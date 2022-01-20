Arm shipped a prototype CHERI-enabled Morello processor, SoC, and board, the first products coming from the security Morello research program that aims to make more secure hardware that will block certain common attacks. The first board prototypes are going to testing teams at Google, Microsoft, and other major stakeholders and partners across the industry and academia. The UKRI (UK Research and Innovation) Digital Security by Design (DSbD) initiative will distribute the first boards. (The UKRI funded the Morello Program, which Arm is heading up.) Arm worked with University of Cambridge to adapt its CHERI (Capability Hardware Enhanced RISC Instructions) architecture, which was developed with funding originally from DARPA and then from UKRI. SRI International and University of Cambridge both worked on the CHERI architecture and ISA — the idea behind CHERI was to create a hybrid capability architecture that codes a way to put permissions into the hardware architecture, in place of integer virtual addresses, to refer to data, code, and objects in protected ways. CHERI protects memory from some hacks. “Memory safety exploits are one of the longest standing and most challenging problems in all of software security,” said David Weston, director of enterprise and OS security, Microsoft in a press release. “Using core silicon architecture to eliminate whole classes of security issues with minimal performance impact has the opportunity to be transformative with massive positive impact, I am incredibly excited about the Morello project.” CHERI adds these architectural safety features into conventional MMU-based architectures and microarchitectures, with conventional software stacks based on virtual memory and C/C++, according to the CHERI web page. The Morello prototypes architecture is embedded into an Armv8.2-A processor, adapted from an Arm Neoverse N1 processor. The hardware is now available for testing.

