CHERI OS-feature matrix
Operating systems can implement CHERI software features along several axes. This table captures key axes, and describes the maturity of those features for various OS projects. It is the intention that evolving Application Programming Interfaces (APIs) be similar or identical across operating systems, so as to support portable CHERI-enabled applications to the greatest extent possible. We will also aim to align design choices around OS Application Binary Interfaces (ABIs) where it makes sense, to permit similar arguments about security and more strongly aligned APIs, but also recognising and accepting existing design differences between the systems.
Note: Morello is experimental computer hardware, and all software available for it – firmware, compilers, operating systems, and applications – is also experimental. There is ongoing work to provide end-user documentation, as well as flesh out the set of software packages available, but it will take several years to complete development of the full and mature software system.
It is therefore expected that difficulties will be encountered, and there are several venues where you can seek support:
- For queries on CheriBSD, the CHERI protection model, and CHERI C/C++, you can join the CHERI-CPU Slack channel
- For queries relating to the evolving Morello Linux environment, please use the mailing lists outlined in this document
- For other general questions on Morello, please use the ARM Morello forum
Users of Morello boards are welcome to provide feedback on missing material and technical features, including missing software dependencies, although these may take time to resolve.
Operating Systems
CheriBSD (as of version 22.12)
CheriBSD is a research operating system adapted from the open-source FreeBSD OS, intended to explore and illustrate how CHERI architectural features can be used by a complete experimental software stack. Developed since around 2012, CheriBSD is compiled using the CHERI Clang/LLVM compiler suite and includes a spatially memory-safe UNIX kernel and spatially memory-safe userspace including over 8,000 memory-safe third-party packages available to install. CheriBSD is installed on a Morello board using a USB stick, and supports an easy-to-configure memory-safe desktop environment. Various research features remain in progress including a shipped library-compartmentalisation model, and experimental support for heap temporal memory safety and co-process compartmentalisation available from development branches. CheriBSD can be cross-built from Ubuntu, macOS, and FreeBSD, or self-hosted on CheriBSD running on a Morello board. Open-source contributions are welcome and very much appreciated, including new third-party application adaptations to CHERI. The next planned release is 23.06 in mid-2023, which will include temporal safety and a CHERI-enabled hypervisor. The project website is CheriBSD.org.
Morello Linux
Morello Linux is an Arm led research project begun in 2022, which aims to explore the application of memory safety in OS environments based around an experimental fork of the Linux kernel. The initial focus of Morello Linux is the implementation of a new pure capability kernel-user ABI, supported by development in C libraries (initially musl libc) and tooling (Morello LLVM). Associated community driven work on a Yocto framework for evolving userspace ports is also underway. The current status of the project is focused on building the environment and is actively seeking contributions to help enable and accelerate the work. Future integration releases aim to expand the scope of the existing implementation and introduce GNU/glibc tooling. For more details on status visit the morello-project.org homepage.
CHERI feature matrix
| Feature | CheriBSD | Morello Linux |
|---|---|---|
| USB stick installer image | Yes | Experimental |
| Runs on Arm Morello boards | Yes | Yes |
| Runs on Arm’s Fixed Virtual Platform (FVP) | Yes | Yes |
| Runs on QEMU-Morello | Yes | - |
| Kernel spatial safety | Yes | - |
| Kernel temporal safety | - | - |
| KGDB support for memory-safe kernels | Yes | -1 |
| KGDB support for memory-unsafe kernels | Yes | - (as above) |
| Userspace spatial safety (w/memory-unsafe kernel) | Yes | Yes |
| Userspace spatial safety (w/memory-safe kernel) | Yes | - |
| Userspace temporal safety | Experimental2 (caprevoke - partially in 22.12) | - |
| Debugger for memory-safe userspace | Yes | Yes |
| OS tracing for memory-unsafe userspace (ftrace, DTrace, eBPF, …) | Under development | Yes |
| OS tracing for memory-safe userspace (ftrace, DTrace, eBPF, …) | - | - |
| CHERI-enabled Type-2 hypervisor (kvm, bhyve, …) | Experimental2 (morello-bhyve) | Under development |
| Userspace memory-safety protection against kernel confused deputies | Yes | Under development |
| Kernel module compartmentalisation | Experimental (kernel-c18n) | - |
| Userspace library compartmentalisation | Experimental (released in 22.12) | - |
| Userspace co-process compartmentalisation | Experimental (cocalls) | - |
| Legacy package manager and prebuilt 64-bit packages | Yes (full set - roughly 24,000) | Yes |
| Memory-safe package manager and prebuilt packages | Yes (limited set - roughly 9,000) | - |
| Memory-safe desktop stack | Yes | - |