Hardware-enforced memory safety
Capability Hardware Enhanced RISC Instructions (CHERI) technology brings a revolutionary, preventive approach to silicon security. CHERI enables fine-grained memory protection (e.g. to prevent out-of-bounds and use-after-free bugs) and highly scalable software compartmentalization (e.g. to mitigate future or unknown vulnerabilities in third-party software). By enabling optional CHERIoT support in OpenTitan, developers can eliminate entire classes of memory vulnerabilities directly at the hardware layer.
The Memory Safety Crisis
01 / By the numbersWhy Adopt CHERI Technology?
02 / Strategic Benefits-
01
Preventive vs. Reactive Security
CHERI replaces traditional, easily manipulated pointers with hardware-protected capabilities augmented with bounds and permissions — rendering memory misuse attacks physically impossible.
-
02
Scalable Compartmentalization
CHERI enables highly efficient, fine-grained isolation between software components within the same address space. If a single software component is compromised, the hardware safely isolates the blast radius.
-
03
ISA-Agnostic standard
Backed by major global entities like DARPA, UKRI, Google, Microsoft, and Arm, CHERI is an industry-led architectural standard. Its core principles easily adapt to benefit any architecture, including RISC-V and x86.
-
04
Brand Protection & Trust
By building CHERI technology directly into your silicon designs, you establish an immutable hardware layer of protection, helping safeguard your customers, end-users, and corporate reputation against devastating security breaches.
CHERI-enabled Top Level
Discover how Earl Grey 2 brings hardware-managed spatial safety (automatic bounds checking) and temporal safety (capability revocation) to low-power, security-critical designs.