For more than a decade, CHERI research has demonstrated that hardware enforced memory safety can eliminate entire classes of security vulnerabilities. Much of this work has taken place in simulators and FPGA platforms, enabling researchers and developers to experiment with capability based architectures before production hardware became available.
The CHERIoT project extends these principles to the world of microcontrollers and embedded systems. It combines a capability enhanced instruction set, a compartmentalised software model, and a security focused runtime environment designed specifically for resource constrained devices. Until recently, development has primarily taken place using software models and FPGA prototypes, including the CHERIoT SAFE FPGA platform and the Sonata development board.
This article marks an important milestone for the CHERIoT ecosystem: the arrival of the first silicon implementation. SCI Semiconductor’s ICENI chip demonstrates that CHERIoT is no longer only a research or prototyping platform. It is now a real microcontroller capable of running CHERIoT systems in production hardware, bringing capability based security and strong memory safety to the embedded world.
The following announcement from David Chisnall describes the ICENI development board, the architecture behind the chip, and what this step means for developers building secure embedded systems with CHERI.
Read the announcement from SCI Semiconductor here.