Arm Puts Security Architecture to the Test With New SoC and Demonstrator Board

January 26, 2022 by Darshil Patel

Arm recently announced a new prototype architecture that has spun out of its Morello program, which may pave the road for next-generation data security systems.

Several years ago, researchers at the University of Cambridge, in collaboration with Arm, developed an experimental architecture called CHERI—capability hardware-enhanced RISC instructions—which uses 64-bit Armv8-A to address memory safety, particularly in programming languages.

Based on the CHERI protection model, Arm created the Morello program, an initiative with the University of Cambridge and the University of Edinburgh that kicked off in 2019 to devise a secure hardware architecture for processors.


Arm Morello SoC

Arm Morello SoC.


As a part of this project, Arm has now built a system-on-chip (SoC) and a demonstrator board using the Morello prototype architecture based on CHERI. This architecture is said to enhance memory protection and scale software compartmentalization with the goal to protect memory-unsafe languages against various vulnerabilities. 


Memory Safety May Hinge on Programming Language

Memory safety is one of the most pressing challenges in modern embedded design. Smart devices like fitness trackers, smartphones, laptops, and even IoT-based smart vehicles store sensitive information such as photographs, transaction credentials, and saved passwords, among many other types of personal data. 

Memory safety is also a pivotal property of some programming languages. Memory-safe languages prevent programmers from introducing certain defects or bugs that can control the device's memory. Such languages include C#, Java, and Python. In contrast, C, C++, and assembly languages are memory-unsafe.

With memory-safe languages, a user might allow access to some address ranges in memory. Even so, if a programmer tries to access out-of-range addresses, the person should receive an error or the program will crash. Memory-unsafe languages, however, allow a programmer to read all memory contents. 


The CHERI Architecture

To mitigate such memory vulnerabilities, CHERI was developed as a hybrid capability architecture to extend conventional hardware instruction-set architectures (ISAs). The architecture augments pointers (the variables that refer to addresses in memory) with limits on their usage. This way, only some definite address ranges can be referred to. Once implemented physically, the address access of pointers cannot be forged by software memory-unsafe languages.



An illustration describing how CHERI architecture improves memory safety through compartmentalization.


CHERI can also be used to separate critical blocks of addresses from other uncritical addresses. The researchers call this compartmentalization. Here, the critical parts of the code are isolated in a compartment. Therefore, even if a programmer breaches one piece of the code, they are trapped within that compartment only.


Morello SoC Design

The Morello SoC is based on Arm's N1SDP platform, in which the configuration of four CPUs is split between two CPU clusters. A similar configuration is replicated in the Morello SoC, along with new interconnect and dynamic memory controllers. It also uses the same system control processor (SCP) and manageability control protocol (MCP).

Because the SoC is expected to run operating systems, it integrates an Arm Mali-G76 GPU and the Mali-D35 display processor. 


Morello SoC configuration

Morello SoC configuration.


Beyond hardware, Arm engineers also developed software toolchains, mainly LLVM and Clang toolchains, that implement the Morello architecture. Arm created an internal FPGA to facilitate operating systems booting on the SoC design before the SoC database is taped out for fabrication.


The Morello Demonstrator Board

The Morello demonstrator board embeds an Arm v8-2-A processor. It features Arm's ULINK-Plug debug adapter, which removes the need for a separate adapter. According to the researchers, the demonstrator boards allow researchers to evaluate and test security benefits practically.

The firmware includes SRP, TF-A, and UEFI ED 2 to support the booting of operating systems. The researchers report booting a range of Arm 64-bit operating systems, including Linux, Android 11, and Windows 11.

Arm is distributing the boards to interested partners at universities and companies—the two most notable being Google and Microsoft—through the UKRI Digital Security by Design (DSbD) initiative.


What's Next for the Morello Program?

With hardware implementations of the Morello architecture now available, Arm and Cambridge researchers are now looking to future opportunities for this architecture. They are also working on a second toolchain based on GNU, along with a new Linux kernel-user ABI to facilitate pure capability user space software production.

The next phase of the Morello research project will run until the end of the five-year program.



All images used courtesy of Arm.