

# Everything in this talk is open source



The ISA specification: https://github.com/microsoft/cheriot-sail



The reference core: <a href="https://github.com/microsoft/cheriot-ibex">https://github.com/microsoft/cheriot-ibex</a>



The embedded OS:

https://github.com/microsoft/cheriot-rtos



The compiler (cheriot branch):

https://github.com/CTSRD-CHERI/llvm-project/

# IoT

The 'S' stands for security

## Motivation – IoT and embedded





The IoT ecosystem:

Includes diverse codebases

Mostly unsafe C/C++

Mitigations are rare

### Rewriting has challenges:

Expensive

Talent shortage

# Much embedded code is intrinsically unsafe





# Starting point: CHERI on 64-bit systems

- Hardware knows about pointers
- Pointers can't be created from thin air
- Pointers carry bounds
- Pointers carry permissions

All memory access instructions require a valid pointer operand

# Sealing gives unforgeable opaque tokens



# CHERIoT shrinks metadata to 32 bits

| Bounds      | <ul> <li>No guaranteed out-of-bounds range</li> </ul>                                          |
|-------------|------------------------------------------------------------------------------------------------|
| Sealing     | <ul> <li>Only 3 bits of sealing type</li> <li>Separate code and data sealing spaces</li> </ul> |
| Permissions | <ul> <li>12 permissions in 6 bits</li> </ul>                                                   |

# And we add things

| Transitive permissions                           | <ul> <li>Permit-load-mutable, deep immutability</li> <li>Permit-load-global, deep no-capture</li> </ul> |
|--------------------------------------------------|---------------------------------------------------------------------------------------------------------|
|                                                  |                                                                                                         |
| Interrupt control via function pointers          | <ul> <li>Jumping to these enables / disables interrupts</li> </ul>                                      |
|                                                  |                                                                                                         |
| Temporal safety via a hardware revocation bitmap | <ul> <li>1 bit per 8 bytes in a separate SRAM bank</li> </ul>                                           |

## Hardware load barrier adds temporal safety

- Load pointer computes the base address
- Looks up the corresponding revocation bit
- Invalidates the pointer if the memory is freed

```
void *x = malloc(42);
// Print the allocated value:
Debug::log("Allocated: {}", x);
free(x);
// Print the dangling pointer
Debug::log("Use after free: {}", x);
```

Valid bit cleared, *any* attempt to use as a pointer will trap

Allocating compartment: Allocated: 0x80005900 (v:1 0x80005900-0x80005930 l:0x30 o:0x0 p: G RWcgm- -- ---) Allocating compartment: Use after free: 0x80005900 (v:0 0x80005900-0x80005930 l:0x30 o:0x0 p: G RWcgm- -- ---)

## Baseline security guarantees



The system can assume these for building higherlevel abstractions.

# Compartments are code and data



Program Counter (read/execute)

Global Pointer (read/write/global)

# Compartments are code and data and exports



# Compartments are code and data and exports











## Security guarantees across compartments

# No sharing except via explicit pointer passing

Pointers from the caller may prevent modification or capture

## Trusted (privilegeseparated) components

#### Loader

- Has full access to all memory
- Not needed if flash can store tags

#### Switcher

- Can see state from multiple threads and compartments
- Has access to a reserved register
- Around 300 instructions

#### Scheduler

- Trusted for availability
- No access to suspended thread state (registers or stack)

#### Memory allocator (optional)

• Sets bounds / revocation state on allocations

## What can we statically audit?





# Backup

## Most codebases require very few changes

### Microvium embedded JavaScript interpreter

• No changes

#### TPM reference stack

- No changes for memory safety
- Small changes (<10LoC) for RISC-V
- One line changed to run in a compartment

#### FreeRTOS network stack

- No changes for memory safety
- Annotations for crosscompartment calls
- Explicit sealing and unsealing
- Small changes (~100 LoC) to run without disabling interrupts for mutual exclusion

#### mBedTLS

- No changes for memory safety
- Small changes for compartmentalisation

# Add compartmentalization to C/C++

// Declaration adds an attribute to indicate
// the compartment containing the implementation
void \_\_attribute\_\_((cheri\_compartment("kv\_store\_sdk")))
publish(char \*key, uint8\_t \*buffer, size\_t size);

// Call site looks like normal C. // Compiled to a direct call in compartments build with // -cheri-compartment=kv\_store\_sdk // Compiled to a cross-domain call in all other cases. uint8\_t buffer[BUFFER\_SIZE]; publish("key\_id", buffer, sizeof(buffer));