Home>Technical Blog>Company News>The Good Penguin Awarded Funding to Establish a CHERI Tools and Software Hub
The Capable Hub
Updated on /

The Good Penguin Awarded Funding to Establish a CHERI Tools and Software Hub

Company News

We’re pleased to announce that The Good Penguin has recently been awarded funding from Innovate UK to establish and operate a CHERI tools and software hub.

What is CHERI?

CHERI, or Capability Hardware Enhanced RISC Instructions, is an open, formally proven set of microprocessor architectural extensions that add strong, fine-grained memory-safety guarantees to existing Instruction Set Architectures (ISAs) such as those offered by Arm and RISC-V. By replacing traditional pointers with hardware-enforced ‘capabilities‘ (pointers with bounds and permissions), whole classes of security vulnerabilities, including buffer overflows and use-after-frees, can no longer compromise confidentiality or integrity. Given that memory safety bugs account for 70% of security vulnerabilities, the use of CHERI technology can greatly improve security. For more information on CHERI see our previous blog posts or read this overview from the CHERI Alliance.

Some Engineering Effort Required

In order to take advantage of CHERI, software must be recompiled – fortunately, the vast majority of software doesn’t require modification. Research shows that around 0.026% of lines of code need changes, making CHERI highly appealing for improving memory-safety in existing codebases written in memory-unsafe languages such as C and C++. Some types of software, however, require more extensive work, such as language runtimes, toolchains, operating systems, and other low level components. In many cases though, the changes required can improve the quality of code even for non-CHERI builds.

Growing Technical Debt

To date the CHERI ecosystem has made substantial progress in porting a wide range of software to CHERI. For example, CheriBSD with its KDE-based desktop and 10,000 pre-built memory-safe packages, as well as Linux, seL4, FreeRTOS, Zephyr and more. CHERI-enabled hardware is also becoming increasingly more available, thanks to Arm’s Morello program, lowRISC’s Sonata board, Codasip’s X730 to name a few. There is also new silicon on the horizon with recent announcements from lowRISC, EnSilica and SCI.

However, much of the efforts to date have been focused on achieving specific project or research goals. This has been helpful in advancing the state of art or demonstrating feasibility, but it has also led to fragmentation, incomplete and out-of-date software (especially when project funding comes to an end). This creates friction for newcomers and makes it very difficult to build upon this existing base of software. Of course, the ideal home for this software is in the upstream projects where CHERI software has been forked from – but until software tooling and hardware is more readily available, it becomes a big ask for upstream maintainers to accept contributions relating to CHERI. Likewise, without a de-facto home for CHERI software that provides maintained and production ready software, commercial adoption will be limited.

Clearly a coordinated effort is needed to improve the availability, quality and upstream alignment of open-source software stacks and tools for CHERI, and thus the need for a hub is born.

Introducing The Capable Hub

To proactively solve these problems, The Good Penguin is pleased to announce that it has formed The Capable Hub, a not-for-profit, neutral, engineering organisation. The Capable Hub will deliver engineering effort for shared challenges, provide project infrastructure for project owners (including CI and hardware in loop testing), provide distribution for CHERI software for users (representing the ‘current state of art’) and support and champion open-source development for all.

The Capable Hub is initially funded by UKRI, though it will transition to self-sustainability through member funded activities, enhanced access to validation infrastructure, sponsorship and consultancy. Thus ensuring that the Capable Hub can continue to serve it’s long term mission.

Last month we talked about the need for a development hub in a talk we presented at the CHERITech’25 conference. You can watch our talk via YouTube or alternatively visit the CHERI Alliance’s conference page.

For more information please visit The Capable Hub’s website and be sure to follow its social media accounts for updates.

You may also like...

ISO 9001:2015

The Good Penguin achieves ISO 9001:2015 Certification

Map of The Good Penguin Ltd, Merlin House, Priory Drive, Langstone, Newport, Wales, NP18 2HJ, UK.

The Good Penguin opens an Office in Newport, Wales

In aid of Alzheimer's Society

Xmas Charity Fundraiser 2024

Embedded Linux Conference 2023

Embedded Linux Conference 2023

Popular Posts

Bridging the Gap: A Look at rpi-image-gen & rpi-sb-provisioner

FVP

Booting ARM without an ARM

HWCAP

Discovering CPU features from userspace with ELF_HWCAP

Lock

i.MX6 UL Bus Encryption Engine (BEE) in the Linux Kernel

Trustpilot

About Us

The Good Penguin is a provider of software solutions with focus on embedded devices and low level software.

Contact Us

Reach out to us to find out how we can assist you.
Contact Us

ISO 9001:2015 Certified

Copyright © 2020 - 2024 The Good Penguin Ltd. All rights reserved and all trademarks acknowledged. Registered in England and Wales with company number 12374667 and VAT number 341687879 (EORI: GB341687879000). D-U-N-S Number: 225587639. Registered office: The Good Penguin Ltd, Merlin House, Priory Drive, Langstone, Newport, Wales, NP18 2HJ, UK. All trademarks, logos and brand names are the property of their respective owners.
Vulnerability Disclosure PolicySoftware Company | Developed By Rara Theme. Powered by WordPress.