# **Project Sunburst:** An Open-Source CHERIoT SoC Top-Level and its Path to Market with Iceni



Dr. Gavin Ferris (IowRISC) Haydn Povey (SCI Semi)

2025-04-02



Funded by DSbD / UKRI - Grant Number: 107540

sunburst-project.org

## Memory safety - still an issue in 2025

- Microsoft: **70%** of the CVEs reported annually are memory safety issues<sup>1</sup>
- Cybercrime: **\$10.5tn** cost annually; up to **70%** of cybersecurity vulnerabilities related to memory safety<sup>2</sup>
- Crowdstrike: not malicious, but **\$5-6bn** damage from coding error linked to memory safety vulnerabilities
- Operational Technology / Information Technology: 50-70%
- Mitigations:

Issues: billions+ of lines of legacy code; encapsulation



- 1: <u>https://msrc.microsoft.com/blog/2019/07/a-proactive-approach-to-more-secure-code/</u>
- 2: https://aag-it.com/the-latest-cyber-crime-statistics/

## **Route to Market: CHERI for Embedded Systems**

- CHERI
  - Capability Hardware Enhanced RISC Instructions
  - Deterministic, fine-grained memory protection
  - Scalable compartmentalisation
  - Works with existing software
- CHERIoT
  - Microsoft built on Ibex<sup>®</sup> and added an RTOS for embedded use







### **IBEX + CHERI + RTOS = CHERIoT**



https://github.com/microsoft/CherloT-ibex



"This is truly important foundational work, as it will help make CHERIoT-Ibex the world's first production grade, opensource CHERI-enabled microcontroller core. We're looking forward to seeing it broadly leveraged in commercial designs, bringing much-needed hardware security — in an efficient manner — to a broad swathe of critical applications."

> Tony Chen Partner Security Architect, Microsoft

### **Route to Market: Sunburst Project Phase 1**

- Goal: Get CHERIoT into the hands of engineers
- Focused on enabling industry and academia to evaluate use of CHERIoT with the aim of driving commercial adoption
- Training events / Dissemination
- All outputs open source, under Apache 2.0 license



### Sunburst Project Phase 1: The Sonata Platform

UKRI / DSbD funded Project [Project Number - 107540]

**EPSRC and ESRC** 

- Open RTL for baseline CHERIoT-Ibex system + open firmware + open FPGA PCB
- 125 boards provided to leading commercial organisations and universities



### **Plus: Commercial Grade DV and Formal**

- Commercial level of verification for all the OpenTitan HW IP Blocks being used
- Additionally formal verification for CHERIoT Ibex (University of Oxford collaboration)
  - $\circ$  High level of confidence that the design complies with the Sail specification
  - Uses unbounded proofs



"We are delighted that our work has significantly helped to increase confidence in the commercial-grade quality of Microsoft's CHERIoT-Ibex core, driven by the development of a new Sail to Verilog compiler by our colleagues at the University of Cambridge, and demonstrated new methodology for RISC-V formal verification."

> Prof. Tom Melham & Louis-Emile Ploix University of Oxford

## Also: Enter the CHERI Alliance!













































### **Sunburst Project - Phase 2**

- Goal: achieve market availability for CHERI-enabled processors
- SCI Semiconductor invited to join project, 29 October 2024
- Aim to create a complete, open, CHERIoT-Ibex-based microcontroller top-level
  - With commercial-grade DV, documentation
- And leverage as basis of commercial offerings by SCI (with others enabled to follow)



### Sunburst Phase 2 Output: Sonata XL Boards

- More capable FPGA
- Will connect to OpenTitan Earl Grey open market parts
- Combining a Secure Root of Trust with CHERIoT
  - The perfect symphony
- Online orders from May





## Phase 2 Announcement: Sunburst-chip Repo!

### Sunburst Chip Block Diagram



| 위 main ▾ 위 8 Branches ♡    | Q Go to file                                   | t Add file 👻 <> Code 🗸              |  |
|----------------------------|------------------------------------------------|-------------------------------------|--|
| SamuelRiedel and marnovand | lermaas Add the JTAG IF to the tb $\checkmark$ | f94c59b · 6 hours ago 🕚 205 Commits |  |
| github/workflows           | Python environment fixup                       | yesterda                            |  |
| 🖿 hw                       | Add the JTAG IF to the tb                      | 6 hours ag                          |  |
| scratch_sw                 |                                                | 2 weeks ag                          |  |
| sw/device                  | Released on Git                                | Hub last wee                        |  |
| 🖿 util                     | today!                                         | 6 hours ag                          |  |
| 🗋 .clang-format            | Fully open sour                                | Ce last mont                        |  |
| 🗋 .gitignore               |                                                | (Apache2)                           |  |
| LICENSE                    | (//pd0//02)                                    | 7 months ag                         |  |
| README.md                  | Enable RV32E flag in Ibex                      | 8 hours ag                          |  |
| python-requirements.txt    | Python environment fixup                       | yesterda                            |  |
| sc-sim-dv-overview.svg     | Update README and add some diag                | grams last mont                     |  |
| 🖹 sc-tops.svg              | Update README and add some diag                | grams last mont                     |  |

- Allows rapid prototyping of CHERIOT SoC designs
- Full ASIC top level
- Highly verified
- Incorporates OpenTitan IP blocks
- SCI leveraging for Iceni...

### https://github.com/lowRISC/sunburst-chip

### Announcement: Unveiling Sunburst-chip!



https://github.com/lowRISC/sunburst-chip

## Now to Market! Iceni (leverages Sunburst-chip)

- Uses Sunburst Chip and the OpenTitan Hardware IP blocks
- More rapid prototyping and development
- High level of verification can be re-utilised



### The Pathway From Evaluation to Deployment Evaluation Platforms

- Evaluation on Sonata FPGA platform
  - CHERIOT & baseline peripherals
  - Available today at low cost (circa £330)
- Full system available on Sonata XL device in 2Q25
  - Enables full compatible development and evaluation
  - Full ICENI system bit file (ICENI #1 device)
- Initial Silicon 4Q 2025
  - Initial evaluation silicon (22nm Fmax = 300MHz)
  - High volume 1Q 2026
- Compiler & Debug
  - LLVM18 now released (Feb 2025)
  - Complete advanced compiler
  - LLDB in development



- CHERIOT RTOS, clean-slate least-privilege RTOS,
  - FreeRTOS compatibility layer enables FreeRTOS components in compartments easily.
  - Network stacks

### Roadmap

#### **Sonata Implementation**

- October '24
- Functional CHERIoT implementation
- Operating system port
- Customer & system exploration

#### Sonata XL Implementation

- May '25
- Functional ICENI implementation
- Native operating system
- Customer enablement

#### ICENI I

- Volume Production
- 300MHz (target)
- Low power design
- Peripheral rich technology

2025

#### 2026

#### Initial Tapeout (MPW)

- GF 22FDX implementation
- "Commercially Viable Device"
- Rich MCU functionality
- Baseline MPU equivalency
- Ecosystem Enablement

#### **ICENI Initial Silicon**

- DFT / DFM + fixes
- 300MHz (target)
- Low power design
- Peripheral rich technology

#### ICENI v2 Silicon

- Advanced performance variant
- DFT/DFM
- Float acceleration\*

#### ICENI II - 2<sup>nd</sup> Generation Family

### **ICENI Family Features**



### Variants

**Frequency Qualification** 

- 300MHz
- 240MHz
- 200MHz
- 120MHz
- 80MHz
- 40MHz

#### **Memory Variants**

MRAM 2MB / 1MB / 512KB / 256KB

SRAM 1MB / 512KB / 256KB / 128KB

## **ICENI** - Impacting the Industy



Significant Cost reduction Faster time to market

### Substantially higher frequency performance

- Resolving todays applications & delivering tomorrows performance
- Solves the requirement to move to Linux (thread separation)
- Substantially lower bill of materials (BoM)

### PinMux (Pin Multiplier) delivers pin compatibility

- Rapid evolution for existing systems
- Familiar device structures for new application development
- 1.8v system voltage (based on 22nm FDSOI process)

### Simplified software portability

- Simple recompile of C/ C++ will deliver all Memory Safe capabilities
- Fearless code reuse of GitHub or existing projects
- Limited effort to embrace Compartmentalisation technology

Better User Experience More powerful trust models and trust domains

## Conclusion: A Successful Path to Market

- Memory safety is critical: CHERIOT delivers it via hardware for embedded systems
- Sunburst phase 1 brought CHERIoT into the hands of many engineers (Sonata platform)
- Sunburst phase 2 has delivered an open-source SoC top-level (repo released today!)
- SCI's Iceni range of secure microcontrollers leveraging this, coming to market 2025
  - And our open repo enables others to rapidly follow Ο

