At the University of Birmingham, in the Centre for Cyber Security and Privacy, we have over 15 years of combined experience working on the CHERI (Capability Hardware Enhanced RISC Instructions) architectures. Over the years, we have made multiple contributions to the development of CHERI, with a particular focus on confidential computing and trusted execution. One of the domains where these advances can have significant impact is real-time operating systems (RTOS), which are widely used in embedded systems and IoT devices.
The Zephyr RTOS is one such system that is integrated into many real-world products, ranging from e-scooters to wind turbines. A major benefit of Zephyr is its modular and platform-independent nature, making it easy to move applications onto new processor generations. However, being written in the C programming language, this operating system has suffered from many security vulnerabilities due to lack of memory safety.
To address this, we propose a new project, CHERI-Zephyr++, were we focus on this important issue by adding architecture support to Zephyr for memory-safe CHERI-enabled RISC-V processors. Within this project will explore advanced CHERI features and beneficial practical applications such as those relevant to Critical National Infrastructure.
Through the CHERI Alliance and the CHERI Distribution Centre, our software will be available as open source to maximise practical uptake and minimise friction for software developers, with the ultimate goal to upstream CHERI-support into the main Zephyr tree.
On completion of the project, we aim that CHERI-Zephyr will be the go-to solution for embedded products requiring strong security and safety guarantees.