Digital Catapult today announced a new Technology Access Programme (TAP) that covers CHERIoT. The Digital Security by Design (DSbD) TAPs are intended to help companies prototype on CHERI systems, to build the CHERI ecosystem. Prior TAPs have been restricted to Arm’s Morello prototype system. This is the first that allows participants to build on CHERIoT.

The programme will provide lowRISC’s excellent Sonata board to participants (these are also now available to buy). This board makes it incredibly easy to get started with CHERIoT. We’ve previously shown that you can go from a standing start to running CHERIoT code in two minutes with Sonata:

The basic environment gives you spatial and temporal memory safety out of the box, a privilege-separated RTOS, and a very easy mechanism for splitting your code into isolated compartments with fine-grained sharing. You can try the compartmentalisation exercise to see how easy it is to define compartment boundaries for fault isolation, protecting secrets, or mitigating compromises. This exercise works in the simulator (you can even run it in a GitHub Code Space if you deploy one from here) and on Sonata.

The CHERIoT prototype compartmentalised network stack runs on Sonata. Between the compartmentalisation strategy employed and the foundational properties of the CHERIoT ISA, this provides a system where most bugs in the TCP/IP stack have little or no security impact.

Combined with Sonata’s range of I/O facilities, this gives an excellent prototyping platform for secure IoT systems. Anything that runs on Sonata should then be easy to port to SCI Semiconductor’s ICENI devices next year for commercial deployment at scale.

If you have a commercial IoT product that you want to be able to easily support in production for 10+ years, this TAP is a great way for you to explore how CHERIoT can help.

If you’re considering participating in this TAP, and have any questions about the CHERIoT Platform, please don’t hesitate to ask them in GitHub Discussions or our public Signal chat.