Arm Unveils the Morello Board, with Its First High-Performance High-Security CHERI-Enabled Chip

Arm has announced the first hardware to come out of its Morello program, an effort to implement the University of Cambridge and SRI International's Capability Hardware Enhanced RISC Instructions (CHERI) in hardware — as the Morello Evaluation Board.

The Morello program aims to prove that the CHERI architectural protection model — based on work begun back in 2010 — can offer measurable improvements in system security. "CHERI extends conventional processor Instruction-Set Architectures (ISAs) with architectural capabilities to enable fine-grained memory protection and highly scalable software compartmentalization," its creators explain. "CHERI's hybrid capability-system approach allows architectural capabilities to be integrated cleanly with contemporary RISC architectures and microarchitectures, as well as with MMU-based C/C++- language software stacks."

Arm has been working on CHERI since 2014, but launched the Morello program in 2019 as a five-year effort to bring the concepts out of the lab — and with this week's launch of the Morello Evaluation Board, it would appear to be right on track.

"Arm has designed and built a system on a chip (SoC) and demonstrator board which contains the first example of the Morello prototype architecture," explains Richard Grisenthwait, Arm Fellow and chief architect. "The Morello prototype boards are now being released, on schedule, and are ready for software developers and security specialists to start using the Morello architecture to demonstrate the enhanced security that can be achieved with hardware capabilities."

The "limited edition" development board has at its heart a system-on-chip based on Arm's existing Neoverse N1, a product line the company developed for cloud computing, running at 2.5GHz. To this, the company has added the CHERI extensions — meaning that every single load or store instruction that takes place has to be authorized by an architectural capability, providing protections missing from regular computer platforms.

"If the Morello program can demonstrate that CHERI meets the performance goals for real-world use then it is a game changer for security," opines Microsoft's Saar Amar, "deterministically preventing spatial safety vulnerabilities and (with software support) heap temporal safety bugs, dramatically reducing the set of bugs that become exploitable as for anything other than denial of service."

There's only one catch: Arm has no immediate plans to sell the Morello boards. Instead, its current crop will be provided to "software developers and security specialists" for testing and early development - with more information to be provided at a launch event on January 25.

Technical details on the Morello Evaluation Board are now available on Arm's community site.