CHERI OS-feature matrix
Operating systems can implement CHERI software features along several axes. This table captures key axes, and describes the maturity of those features for various OS projects. It is the intention that evolving Application Programming Interfaces (APIs) be similar or identical across operating systems, so as to support portable CHERI-enabled applications to the greatest extent possible. We will also aim to align design choices around OS Application Binary Interfaces (ABIs) where it makes sense, to permit similar arguments about security and more strongly aligned APIs, but also recognising and accepting existing design differences between the systems.
Note: Morello is experimental computer hardware, and all software available for it – firmware, compilers, operating systems, and applications – is also experimental. There is ongoing work to provide end-user documentation, as well as flesh out the set of software packages available, but it will take several years to complete development of the full and mature software system.
It is therefore expected that difficulties will be encountered, and there are several venues where you can seek support:
- For queries on CheriBSD, the CHERI protection model, and CHERI C/C++, you can join the CHERI-CPU Slack channel
- For queries relating to the evolving Morello Linux environment, please use the mailing lists outlined in this document
- For other general questions on Morello, please use the ARM Morello forum
Users of Morello boards are welcome to provide feedback on missing material and technical features, including missing software dependencies, although these may take time to resolve.
Operating Systems
CheriBSD (as of version 23.11)
CheriBSD is a research operating system adapted from the open-source FreeBSD OS, intended to explore and illustrate how CHERI architectural features can be used by a complete experimental software stack. Developed since around 2012, CheriBSD is compiled using the CHERI Clang/LLVM compiler suite. CheriBSD supports multiple ABIs (the pure-capability ABI, the benchmark ABI and the hybrid ABI) that allow to evaluate security and performance properties of CHERI software stacks as well as to use third-party software that is not fully adapted to CHERI yet. CheriBSD includes a spatially memory-safe UNIX kernel, spatially memory-safe userspace including over 10,000 memory-safe third-party packages available to install and a heap temporal safety mechanism for userspace that is enabled by default. There are several compartmentalisation models actively developed for CheriBSD. The linker-based compartmentalisation model for userspace is included in the current release while more experimental co-process and kernel linker-based models are available in development branches. Other features include a memory-safe desktop environment, a CHERI-enabled hypervisor (bhyve) and alpha support for ZFS. CheriBSD is installed on a Morello board using a USB stick. The Getting Started with CheriBSD guide describes the installation steps and CheriBSD features in more details. CheriBSD can be cross-built from Ubuntu, macOS, and FreeBSD, or self-hosted on CheriBSD running on a Morello board. Open-source contributions are welcome and very much appreciated, including new third-party application adaptations to CHERI. The project website is CheriBSD.org.
Morello Linux
Morello Linux is an Arm led research project begun in 2022, which aims to explore the application of memory safety in OS environments based around an experimental fork of the Linux kernel. The initial focus of Morello Linux is the implementation of a new pure capability kernel-user ABI, supported by development in C libraries (initially musl libc) and tooling (Morello LLVM). Associated community driven work on a Yocto framework for evolving userspace ports is also underway. The current status of the project is focused on building the environment and is actively seeking contributions to help enable and accelerate the work. Future integration releases aim to expand the scope of the existing implementation and introduce GNU/glibc tooling. For more details on status visit the morello-project.org homepage.
CHERI feature matrix
| Feature | CheriBSD | Morello Linux |
|---|---|---|
| USB stick installer image | Yes | Experimental |
| Runs on Arm Morello boards | Yes | Yes |
| Runs on Arm’s Fixed Virtual Platform (FVP) | Yes | Yes |
| Runs on QEMU-Morello | Yes | - |
| Kernel spatial safety | Yes | - |
| Kernel temporal safety | - | - |
| KGDB support for memory-safe kernels | Yes | -1 |
| KGDB support for memory-unsafe kernels | Yes | - (as above) |
| Userspace spatial safety (w/memory-unsafe kernel) | Yes | Yes |
| Userspace spatial safety (w/memory-safe kernel) | Yes | - |
| Userspace temporal safety | Yes (released in 23.11) | - |
| Debugger for memory-safe userspace | Yes | Yes |
| OS tracing for memory-unsafe userspace (ftrace, DTrace, eBPF, …) | Under development | Yes |
| OS tracing for memory-safe userspace (ftrace, DTrace, eBPF, …) | - | - |
| CHERI-enabled Type-2 hypervisor (kvm, bhyve, …) | Experimental | Under development |
| Userspace memory-safety protection against kernel confused deputies | Yes | Under development |
| Userspace library compartmentalisation | Experimental (since 22.12) | - |
| Userspace co-process compartmentalisation | Experimental (cocalls) | - |
| Kernel module compartmentalisation | Experimental (kernel-c18n) | - |
| Legacy package manager and prebuilt 64-bit packages | Yes (full set - roughly 25,000) | Yes |
| Memory-safe package manager and prebuilt packages | Yes (limited set - roughly 10,000) | - |
| Benchmark package manager and prebuilt packages | Yes (limited set - roughly 10,000) | - |
| Memory-safe desktop stack | Yes | - |
-
While KGDB is not yet supported, debugging Morello Linux using Arm DS Morello Edition with a DStream probe is known to work. ↩