CheriBSD

CheriBSD is a Capability Enabled, Unix-like Operating System that extends FreeBSD to take advantage of Capability Hardware on Arm’s Morello and CHERI-RISC-V platforms. CheriBSD implements memory protection and software compartmentalization features, and is developed by SRI International and the University of Cambridge.

CheriBSD with desktop environment running on Morello
CheriBSD 24.05


Features

Spatial and temporal memory safety for userspace and (optionally) spatial memory safety for the kernel
Userspace and kernel debugger support for memory-safe and memory-unsafe code
Pre-built USB stick image with interactive guided installer
Memory-safe KDE-based graphical desktop stack (Morello-only)
Compatible with existing memory-unsafe 64-bit applications
10,000+ pre-built memory-safe packages and 26,000+ pre-built memory-unsafe packages
CHERI-enabled "bhyve" hypervisor for capability-aware guest OSes (Morello-only)
Experimental library-based compartmentalisation (co-processes and kernel modules in development)
Runs on Morello boards, Morello FVP, QEMU and FPGA