busybox
The processor tech provider demonstrated its CHERI support at embedded world 2024 in Nuremberg, Germany, in April this year, in the form of its 700 processor family with the RISC-V ISA extended with CHERI-based custom instructions.
"We have made a massive effort to implement a full Linux-capable SDK that we are now opening for everyone to use. I am confident this will be a great asset for the CHERI and RISC-V communities," Codasip CEO Ron Black said in a supplied remark.
We asked Codasip about interoperability, and a spokesperson assured us that the SDK has been developed to work with any other CPU core design that conforms to the RISC-V CHERI specification.
However, the spokesperson added that the specification itself is currently undergoing a review and ratification process. Codasip has developed its SDK based on the pre-ratified version, but will update it to align with the ratified specification, if necessary.
Michael Halsall, director of the CHERI Alliance, said the organization is focused on ensuring that CHERI security gets integrated into all high-tech products.
"The fact that Codasip makes their SDK openly available through the Alliance supports the standardization effort of CHERI for RISC-V," he commented.
"CHERI can deliver a more secure future for electronics, and we must come together to make that happen, between academia, industry and government." ®