The COSMIC Project Aims to Deliver a CHERI-Powered Open Source Secure Enclave for SoCs

Two members of the CHERI Alliance, lowRISC and Capabilities Limited working in partnership with the UK Department for Science, Innovation, and Technology (DSIT) and InnovateUK, have announced a three-year project to take the hardware-enforced memory-safety technology and apply it to a "commercial-quality" open source secure enclave system for application-class systems-on-chips (SoCs): COSMIC.

"The CHERI Alliance is thrilled to see two of its founding members unveil a new product leveraging CHERI security technology," says founding director Mike Eftimakis of the project's announcement. "As cyber threats skyrocket and regulations tighten at an unprecedented pace, manufacturers must embed rock-solid security in their products, now. COSMIC provides a solid base for this."

"At lowRISC, we believe strongly in our mission to make commercial open-source silicon real, and in security by openness, not obscurity," says lowRISC chief executive officer Javier Orensanz Martinez of the project. "It is fantastic that not only is this supported by commercial partners such as Google and Rivos, but also by funds from the UK government."

The CHERI Alliance is behind efforts to develop and deploy the Capability Hardware Enhanced RISC Instructions (CHERI), a technology which aims to add hardware-enforced memory safety to reduced instruction set computing (RISC) processors. It's the technology behind the OpenTitan project, a hardware root-of-trust system governed by lowRISC and commercially deployed in selected Google Chromebook devices; a development board dubbed Sonata was also developed under the Sunburst project.

The CHERI for Operational Safety in Memory-Isolated Cores (COSMIC) project aims to take the same core technology and create a commercial-quality open source secure enclave — a block which can be included in application-class system-on-chip designs to handle tasks like keyring management and authentication. This, the team behind it explains, will be based on a modified OpenTitan root-of-trust combined with a CVA6-CHERI core — and will operate fully independently of the rest of the system-on-chip.

The project is expected to run through to March 2028, with the first stage, which will include the release of an initial reference design under an open source license, to complete in March next year. More information is available on the COSMIC Project website.