
CHERI CVA6
CHERI CVA6: An open-source CHERI application core
CHERI is revolutionising CPU design by building security directly into hardware. Hardware capabilities enforce strong spatial and temporal memory safety, deterministically mitigating roughly 70% of software vulnerabilities through software recompilation. CHERI enables scalable software compartmentalisation to minimise privilege and contain compromise. CHERI CVA6 is an open-source RISC-V application core that runs CheriBSD, CHERI Linux, and CHERI seL4 stacks.
Zero Day Labs’ illustration of their modifications to add CHERI to CVA6, which form the basis for our implementation. - Bruno Sá, Donato Ferraro, José Martins, Everton Matos, Andrea Bastoni, Sandro Pinto "CHERI RISC-V: A Case Study on the CVA6" in RISC-V Summit Europe (June 2024)

Why now?
RISC-V International aims to ratify the Zcheri extension in late 2025: CHERI CVA6 will be the open-source application core reference design. CHERI CVA6 takes lessons from the CHERI research ecosystem – Arm’s Morello, Cambridge’s CHERI Toooba, and Microsoft’s CHERIoT – for a mature, future-proof implementation.
The path to CHERI CVA6
The CHERI CVA6 project will remove the biggest barrier to adoption by delivering a high-quality, permissively licensed SystemVerilog reference design, ready for commercial use. CVA6, from the Open Hardware Foundation, is a robust superscalar RISC-V core, with extensive community engagement, multiple tape-outs, and application OS support.
Based on an initial prototype CHERI CVA6 implementation by Zero Day Labs (see above), we are modifying the core by:
-
Supporting the standard features and instruction encodings, providing a reference implementation for the pending Zcheri standard;
-
Using formal and directed-random tools to improve assurance;
-
Optimising to hone down towards essential area and performance overheads;
-
Improving the memory subsystem support for tagged memory;
-
Ensuring support for a range of pure capability operating systems.
When can I use it?
By Q4 2025, a standards-compliant CHERI-enabled CVA6 design will be available, supporting CHERI-enabled OSes on Genesys2 FPGA boards and tested against the Sail golden model. This will lay the groundwork for industry-standard verification and further PPA optimisation.
How can I get involved?
Looking to integrate memory-safe processing into your SoC? Whether you want a ready-to-go CPU, reusable components, or a custom solution, Capabilities Limited is ready to help.
Repositories/Helpful links.
The RISC-V CHERI specification repository: https://github.com/riscv/riscv-cheri/
Our work in progress CVA6 fork, converging towards supporting the proposed RISC-V standard: https://github.com/Capabilities-Limited/cheri-cva6/tree/zcheri
CHERI Blossoms Talk
Talk page, including links to slide and video: https://cheri-alliance.org/events/speakers/jonathan-woodruff/
This project is in collaboration with other Open Hardware Foundation members.

