Cheriette

Cheriette is a CHERI operating system designed from the ground up. It is designed to run as a multikernel, and is designed to support multiple architectures.

The current target architectures are CHERI RISC-V and ARM Morello CHERI AArch64. Development is currently focused on the ARM Morello target, due to the availabiltiy of the ARM Morello SoC, and the quality of the Morello FVP.

Following in the footsteps of prior CHERI operating systems like CheriOS and CompartOS, Cheriette is a purecap CHERI OS that offers fine-grained compartmentalization of both unprivileged and privileged code. Due to the structure of Cheriette, Cheriette does away with the concept of a Kernel almost entirely, and splits what used to be the Kernel into compartments that are isolated, entered, and executed just like unprivileged compartments.

To explain the “absence” of a kernel, take the example of how an interupt is handled in Cheriette: The initial few instructions of exception vectors is still executed in a privilged mode, but is only responsible for protecting the data of the interrupted task, and then securely switching to a less privilged router as quickly as possible. The router then calls the exception handler in an unprivileged context.