Arm-based SoC and demo board are available to test Morello
To test the Morello architecture, developed by Arm and the University of Cambridge, Arm has designed and developed an SoC and demonstrator board which contains the first example of the prototype architecture.
The Morello programme has been a research initiative by a consortium led by Arm to design a new, inherently more secure, Arm-based computing platform. Arm has been collaborating with the University of Cambridge for several years on its CHERI Capability Hardware Enhanced RISC Instructions) architecture, which defines hardware capabilities that would provide a fundamentally more secure building block for software.
The CHERI architectural extensions are designed to mitigate memory safety vulnerabilities, or software defects that are exploited by hackers to take control of a device or system – at a hardware level. CHERI augments pointers (the variables in computer code that reference where data is stored in memory) with limits as to how those references can be used, the address ranges that they can use to access and which functionality they can use to access.
These hardware capabilities are unique to the processor architecture. Once baked into silicon, they cannot be forged in software. Use of these capabilities in place of some or all the memory addresses can improve the spatial memory safety of software, particularly software written in C or C++ code.
These capabilities can also be used as a building block to allow the enforcement of much stronger temporal memory safety with potentially far lower overheads than current approaches to partitioning. Known as compartmentalisation, this process isolates different parts of critical code into individual ‘walled’ areas. Code operating within one compartment has no access to any other area; even if an attacker breaches one piece of the code or data, they are trapped within that one small zone.
These hardware capabilities will be fundamental in designing future devices that are resilient to memory corruption vulnerabilities and other forms of software-based exploitation, explained Arm.
The Morello prototype boards are ready for software developers and security specialists to start exploring the security advances possible with the Morello architecture.
The limited-edition boards are based on the Morello prototype architecture embedded into an Armv8.2-A processor (an adaptation of the Arm Neoverse N1 processor). The boards are being distributed to major stakeholders, such as Google and Microsoft, as well as to interested partners in industry and academia via the UKRI Digital Security by Design (DSbD) initiative to test the hypothesis of Morello and discover if this is a viable security architecture for businesses and consumers.
The Arm Morello research program aims to create a more secure hardware architecture for processors. Its architectural extensions are based on the CHERI protection model.
The Morello program aims to assess the viability of the prototype hardware SoC employing unique extensions to the conventional Arm hardware instruction set that improve device security.
“Computers are incredibly useful but the price we pay for that utility is more and more exposure to security and privacy issues,” said Ben Laurie, principal engineer, Security, Google Research. “CHERI can allow for better, more cost-effective protection without reduced performance and Arm’s Morello prototype can help mitigate security issues showing the way to a better future for all computer users,” he said.
David Weston, director of Enterprise and OS Security at Microsoft, declared he is excited about the Morello project. “Memory safety exploits are one of the longest standing and most challenging problems in all of software security,” he said. “Using core silicon architecture to eliminate whole classes of security issues with minimal performance impact has the opportunity to be transformative with massive positive impact”.
The next two years will see the ecosystem testing, writing code and collaboratively providing critical feedback to determine whether any features will be used in future versions of the Arm architecture, said Arm. If the Morello prototype architecture performs as expected, it will be fundamental in future processor designs, protecting businesses, individuals and the devices of tomorrow.