We’ve covered CHERI, and our involvement with the development of the ARM Morello yocto layer before, so for those who aren’t aware of what it is we recommend looking back through our previous blog posts on Introducing ARM Morello and CHERI, and Linux Yocto layer for the ARM Morello board, CHERI (Capability Hardware Enhanced RISC …| www.thegoodpenguin.co.uk
As of today, the Clang 20/LLVM 20 toolchain is available in the CHERIoT devcontainer. This follows on the heels of our recent releases of Clang 18/LLVM 18 and Clang 19/LLVM 19 in recent months.| CHERIoT Platform
The Cybersecurity and Infrastructure Security Agency (CISA) has identified memory safety vulnerabilities as a major cybersecurity risk 1, pointing to reports that 70% or more of security vulnerabilities were found to involve memory-safety issues. CHERIoT 2 is a new architecture that seeks to provide strong protection against many frequently exploited memory vulnerabilities. CHERIoT is based on using CHERI 3 capability hardware-extensions to a 32 bit RISC-V 4 platform to provide fine-grained s...| CHERIoT Platform
In an article in the February, 2025 issue of Communications of the ACM, I join 20 coauthors from across academia and industry in writing about the remarkable opportunity for universal strong memory safety in low-level Trusted Computing Bases (TCBs) enabled by recent advances in type- and memory-safe systems programming languages (e.g., the Rust language), hardware memory protection (e.g., our work on CHERI), formal methods, and software compartmentalisation. These technologies are seeing incr...| Light Blue Touchpaper
Protecting devices from malicious use is often a cat-and-mouse game between security researchers identifying software vulnerabilities (CVEs) and product-makers patching them before attackers can exploit them. As a result, devices can no longer be developed, shipped and forgotten. Instead, manufacturers must commit to keeping those devices up to date and free from critical vulnerabilities for …| www.thegoodpenguin.co.uk