top of page
Abstract Shape

CHERI CVA6

CHERI CVA6: An open-source CHERI application core

CHERI is revolutionising CPU design by building security directly into hardware. Hardware capabilities enforce strong spatial and temporal memory safety, deterministically mitigating roughly 70% of software vulnerabilities through software recompilation. CHERI enables scalable software compartmentalisation to minimise privilege and contain compromise. CHERI CVA6 is an open-source RISC-V application core that runs CheriBSD, CHERI Linux, and CHERI seL4 stacks.

Zero Day Labs’ illustration of their modifications to add CHERI to CVA6, which form the basis for our implementation. - Bruno Sá, Donato Ferraro, José Martins, Everton Matos, Andrea Bastoni, Sandro Pinto "CHERI RISC-V: A Case Study on the CVA6" in RISC-V Summit Europe (June 2024)

image.png

Why now?

RISC-V International aims to ratify the Zcheri extension in late 2025: CHERI CVA6 will be the open-source application core reference design. CHERI CVA6 takes lessons from the CHERI research ecosystem – Arm’s Morello, Cambridge’s CHERI Toooba, and Microsoft’s CHERIoT – for a mature, future-proof implementation.

 

The path to CHERI CVA6

The CHERI CVA6 project will remove the biggest barrier to adoption by delivering a high-quality, permissively licensed SystemVerilog reference design, ready for commercial use. CVA6, from the Open Hardware Foundation, is a robust superscalar RISC-V core, with extensive community engagement, multiple tape-outs, and application OS support.

 

Based on an initial prototype CHERI CVA6 implementation by Zero Day Labs (see above), we are modifying the core by:

  • Supporting the standard features and instruction encodings, providing a reference implementation for the pending Zcheri standard;

  • Using formal and directed-random tools to improve assurance;

  • Optimising to hone down towards essential area and performance overheads;

  • Improving the memory subsystem support for tagged memory;

  • Ensuring support for a range of pure capability operating systems.

 

When can I use it?

By Q4 2025, a standards-compliant CHERI-enabled CVA6 design will be available, supporting CHERI-enabled OSes on Genesys2 FPGA boards and tested against the Sail golden model. This will lay the groundwork for industry-standard verification and further PPA optimisation.

 

How can I get involved?

Looking to integrate memory-safe processing into your SoC? Whether you want a ready-to-go CPU, reusable components, or a custom solution, Capabilities Limited is ready to help.

 

Repositories/Helpful links.

The RISC-V CHERI specification repository: https://github.com/riscv/riscv-cheri/

Our work in progress CVA6 fork, converging towards supporting the proposed RISC-V standard: https://github.com/Capabilities-Limited/cheri-cva6/tree/zcheri

 

CHERI Blossoms Talk

Talk page, including links to slide and video: https://cheri-alliance.org/events/speakers/jonathan-woodruff/

 

This project is in collaboration with other Open Hardware Foundation members.

openhw.png
cherilogo.png
bottom of page