Skip to content
@cheri-linux

cheri-linux

Whitepaper

Here is our whitepaper on cherifying Linux:

Linux CHERI RISCV project

Capability Hardware Enhanced RISC Instructions (CHERI) is an extension to the Instruction Set Architecture aiming to provide hardware assisted memory safety to improve memory protection of unsafe languages like C. CHERI has been developed by the researchers from Cambridge University. Researchers from Cambridge university were focusing on FreeBSD like operating system.

Broad information about CHERI can be found here:

This port of Linux to the CHERI (RISC-V) was developed to validate the performance and security properties of CHERI also for Linux, which is the most used OS kernel today, especially in consumer and cloud. The CHERIfication of Linux, primarily involved two main endeavors: The first was to support user-space programs and daemons compiled with CHERI. In order to achieve this, programs needed to be loaded with the awareness that they were compiled with CHERI support --- requiring necessary changes in the program loader, acting on changes in the ELF format. The changes were needed to manage the capability-formatting of environment variables for the program. Also, the scheduler and exception handler in the kernel needed to be made CHERI-aware, i.e. to know whether a user-space process is CHERIfied or not, since register stores and restore have to account for whether capability registers need to be saved and restored during scheduling. The second endeavor was to compile the kernel proper with CHERI memory protection, i.e. to let CHERI capabilities guard the memory allocations within the kernel. The current state of this part of the CHERIfication covers only the main kernel, its memory management code, its bootstrap for RISC-V and selected drivers (filesystem, network) that have been used for validation in QEMU and on FPGAs. This part of the work mostly included fixes for pointer (capability) provenance, i.e. to modify casts from integers to pointers which in most architectures can be done, but in CHERI, the address must be accompanied with the range of the reference turning the pointer into a capability. A few instances where kernel code modified in this way actually turned out to reference memory addresses beyond the allocation (mostly different optimizations) where also corrected.

This open-source repository contains our CHERI-modifications to a number of different existing projects around the Linux kernel and its run-time. The project is complete enough to run the Linux kernel with a small run-time on top of the emulated QEMU RISC-V CHERI emulator, and necessary scripting (buildroot) is included to showcase this. We hope the research, CHERI and Linux communities can leverage this work for further evolving CHERI towards the fully functional, deployed secure computing architecture it deserves to become.

This set of projects are dedicated to CHERI support Linux. The current focus was on RISCV architecture, but not limited to.

Building and running

CHERI Linux port uses buildroot tool to generate Linux system images and CHERI RISCV QEMU emulator to run them.

How to build and run:

  1. Clone CHERI linux buildroot
git clone https://github.com/cheri-linux/buildroot.git
cd buildroot
  1. Configure build system
make O=riscv64cheri qemu_riscv64cheri_musl_defconfig
cd riscv64cheri
make O=riscv64cheri qemu_riscv64cheripc_musl_defconfig
cd riscv64cheri
make O=riscv64cheri qemu_riscv64cheri_glibc_defconfig
cd riscv64cheri
  1. Build the system
make -j12

Buildroot build system will build CHERI LLVM toolchain, QEMU, GDB, Linux kernel, BBL, MUSL libc, busybox, openssh and openssl.

  1. Run QEMU
make run

It uses script build/run128_riscv.sh to run QEMU. Every image needed to run QEMU can be seen from the script.

  1. Login

After system is booted, normal logging prompt is displayed. Use 'root' username without password.

It is also possible login via SSH to the port 7777 (non-CHERI SSH) and 7778 (CHERI SSH).

ssh -p 7777 root@localhost
ssh -p 7778 root@localhost

Pinned Loading

  1. buildroot buildroot Public

    Makefile 1

  2. linux linux Public

    C 1 1

  3. musl musl Public

    C

Repositories

Showing 10 of 14 repositories
  • .github Public
    cheri-linux/.github’s past year of commit activity
    0 0 0 0 Updated Dec 4, 2023
  • buildroot Public
    cheri-linux/buildroot’s past year of commit activity
    Makefile 1 0 0 0 Updated Sep 28, 2022
  • linux Public
    cheri-linux/linux’s past year of commit activity
    C 1 1 0 0 Updated Sep 21, 2022
  • cheri-linux/juliet-test-suite-c’s past year of commit activity
    1 0 0 0 Updated Sep 13, 2022
  • glibc Public
    cheri-linux/glibc’s past year of commit activity
    C 0 GPL-2.0 0 0 0 Updated Sep 12, 2022
  • gdb Public
    cheri-linux/gdb’s past year of commit activity
    C 0 GPL-2.0 0 0 0 Updated Sep 12, 2022
  • systemd Public
    cheri-linux/systemd’s past year of commit activity
    C 0 GPL-2.0 0 0 0 Updated Sep 12, 2022
  • dbus Public
    cheri-linux/dbus’s past year of commit activity
    C 0 0 0 0 Updated Sep 12, 2022
  • musl Public
    cheri-linux/musl’s past year of commit activity
    C 0 0 0 0 Updated Jun 28, 2022
  • llvm-project Public
    cheri-linux/llvm-project’s past year of commit activity
    0 0 0 0 Updated Jun 23, 2022

Top languages

Loading…

Most used topics

Loading…