I’m often asked why we decided to write a new RTOS for CHERIoT instead of using something that already existed, such as ThreadX, FreeRTOS, or Zephyr. The short answer is that CHERIoT is a hardware-software co-design project and retrofitting ground-up co-design is hard. This post is for people who want the long answer.| CHERIoT Platform
Back in October last year, I wrote a bit about why we wrote a new RTOS for CHERIoT. Reading that again, I realise that it had a lot of high-level concepts but missed out on some detail. This time, I wanted to take a closer look at some CHERIoT RTOS features to show that being able to rely on CHERI lets us build them in fundamentally different ways to other systems.| CHERIoT Platform
Welcome to the CHERIoT Platform, a hardware-software co-design project that provides game-changing security for embedded devices.| CHERIoT Platform
As of today, the Clang 20/LLVM 20 toolchain is available in the CHERIoT devcontainer. This follows on the heels of our recent releases of Clang 18/LLVM 18 and Clang 19/LLVM 19 in recent months.| CHERIoT Platform
Welcome to the CHERIoT Platform, a hardware-software co-design project that provides game-changing security for embedded devices.| CHERIoT Platform
This is a public draft of the CHERIoT Programmers' Guide.| cheriot.org
We’ve included a port of the Microvium embedded JavaScript runtime. We originally did this port even before we open sourced the CHERIoT project We haven’t talked about it much and that’s something of an omission, since it is quite a nice case study in supporting a managed language on a CHERI platform| CHERIoT Platform
The Cybersecurity and Infrastructure Security Agency (CISA) has identified memory safety vulnerabilities as a major cybersecurity risk 1, pointing to reports that 70% or more of security vulnerabilities were found to involve memory-safety issues. CHERIoT 2 is a new architecture that seeks to provide strong protection against many frequently exploited memory vulnerabilities. CHERIoT is based on using CHERI 3 capability hardware-extensions to a 32 bit RISC-V 4 platform to provide fine-grained s...| CHERIoT Platform
Over the past few months, I have had the opportunity to work with CHERIoT and Sonata in ways that have really pushed me as a developer. When I started this project, I knew that CHERI’s capability based memory model was something special, but I did not fully appreciate how much it would change the way I think about secure embedded systems. This has been more than just a technical challenge. It has been a genuine learning experience that has reshaped how I approach programming, security, and ...| CHERIoT Platform
If you’ve been following the news this weekend, you’ll have seen articles about a vulnerability (alleged to be an intentional backdoor) in ESP32 microcontrollers. The news is somewhat overhyped (the attacks probably require physical access) but it provides an opportunity to look at what we did in CHERIoT to eliminate this class of attack by construction.| CHERIoT Platform
This is a repost of something I wrote on LinkedIn a year and a half ago, but it turns out no one reads LinkedIn, so I’m reposting it here.| CHERIoT Platform
Sealing is one of the most important parts of CHERI because it enables usable compartmentalised interfaces. Sealing lets you build type-safe opaque types that are safe in the presence of mutual distrust and delegation. In the most recent updates to the compiler and RTOS, we’ve made this even more friendly for programmers.| CHERIoT Platform
There’s a recurring myth that CHERI and safe languages are solving the same problems and that, if you have one, you don’t need the other. When I joined the CHERI project in 2012, my primary motivation was producing hardware that enabled safe interoperability between languages, so I never felt that safe languages and CHERI were in tension. Quite the reverse: My work on CHERI was motivated by a desire to enable safe language adoption and the combination of CHERI and safe languages is far mo...| CHERIoT Platform
The CHERIoT compartment model is similar to an object-oriented model, where each compartment exposes a set of entry points (analogous to methods) that can be called by other compartments. This works well for compartmentalising a lot of libraries: just expose their public API as compartment entry points.| CHERIoT Platform
Before writing CHERIoT RTOS, we evaluated whether we could adapt an existing RTOS to a CHERI platform. Unfortunately, we found two things that made this hard. First, most existing RTOSs began life on platforms with no possible mechanism for isolation and where every byte mattered. This meant that they often lacked even software-engineering boundaries around components (for example, we found optional ThreadX components that directly manipulated internal data structures of the ThreadX scheduler...| CHERIoT Platform