The Capability Hardware Extension to RISC-V for IoT (CHERIoT) platform was originally developed at Microsoft and is now part of an effort spanning multiple companies. It builds on top of CHERI to provide a solid foundation for secure embedded devices. CHERI provides referential integrity (pointers cannot be forged), spatial memory safety (pointers carry bounds that cannot be extended), call gates, and so on.
CHERIoT extends this with a complete platform providing deterministic use-after-free protection, a lightweight compartment model, lexically-scoped delegation of objects across compartment calls, and many more benefits.
The CHERIoT project comprises several repositories:
- The formal model of the CHERIoT ISA. This is used to build an executable simulator and to prove properties of both the ISA and of implementations.
- The CHERIoT RTOS, a clean-slate RTOS designed to take advantage of CHERIoT features. This provides the compartment model, a heap that can be safely shared across mutually distrusting compartments, and a host of other features.
- CHERIoT LLVM provides the toolchain for building the RTOS and other software that runs atop it.
- The CHERIoT Ibex, an area-optimised core that implements the ISA. This is very slightly larger than the Ibex with a 16-element Physical Memory Protection unit, yet provides object-granularity memory safety and scales to a number of compartments bounded only by available memory.
- The CHERIoT small and fast FPGA emulator platform. This provides a set of peripherals such as a UART and interrupt controllers that provide a minimal useful integration of the Ibex.
The CHERIoT dev container includes the toolchain, the simulator built from the formal model, and a verilator simulation of the Ibex. This can be used explicitly via Docker / Podman or by opening the RTOS repository in Visual Studio Code or another editor that supports dev containers.