This document outlines the plan to ratify a RISC-V Specification, establishing a solid foundation and clear expectations for the entire specification development lifecycle. The timeline set here will serve as a reference to monitor progress and ensure milestones are met. Investing in a well-prepared plan promotes effective communication, enhances collaboration, and streamlines the process.
About
Specification Name: CHERI
Task Group: RVG-148 - Getting issue details... STATUS
Task Group Charter: https://github.com/riscv-admin/cheri-tg/blob/main/charter.adoc Charter
Spec Jira: RVS-2141 - Getting issue details... STATUS
Background
The goal of the CHERI TG is to define a capability-based security extension.
CHERI provides deterministic spatial and temporal memory safety, and low-cost scalable compartmentalization features and is a fundamental step forward in terms of security for the RISC-V ecosystem.
Building on over a decade of pioneering research by the University of Cambridge and SRI International, the CHERI technology has been implemented by Arm on the Morello 7nm SoC evaluation platform, and many processors have been developed by academia and the industry (Microsoft, Google, Codasip, lowRISC,…)
Overview
The CHERI extension adds a new data type to RISC-V: the CHERI capability. This can be thought of as a (2*XLEN+1)-bit pointer with bounds information, permissions (e.g. read/write), type information and a hardware-tracked validity tag. In combination with new instructions, this allows for fine-grained compartmentalization and memory safety.
When a core implements CHERI, the general purpose registers and CSRs that hold pointers (e.g. xtvec) are widened to capability size.
Stakeholders Identification
References: Active Groups and Specifications Under Development
We will work closely with the following groups to ensure the extension meets all requirements:
Security HC as well as Priv+Unpriv IC
CHERI SIG
psABI (to define the new pure-capability ABI)
Architectural Testing (to define a testsuite for CHERI-RISC-V)
Formal modelling (to upstream a CHERI-RISC-V Sail model)
Apps and Tools Software HC
SBI Specification
Design Considerations
The CHERI extension has been designed to be fully binary compatible with existing RISC-V code.
Proof-of-Concept and Tests
The CHERI specification has been validated in multiple operating systems:
CheriBSD (an adaptation of FreeBSD) is the most mature CHERI software ecosystem with a full graphical desktop stack and thousands of packages making full use of CHERI
Linux support is also available, but currently only runs a minimal userspace
Many embedded operating systems have been adapted: FreeRTOS, sel4, RTEMS, etc.
In addition to these operating systems, many thousands of open-source projects have been compiled for purecap CHERI and hundreds of patches have been upstreamed.
In terms of simulators and formal models, an CHERI extended versions of QEMU and Sail are openly available.
In terms of ISA tests, Codasip has an extensive test suite and Cambridge has create a differential testing framework that works with CHERI.
Software Ecosystem Impacts
Freeze Checklists
Select one of the options below (ISA or NON-ISA) and complete the table with the required information.
Key Milestones
To define you plan milestone dates, please use the https://tech.riscv.org/plan/.
Milestone | Date |
|---|---|
Plan Approval |
|
Internal Review Start |
|
ARC Review Freeze Request |
|
Freeze |
|
Public Review Start |
|
TSC Ratification Approval |
|
BoD Ratification Approval |
|
Additional Notes
