Hardware-enforced memory safety

Capability Hardware Enhanced RISC Instructions (CHERI) technology brings a revolutionary, preventive approach to silicon security. CHERI enables fine-grained memory protection (e.g. to prevent out-of-bounds and use-after-free bugs) and highly scalable software compartmentalization (e.g. to mitigate future or unknown vulnerabilities in third-party software). By enabling optional CHERIoT support in OpenTitan, developers can eliminate entire classes of memory vulnerabilities directly at the hardware layer.

CHERI logo
CHERI Technology

The Memory Safety Crisis

01 / By the numbers
$10T +
Estimated annual global cost of cyberattacks driving the need for proactive security
~ 70%
Of all reported CVEs from industry leaders are memory-safety vulnerabilities
0
Buffer overflows permitted when hardware-protected capabilities are enforced

Why Adopt CHERI Technology?

02 / Strategic Benefits
  1. 01

    Preventive vs. Reactive Security

    CHERI replaces traditional, easily manipulated pointers with hardware-protected capabilities augmented with bounds and permissions — rendering memory misuse attacks physically impossible.

  2. 02

    Scalable Compartmentalization

    CHERI enables highly efficient, fine-grained isolation between software components within the same address space. If a single software component is compromised, the hardware safely isolates the blast radius.

  3. 03

    ISA-Agnostic standard

    Backed by major global entities like DARPA, UKRI, Google, Microsoft, and Arm, CHERI is an industry-led architectural standard. Its core principles easily adapt to benefit any architecture, including RISC-V and x86.

  4. 04

    Brand Protection & Trust

    By building CHERI technology directly into your silicon designs, you establish an immutable hardware layer of protection, helping safeguard your customers, end-users, and corporate reputation against devastating security breaches.

CHERI in OpenTitan

CHERI-enabled Top Level

Discover how Earl Grey 2 brings hardware-managed spatial safety (automatic bounds checking) and temporal safety (capability revocation) to low-power, security-critical designs.

Area impact

Low impact on silicon area