Wind River has ported VxWorks to the Arm Morello Board and the CHERI-QEMU simulator. The port includes the VxWorks real-time operating system (RTOS) itself, real-time process support (RTPs), the RTNET network stack as well as board support packages for Morello and QEMU. The RTOS port runs in pure capability mode, where all pointers are replaced with hardware-enforced capabilities. Unlike hybrid modes that mix traditional pointers with capabilities, purecap mode enforces that all memory accesses, code execution, and data references are constrained by capability metadata thus providing strong spatial and temporal memory safety for VxWorks and its applications.
VxWorks is the first commercial RTOS to support CHERI. The CHERI-enabled port of VxWorks enables Wind River customers to build a new class of secure connected device. Such a device is more secure by virtue of its CHERI-based hardware and software platform. A large class of security vulnerabilities caused by lack of memory safety are prevented by the CHERI-enabled version of VxWorks. Legacy software in which vulnerabilities exist, or are likely, may be reused with significantly reduced risk thus preserving large software investments without expensive security audits or memory-safe language rewrites.
Wind River continues to expand CHERI support across its product portfolio and to include RISC-V in addition to Arm. Work is underway to add support for Helix Virtualisation Platform (HVP) and VxWorks for CHERI on RISC-V.