Department of Computer Science and Technology


The CHERI software stack on the Arm Morello Board

What is CHERI?

CHERI is a hardware-software protection model extending contemporay ISAs with support for fine-grained capabilities. CHERI enables fine-grained memory protection and scalable compartmentalization. Our early CHERI prototypes were based on the 64-bit MIPS ISA; more recently our research has been on 32-bit and 64-bit RISC-V. We have created multiple CHERI prototypes on FPGA using various microarchitectures, and also created a complete open-source CHERI software stack. This includes our CHERI Clang/LLVM/LLD toolchain and CHERI GDB debugger, and our CHERI-enabled adaptation of the FreeBSD operating system, CheriBSD, and demonstration applications such as nginx, OpenSSH, and WebKit. Our technical report An Introduction to CHERI is a high-level summary of our work on CHERI architecture, microarchitecture, formal modeling, and software.

What is Morello?

Arm's Morello is a multi-Ghz, multi-core experimental CHERI-extended ARMv8-A CPU, System-on-Chip (SoC), and board. Morello is being created at part of UKRI's Digital Security by Design (DSbD) research programme as a collaboration between Arm and the University of Cambridge. We are providing a full adapation of our CHERI software stack to Morello. The current expected ship date is November 2021.

CHERI software releases for Morello

The Arm Morello FVP model was released on 29 October 2020, and we have provided an initial CheriBSD Morello Developer Preview. We aim to release further quarterly updates to CheriBSD and its application stack roughly quarterly. Our release plans and feature goals for CheriBSD/Morello are as follows:

Date Release Key features
October 2020 Developer Preview CheriABI pure-capability userspace implementing spatial memory safety. Binaries are dynamically linked. Third-party applications are compiled to legacy aarch64.

Note: Released from a dedicated development branch.
Q1 2021 Update 1 Pure-capability kernel implementing spatial memory safety.

Note: To be released from the common CheriBSD branch.
Q2 2021 Update 2 Userspace heap temporal memory safety based on Cornucopia.
Q3 2021 Update 3 Userspace software compartmentalization based on the CHERI co-process model
Q4 2021 Update 4 Userspace software compartmentalization based on a run-time linker model
Early 2022 Release 1 Any updates required to operate well on the shipping Morello board.

Getting started with the CHERI software stack on Morello

The CHERI software stack for Morello consists of:

  • CheriBSD/Morello operating system and applications
  • Arm's adaptation of the CHERI Clang/LLVM/LLD GDB toolsuite for Morello, bundled as an SDK with cross-build and cross-debug from FreeBSD, Linux, and macOS
  • Docker development environment providing cross-compiler, cross-debugger, and target libraries for CheriBSD/Morello.

Visit our CheriBSD/Morello distribution site to get stated.

CHERI-WebKit on Morello

In collaboration with Arm, we have developed a port of the WebKit browser engine for Morello. Support so far includes multiple optimization tiers of WebKit's JavaScript runtime, including the baseline JIT compiler. This work will facilitate measurements of CHERI's performance impact and security properties for a modern virtual machine.

Support for the CHERI software stack on Morello

Arm Morello FVP support

For support with Arm's Morello FVP simulator, please visit the Arm Morello developer page.

CHERI mailing list

For assistance and more general CHERI discussion by email, please join our CHERI mailing list.


We have a public Slack for CHERI discussions,, which you are welcome to join. This is the best way to get quick help with a build problem, ask questions, or discuss CHERI/Morello and its potential aplications. Please email [Javascript required] to request an invitation.