University of Cambridge researchers have been developing the Capability Hardware Enhanced RISC Instructions (CHERI) architectural model for over a decade. Today, Arm has announced that it has made available the first hardware integrating an Arm-based SoC with the CHERI architecture, a major milestone in its five year Morello program. Hardware is making its way to stakeholders such as Microsoft and Google. Arm has worked closely with Cambridge researchers to ready a 64-bit Armv8-A powered SBC to allow testing of its purported "significantly improved" hardware enhanced device security.
It is hard to deny that more effort needs to be put into device security as so many big breaking technology news stories concern hacks, breaches, and digital theft of some kind or other. The introduction paragraph of the announcement can give you some solace that brains at both the University of Cambridge and Arm have been planning a new architecture carefully, to deploy in Arm-based SoCs to slam shut doors that might allow hackers in, particularly with a view to memory access. More than two thirds of vulnerabilities addressed through patches concern memory safety issues, according to Microsoft and Google research.
Central to the Morello program are the Arm based SoC and demonstrator boards that are being released to partners like Microsoft and Google, as well as interested partners across the industry and academia via the UKRI Digital Security by Design (DSbD) initiative. More information about the distribution of these boards will be released by Innovate UK at a launch webinar on January 25.
SoC Is Based on the Arm Neoverse N1
Another blog post by Arm today provides a deep dive on the tech behind the Morello Technology Demonstrator. It is revealed that the prototype architecture is an extension of Armv8.2a 64-bit. This tweaked architecture allows for fine-grained memory protection and highly scalable software compartmentalization thanks to CHERI.
The Morello's SoC is based on the Arm Neoverse N1 two-cluster quad-core design built on TMSC N7. Arm says that it met the CHERI integration goal to satisfy its own timelines, and some more could be done in optimizing for power and performance, but it is happy for the milestone hardware to be running at 2.5GHz for the sake of this demo. Many Neoverse features stay, like the SCP (System Control Processor), MCP (Manageability Control Processor), Mali GPU, Mali DPU and so on.
The Morello SBC is graced with essentials such as DDR DRAM, and PCIe, plus Arm's ULINK-Plus debug adapter to allow the most thorough testing.
Arm's limited edition Morello prototype boards are a major milestone in the Morello program and software developers and security researchers are being given the next two years to check out the SoC and board capabilities, and collaboratively provide feedback about its qualities. If all goes well, and as planned, the Morello program will give birth to a new line of Arm SoCs which form a fundamental secure design for devices of tomorrow.