Codasip has put support for a set of instruction extensions intended to secure memory into its RISC-V core designs. The company claims it is the first commercial offering of the technology which was developed initially for MIPS64 before proceeding for close to a decade as technology aimed at Arm cores.
When the team at the University of Cambridge and California-based SRI International first devised the Capability Hardware Enhanced RISC Instructions (CHERI), the intended host architecture was MIPS64 . But since then, Arm has helped the research proceed by designing a v8-based prototype processor and providing a hardware implementation to R&D teams through its Morello board. More recently, the University of Cambridge team started work on a RISC-V implementation of the extensions. Arm has yet to launch a commercial core that incorporates CHERI. However, in 2022, the UK’s Digital Catapult set up a program to encourage industrial partners to work on CHERI-augmented applications and firmware that provides Morello boards to developers.
Borrowing from concepts developed in the late-1960s and which were used in some of the Intel processor architectures, CHERI uses the concept of capabilities to let the processor check whether requests to access memory are legitimate or should be blocked. As memory exploits represent more than two-thirds of the vulnerabilities compiled by the Common Vulnerabilities and Exposures (CVE) program over the past two decades, proponents see CHERI as an effective tool to help block them.
“The CHERI memory-protection features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities,” said Robert NM Watson, professor of systems, security, and architecture at the University of Cambridge.
Codasip said it is also delivering a full software development flow to add memory protection based on CHERI. Some protection can be added through recompilation though better protection for C, C++ and other languages can be provided by code changes.