12th August 2024

SCI Semiconductor are very pleased to announce the development of the first commercially available CHERI-enabled family of devices, based on the RISC-V architecture and the Microsoft CHERIoT Ibex processor core. Targeting a wide variety of applications, spanning from Root of Trust (TPM/UICC) through to advanced microcontroller and microprocessor applications, this new family of devices finally delivers CHERI technology as a commercial reality.

CHERI, or Capabilities Hardware Enhanced RISC Instructions, has been developed over the last decade by a wide array of leading academic institutions, including University of Cambridge; alongside critical commercial partners, including Microsoft and Arm; and key governmental stakeholders, such as DSTL, UKRI and the Department for Science, Innovation and Technology (DSIT). Targeting the 70% of cyber-attacks that are based on memory misconfiguration and misuse, this revolutionary memory safety technology resolves vast swathes of modern attack vectors, removing the ability to escalate attack points and manipulate computational pointers. Enforcing the dual principals of Least-Privilege and Intentionality, it now becomes possible to define specific high-integrity capabilities and bind software into architecturally protected compartments.

The CHERIoT Platform is an open-source hardware-software co-designed platform that extends the core CHERI guarantees and showcases the possibilities of a pure CHERI system. CHERIoT was originally developed by Microsoft Research and is now maintained as a cross-vendor open-source project, with Microsoft and SCI Semiconductor as the largest contributors. CHERIoT builds on top of efficient spatial and temporal memory safety to provide fine-grained lightweight compartmentalisation for embedded systems. CHERIoT supports fine-grained auditing of the rights of every compartment, enabling fearless code reuse even in the presence of software-supply-chain attacks.

The SCI ICENI family of RISC-V (RV32E CHERIoT) microprocessors are specifically designed for applications with high-integrity requirements, including defence and aerospace, critical infrastructure, industry 4.0, and medical domains, although any application where confidential information, control, or command requirements will additionally welcome this protection.

Haydn Povey, Chief Executive, SCI Semiconductor stated, “Following successful demonstration of the technology at CyberUK ’24, we are extremely happy to announce the development of this new family of devices that finally deliver on the promise of safe and secure compute. The device demonstrations marked the start of a new epoch of secured devices, secured applications, and secured society. The modern cyber-security industry is focused on treating the technological symptoms of poor hardware and software architecture, with CHERI and the new device family, we finally start to treat the disease.” 

 David Weston, VP of Enterprise and OS Security at Microsoft added “Microsoft is pleased to see that the open source CHERIoT Ibex core is being used by SCI Semiconductor in an upcoming silicon product. We believe that CHERI is a promising technology that can be used to enhance computer security and we are happy to see it making its way into production silicon. This is one of the main reasons why Microsoft developed and open sourced the CHERIoT Ibex core.”
 

For more information on the SCI ICENI family of devices, applications and technical documentation, please contact info@scisemi.com

About SCI Semiconductors

SCI Semiconductors was formed to lead the commercialisation of CHERI technologies. With a strong focus on secure and high-integrity computing, the organization has built a team of recognised industry leaders, with decades of leadership in security, processor IP and chip design, and high-integrity software. With multiple existing projects developed on the prototype Arm Morello test chip, the team focused on enablement of the smaller, simpler, and nimbler, Microsoft CHERIoT Ibex processor. The company has ported AWS FreeRTOS and functional libraries, as part of exploratory work with UKRI and Digital Catapult, alongside operating and enhancing the native CHERIoT RTOS.