Linux distributions
| Topic | Type | Description |
|---|---|---|
| Desktop distribution | Engineering | In the longer-term, integrating the CHERI port into a popular mainstream desktop Linux distribution will encourage the adoption of CHERI and make it easier to migrate existing Linux workloads to CHERI. This will, however, likely require available hardware. However, porting a full Linux distro may depend on fully porting GCC and other languages and tools used within the distro’s build process, so it’s better to begin by targeting a simple Linux image such as an embedded distribution, and expand into a full Linux distribution later, once we have a more complete set of ported packages to work with. When working on a package repository for the selected Linux distribution, additional changes will have to be made to the distribution’s user space configuration to allow a user to install and run pre-compiled hybrid/integer mode and pure-capability third-party programs. For example, CheriBSD maintains separate local base directory hierarchies for separate ABIs to avoid conflicts between files from packages of different ABIs. The distribution package manager may need modification to make it aware of the different ABI use for installation and dependency tracking. |
| Server distribution | Research | Although similar in many ways to the desktop distribution, there are some technologies that may require special attention. In the kernel, XDP requires CHERI support in eBPF. eBPF is also supported now in some SmartNICs and ideally these should also contain CHERI processors to maintain security across the system. Remote Direct Memory Access (RDMA) is an increasingly popular technology that will need careful analysis regarding the impact on CHERI tagging. DPDK may also need to be supported. Hardening Linux containers with CHERI would be highly beneficial for servers, although a CHERI-enabled Go language will be required to build Docker or Podman. Servers will also require hypervisor and KVM support. This has an early implementation in Morello, but has not yet been considered for RISC-V. |
| Embedded distribution | Engineering | Yocto is becoming the most common method of building Linux distributions and is supported by many major silicon vendors including NVidia and Xilinx/AMD. It supports building a huge number of Linux packages and CHERI support can be added through additional build layers that augment existing build instructions. Yocto layers that add CHERI toolchains and a basic user space exist for both Morello and CHERI-RISC-V. |