Codasip Protects Memory With Cheri

Codasip has improved security against hackers by implementing the Cheri approach to memory protection in its new 700-Cheri licensable RISC-V application-CPU family. Although the subject of research for decades and a standard available to anyone, this is Cheri’s first appearance in a commercial product. It obviates the physical-memory-protection unit.

Developed most recently at Cambridge University, Cheri (pronounced like the fruit) stores metadata to enforce safe pointer usage, closing gaps through which attackers might take control of a computer; it resembles similar efforts by Arm and Intel. Its metadata doubles the size of all pointers (plus one extra tag bit). Address manipulation must proceed using dedicated Cheri instructions; attempts to bypass them will trigger an exception. The CPU can run in a fine-grained protected mode or relax to a course-grained mode if running legacy code that hasn’t been compiled for Cheri. Codasip currently has one Cheri CPU, the A730-Cheri.

Company president Karel Masařik founded Codasip in 2014. His background is in engineering, having worked on Codasip’s technology since 2006 at Aps Brno, a Czech tech company, prior to Codasip’s founding. CEO Ron Black has had prior CEO stints at Imagination Technologies, Rambus, MobiWire, and Upek (a maker of fingerprint security solutions). Codasip withheld funding information, although it received a recent round with the European Innovation Council.

Available today for early-access partners and with general availability scheduled for mid-2024, the 700 family includes Cheri and non-Cheri implementations; the latter include a memory-protection unit (MPU; called physical-memory protection, or PMP, in RISC-V circles) that can serve instead. But the PMP provides only coarse-grained protection, dealing with memory regions. Cheri deals with specific memory entries; depending on the PMP, Cheri may require less die area.