CHERI with a Linux on Top

Summary

By Jake EdgeSeptember 24, 2025 LSS EU The Capability Hardware Enhanced RISC Instructions (CHERI) project is a rethinking of computer architecture in order to improve system security. Carl Shaw gave a presentation at Linux Security Summit Europe (LSS EU) about CHERI and the efforts to get Linux running on it. He introduced capabilities, which are a mechanism for access control, and outlined their history, which goes back many decades at this point, then looked more specifically at the CHERI project and what it will take to apply the security constraints of capabilities to an operating system like Linux. Capabilities At its core, CHERI is about extending instruction-set architectures (ISAs) to add support for capabilities. A 1966 paper, "Programming Semantics for Multiprogrammed Computations", introduced the idea of capabilities, along with many of the ideas that would later underlie Unix. The paper had a strong focus on security and ensuring that computations did not interfere with each other; it generalized some ideas from earlier computers like Atlas, Rice Computer, and various Burroughs machines into what the authors called "capabilities". "Processes need to own capabilities to be able to do something on a system." A capability is a reference and a set of rights; "a capability is an access-control object". It was originally applied to memory, but the paper expanded the idea to cover I/O and other system resources. For memory, which he was focusing on for the talk, the reference is to a region of memory and the rights are permissions to read, write, and execute it. More formally, "a capability is an unforgeable, transferable token that authorizes the use of an object", he said. An object capability of that sort incorporates both a reference to the object and access rights for that object. The paper used a list of capabilities that a process had access to, which was called the "C-list". Each entry was a capability, with a reference to a memory segment and the permis...