CheriBSD 24.05 Release Notes

Overview

Welcome to the Spring 2024 (24.05) release of the CheriBSD operating system. As well as a general update of the baseline FreeBSD OS (corresponding to CURRENT as of January 2024) from which CheriBSD is derived, we have introduced several new research components which will be of interest to the CHERI and CheriBSD community:

  • Library Compartmentalization (https://man.cheribsd.org/cgi-bin/man.cgi/release-24.05/c18n) is increasingly mature. Virtually all software can now run compartmentalized. It can be enabled system wide by setting the security.cheri.lib_based_c18n_default sysctl to 1. In addition to stronger compatibility, a new procstat command c18n provides additional monitoring. While this implementation is now capable of running the full desktop environment discussed below, it is neither complete nor intended to be secure.
  • To strengthen library compartmentalization, we have completed an adjustment to the ABI for functions whose arguments do not fit in registers. These arguments are now reachable via a bounded capability passed in register C9 and newly compiled callees access them via C9 allowing callers to place argument values anywhere they desire. This is compatible with code compiled for 23.11, which used a transitional ABI which set C9 in the caller while the callee continued to access variables directly on the stack. Code compiled for releases prior to 23.11 is no longer supported.
  • We have swiched the default kernel configuration to GENERIC-MORELLO-PURECAP, a pure-capability kernel. This means that the entire base OS stack is running with spatial memory safety. Performance of the pure-capability kernel is less well studied than the hybrid kernel so care should be taken when reporting results.
  • User level heap temporal safety performance has been improved by adding in-kernel worker threads. This change allows userspace threads to invoke the kernel revoker, proceed with work, and then come back later to complete revocation.
  • Our CHERI-aware port of the bhyve hypervisor has been synced with AArch64 support merged to upstream FreeBSD. The GDB stub has been enhanced to support reading capabilities in guest memory.
  • Kernels now support the pure-capability benchmark ABI in addition to the existing hybrid and pure-capability ABIs. This ABI uses a modified form of code generation which improves performance on the Arm Morello board, required due to limitations with bounds prediction in the current Morello prototype. The performance of the benchmark ABI is more predictive of potential future CHERI microarchitectural performance than the Morello prototype running software compiled for CheriABI, making it preferable for benchmarking. However, this comes at the cost of reduced security, and so software compiled for the benchmark ABI should not be used for security evaluation. For details on how to use the benchmark ABI, and benchmark Morello in general, readers should see the Getting Started Guide.
  • The MAP_CHERI_NOSETBOUNDS flag to the mmap system call is now deprecated and a no-op. When mmap is called with the MAP_FIXED flag and a pointer to an existing reservation, the passed pointer will be returned unmodified on success.

While CheriBSD is, by definition, an experimental research operating system, with the exception of the benchmark ABI, the above features are not yet considered to be mature.

As with previous releases, the default CheriBSD kernel on Morello ships with debugging features enabled, which should be disabled by booting a non-debug kernel before any performance benchmarking is performed.

Known Issues

  • ZFS support is lightly tested. The on-disk format is believed to be stable, but it is possible that future releases will be unable to read pools created by this release, particularly pools created on pure-capability kernels.

Using Morello as a Desktop

New installations of the latest CheriBSD release have an option to enable the desktop packages during the install process.

If you have already installed the latest version of CheriBSD but did not install the desktop packages you can add them later; log in as root or use sudo to add the following packages to the system:

pkg64c install cheri-desktop (provides DRM, Wayland and the general GUI system)
pkg64 install cheri-desktop-hybrid-extras (provides Firefox and other applications)

Make sure that your user ID is in the video group; if not, use:

pw groupmod video -m username

Add the following lines to /boot/loader.conf:

dtb_load="YES"
dtb_type="dtb"
dtb_name="/boot/dtb/arm/morello-soc.dtb"

Ensure that a USB keyboard and mouse, as well as an HDMI monitor capable of handling full-HD input (all modern monitors), are connected to the desktop.

Reboot your system and you will be presented with a graphical login screen.

23rd July 2024