Jonathan GuerinFeb 7, 2023
Saar Amar
As promised - our new CHERIoT (CHERI-RV32E) microcontroller and software stack is now open-source! I'm very excited about this work. Scaling CHERI down to small cores could be a life-changer to the IoT and embedded ecosystems. 🧵​ https://aka.ms/cheriot-tech-report
Feb 6, 2023 at 4:23pmWeb
Show threadSaar AmarFeb 6, 2023
Unfortunately, these ecosystems are built upon a massive set of different codebases written in unsafe languages and often with zero mitigations. CHERIoT solves that! Get the new hardware, rebuild your codebase with the new toolchain, and get powerful security properties!

We encourage you to play with it yourself! As you can see in the tech report, we have deterministic mitigations for spatial and temporal safety! You can check that out in the memory-safety example (examples/08.memory_safety):
Show threadSaar AmarFeb 6, 2023
In addition, CHERIoT compartments add only a few words of memory overhead. Code can be shared between compartments so a JavaScript interpreter can be reused among many isolated compartments. Compartments communicate by calling functions that are explicitly exported from other compartments.
Show threadSaar AmarFeb 6, 2023
Adding compartment communication is easy as adding a function annotation! This makes it easy to retrofit compartmentalization to existing code.
Show threadSiguzaFeb 6, 2023
@amarsaar Vendors "rebuild your codebase with the new toolchain" challenge 2023 (IMPOSSIBLE!)