CheriOS is a minimal microkernel that demonstrates "clean-slate" CHERI memory protection and object capabilities.
CheriOS-microkernel is still in a very early state.
- The code is not well documented
- It lacks several security checks/actions (thus the model is not secure yet)
- Expect races, non-recovery on error, ...
You need a Cheri SDK (LLVM and Clang) to build CheriOS.
256-bit Cheri SDK works out of the box. 128-bit Cheri SDK is not officially supported yet (it works with minor tweaks).
The following snipset will build CheriOS for a 256-bit SDK targetting cheri-qemu (defaults).
$ git clone https://github.com/CTSRD-CHERI/cherios.git cherios
$ cd cherios
$ ./build.shCheriOS can run on:
- cheri-qemu
- the CHERI fpga model
- the CHERI l3 simulator
The target can be choosen by setting xxx in CMakelists.txt
The following snipset shows how to run CheriOS on cheri-qemu:
$ dd if=/dev/zero of=disk.img bs=1M count=1
$ qemu-system-cheri -M malta -kernel cherios.elf -nographic -no-reboot -m 2048 \
-drive if=none,file=disk.img,id=drv,format=raw -device virtio-blk-device,drive=drvCheriOS code is organized as follow:
- kernel: kernel (the interesting part)
- boot: boot code
- fatfs: simple FAT filesystem module
- hello: Hello World module
- include: generic includes used by several modules
- ldscripts: link scripts user by modules
- libuser: all modules are linked againt it. Provides several libc function as well as cherios-related functions
- memmgt: provides the system-wide mmap
- namespace: provides a directory of registered activations
- prga: test program
- socket: module providing a minimalistic implementation of sockets
- uart: module providing print services
- virtio-blk: VirtIO over MMIO module
- zlib: zlib module
- zlib_test: test/benchmark for the zlib module