References:
Blog: https://msrc-blog.microsoft.com/2022/09/06/whats-the-smallest-variety-of-cheri/
News 202302: https://www.microsoft.com/en-us/research/publication/cheriot-rethinking-security-for-low-cost-embedded-systems/
Whitepaper: https://www.microsoft.com/en-us/research/uploads/prod/2023/02/cheriot-63e11a4f1e629.pdf
Smallest CHERI (Portmeirion Project)
Based on ibex.
cite: https://github.com/Microsoft/cheriot-ibex
RV32IMCB + CHERI.
Either with 2-stage or 3-stage pipeline, configurable.
Passed FPGA validation, and undergoing synthesization and PPA analysis (as of 20230204, commit)
CHERI-ibex ISA: 30+ instructions, including:
cgetaddr, cgetbase, cgetlen, cgetperm, cgettag, cgettop, cgettype, ctestsubset, csetequalexact, csubauicgp, auipcc, candperm, ccleartag, cincaddr, cincaddrimm, cmove, cram, crrl, csetaddr, csetbounds, csetboundsexact, csetboundsimm, cseal, cunsealclc, csccjal, cjalraccess special cap registers (SCR): cspecailrw
compressed instructions are extended for capabilities:
c.ld reused for c.clcc.sd reused for c.cscCheri-Ibex: cheri_regfile.sv, configurable number of general purpose registers -> CherIoT Capabilities.
Cheri-Ibex:
data bus 33-bit, MSB 1-bit is used as a valid tag to differentiate between capabilities and normal integer data.
modified LSU to support atomic capability load/store transactions.
CSRs defined in rtl/ibex_cs_registers.sv
Newly added as in iot spec:
mtvecFor debug support:
when cheri_pmode_i=1, CHERIoT instructions can still execute, however all access rules are disabled and any binary code generated by non-Cheri RV32 compilers can run unmodified in cheri-ibex.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?