For over a decade, researchers at the University of Cambridge and SRI International have been developing the CHERI architectural model. Since 2014, these researchers have been collaborating with Arm to develop an experimental integration of CHERI with 64-bit Armv8-A. However, prior to the launch of Innovate UK’s Digital Security by Design challenge and Arm’s Morello program, there has never been a hardware implementation of CHERI architectural features in a high-performance CPU.
The prototype architecture developed by Arm extends the Armv8.2a 64-bit architecture with new architectural features. This enables fine-grained memory protection and highly scalable software compartmentalization based on the CHERI (Capability Hardware Enhanced RISC Instructions) architectural model. These new features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities.
The goal for Arm’s Morello program has been to develop an experimental hardware technology demonstrator, in around two and half years. This will enable software developers and researchers to explore the benefits and exploit the opportunities provided by this new prototype CPU architecture. The program has worked to a challenging timeline to bring together a wide range of activities. This spans from the creation of the prototype architecture specification, followed by the design and implementation of a new CPU, through to the development of a new SoC, hardware platform, development tools, toolchains and software.
Work on the Morello architecture specification began in the middle of 2019. Arm architects have collaborated with colleagues at the Universities of Cambridge and Edinburgh on the creation and formal proving of the specification. Due to the constrained timescales, many of the engineering activities had to be executed in parallel. Using Arm’s Fast Model technology, a CPU model was developed which implemented the Morello architecture specification. This Fast Model supported the development of an Architectural Compliance Kit (ACK) test suite which would be used to prove correctness of the RTL implementation of the CPU developed for the Morello SoC.
The starting point for the CPU design was Arm’s Neoverse N1 CPU. This is a high-performance superscalar, out-of-order pipeline design. The existing 64-bit Armv8.2-A support in the CPU was retained and support for the new Morello architecture was added. The key goal for the CPU implementation was functional correctness, a difficult task for a complex design but one for which Arm can draw on over 30 years of experience. The constrained timescales did not allow for significant attention to be spent optimizing for power, performance, or area beyond a requirement to be reasonably performant and achieve an operating frequency of 2.5GHz.
The Morello architecture replaces 64-bit pointers with 129-bit capabilities. Several new elements are added to the 64-bit integer data to create the capability. These include lower and upper bounds to describe the portion of the address space to which the capability authorizes loads, stores and instruction fetches. There are permissions restricting how the capability can be used and object type information. Finally, there is a 129th bit which is used to track the validity of the capability. These capabilities need to be stored in memory. These changes to support Morello are not just confined to the CPU but also impact the interconnect and dynamic memory controllers in the system. A modified version of Arm’s CMN-600 coherent interconnect was created to transport the 129th tag bit. The dynamic memory controller support is more complex and design changes were needed to implement mechanisms to enable the storage of tag bits in DDR DRAM memory.
Having identified the new semiconductor IP implementations needed to support the Morello architecture, it was necessary to specify a Morello SoC which would form the heart of the technology demonstrator platform. The starting point was Arm’s N1SDP platform which had previously been developed to demonstrate the Neoverse N1 CPU. The configuration of four CPUs split between two CPU clusters, was replicated with the new CPU implementation along with new interconnect and dynamic memory controllers. The new SoC also inherited the same SCP (System Control Processor), MCP (Manageability Control Processor) and related platform infrastructure. The technology demonstrator is also expected to be able to run operating systems which make significant use of graphics and display. An Arm Mali-G76 GPU and Mali-D35 display processor have therefore been integrated. In addition to an extensive list of Arm IPs, a range of third-party IPs were sourced. These included PCIe and CCIX controllers and physical interfaces, along with the DDR DRAM physical interface from Cadence and a set of on-die sensors from Synopsys.
The Morello SoC physical design is built for TMSC’s 7nm process node. This provided a good balance between performance power and die area for a SoC of this complexity. The architecture specification was finalized in September 2020, the CPU implementation completed a few months later with the SoC physical design finalized in May 2021. In parallel to the completion of the SoC physical design, a multi-layer substrate was developed for the SoC's flip-chip package and the Morello platform PCB. Concurrent development was needed to optimize each element for power delivery and signal integrity, especially for high-speed interfaces.
Alongside the hardware development, engineering teams in Arm have also been developing toolchains and software which makes use of the Morello architecture. Initial toolchain activities focused on an LLVM and Clang toolchain implementing the Morello architecture and drawing on the CHERI LLVM and Clang work from the University of Cambridge. A first release of this was provided in October 2020 to coincide with the availability of the Morello Platform Model and supporting software. This model is based on Arm’s Fixed Virtual Platforms and uses binary translation technology to deliver fast, functional simulations of Arm-based systems. At its heart, is the Morello CPU Fast Model.
Toolchain and software development have continued apace to provide updated toolchain and software releases to align with the release of the Morello board. A second toolchain, based on GNU, is now also underway, along with a new Linux kernel-user ABI to support pure capability user space software development. This will be made available later in 2022.
The Morello Platform Model has been a key vehicle for early software development prior to the availability of the Morello board and is used both by internal Arm engineering teams, as well as by those researchers and software developers preparing to investigate the technology. Arm also created an internal FPGA implementation derived from the SoC RTL design to prove a range of operating systems booting on the SoC design prior to the SoC database being taped out for fabrication. The FPGA platform continued to be used during 2021 to further prepare software for the Morello board.
At the end of August 2021, Morello SoC fabrication was completed and silicon wafers were shipped for flip-chip packaging. Those packaged SoC parts were structurally tested in Arm’s Austin lab before being shipped to Arm’s Cambridge lab. Since then, engineers have worked through the detailed bring-up and validation of the Morello SoC and board. These activities have focused on confirming functionality and the robustness of the design, as well as CPU performance and the correct operation of SoC interfaces, particularly those high-speed ones such as DDR DRAM and PCIe, as well as the graphics display output.
The Morello board integrates the debug features of Arm’s ULINK-Plus debug adapter, removing the need for a separate adapter. This has been successfully tested on the board along with trace features through an Arm DSTREAM unit, and with Arm’s Development Studio integrated development environment.
The firmware, including SCP, TF-A, and UEFI EDK II (supporting the booting of operating systems), was initially developed on the Morello Platform Model and ported to FPGA platform during the SoC development. It has subsequently been proven on the Morello Board and is now available on https://www.morello-project.org/ along with other open source software development which Arm has initiated to support the Morello Platform.
A range of Arm 64-bit operating systems have been booted on the board, including the Ubuntu Linux distribution, Android 11 and Windows 11. The University of Cambridge’s CheriBSD has also been booted. This is an adaption from FreeBSD that utilizes the capability architecture features to provide strong memory protection for the kernel and user space, and support for scalable single-address-space software compartmentalization. Finally, a minimal (nano) headless Android profile, using Morello ACK (Android Common Kernel) and Bionic library built with the CHERI LLVM and Clang toolchain providing support for pure capability applications, has also been proven.
With this Morello Hardware Technology Demonstrator release, Arm is starting to distribute the first Morello boards to industrial and academic researchers and software developers. Arm is also making a host of other new and updated deliverables available. The Morello landing page provides a starting point to access the latest Morello architecture specification, a range of user documentation, development tools, memory model tools and open-source software.
With the hardware implementation now available, the focus switches to researchers and software developers exploring the benefits and opportunities of this experimental architecture, building on those initial enabling open-source software deliverables. The next phase will run until the end of the five-year program and we are looking forward to seeing the results of the research with the demonstrator boards.
Website - Arm Morello Program
Blog - Arm Morello: What is it and Why is it Important?
Blog - Software Enablement and the Morello Technology Demonstrator
Blog - Morello Research Program Hits Major Milestone with Hardware Now Available for Testing
Specification - Morello for A-profile Architecture supplement
Guide - Morello Prototype Architecture Overview Guide
Guide - Morello Development Platform and Software Getting Started Guide
Hi,This is a really good news with BSD, that may offering another track for the Virtualization process compatibilty with other pursashers & also more security.Something make me feel, i will follow this :D