top of page
Abstract Shape

CheriBSD feature extraction, maturity, and testing

CheriBSD is an operating system developed by the University of Cambridge, SRI, and Capabilities Limited over the last fifteen years as part of the CHERI project. CheriBSD has been a key part of the hardware-software design used to create CHERI since the project’s inception. It is both a demonstration of what is possible with cleanly and tightly integrated CHERI support in a general-purpose OS, and also a “pattern” for how to integrate CHERI into other systems such as CHERI Linux. The CheriBSD design considers CHERI as a portable, architecture-neutral feature: It runs equally well on Arm’s Morello and arriving hardware implementing the new draft standard RV64Y from RISC-V International. Today, CheriBSD is a research operating system, but many of its CHERI-enabling features are already suitable for production use. Shipping CHERI support as part of FreeBSD will significantly reduce the risk of adopting CHERI vs attempting to base products on CheriBSD.

+

In this project we will extract the most production ready features from CheriBSD and upstream them to FreeBSD where they can more easily be incorporated into products supporting critical national infrastructure. Our goal is to upstream this functionality in time to ship it in the FreeBSD 16.0 release scheduled for December 2027, along with new test suites, engineering documentation, and other work to enable widespread use in the FreeBSD community.

A diagram showing extraction of changes from CheriBSD, merging into local branches maintained by Capabilities Limited followed by publication in CHERI Alliance repositories, submission to the FreeBSD review process, and final merging into FreeBSD

This project will reliably produce well engineered, open-source patches against the public FreeBSD software distribution.

  • Changes will be derived from the public SRI/Cambridge CheriBSD repo, which will continue to host, in the longer term, evolving research.

  • Production-quality versions of the changes will be pushed into a CHERI Alliance repo making them available for review, testing, and use.

  • We will then aim to upstream these to the FreeBSD Project where they will start to appear in FreeBSD releases, and be available for use by downstream products.

  • In some cases we will upstream self contained changes directly to FreeBSD rather than bundling them within the CHERI Alliance repository.

 

Beyond merging CHERI support to upstream FreeBSD, this project will improve the maturity of key CHERI-based features that are not quite ready to merge. In particular, we plan to improve the userspace component of heap temporal safety, replacing the malloc revocation shim (MRS) with revocation implemented directly in the allocator. This is expected to improve performance and allow for better optimization due the elimination of a layer of free lists which are decoupled from the allocator. We expect this work will bring us to the point where we can merge revocation. Likewise, we will integrate a current co-process compartmentalization prototype with the revocation system and explore new APIs for co-process creation and capability sharing. This will enable further exploration of co-process compartmentalization models in CheriBSD. We also plan to explore expanded use of sub-object bounds within userspace.

 

In the process of extracting patches and refining CHERI integration in CheriBSD and FreeBSD, we all also enhance existing test suites to cover a larger portion of CHERI C/C++ and POSIX than current test suites permit. This will involve improving the portability of the test suites as well as adding new tests.

 

We anticipate that FreeBSD 16 will be the first mainstream OS release to include support for CHERI out of the box.

bottom of page