WATCH OUR latest Digital Security video
As part of the Digital Security by Design project run by D-Risq called CHERI Stone, we were interviewed on our thoughts on the CHERI/Morello programme. The Capability Hardware Enhanced Risk Instruction set architecture (CHERI) project had produced an Instruction Set Architecture which provides a means for managing memory safety through the introduction of ‘capabilities’. The Morello programme run by Arm is producing an example prototype hardware board with a firmware stack to enable use of the hardware.
This firmware will need to be assessed as part of any use in a regulated industry. As the clearest and most mature set of standards are in aerospace and support airworthiness certification, it was decided to use these as the basis for assessment of the Morello software in regard to both safety and security. Since 1992, the air worthiness of software has been focused on safety using RTCA/DO178B/C but increasingly the security aspects of airworthiness has been more of a concern and RTCA/DO-326A and related documents often have to be met.
The project could not assess every aspect of the available firmware. The two sets of Morello software selected for assessment and using standard aerospace practices were Trusted Firmware-A and SCP. The approach has been to use the Federal Aviation Agency (FAA) Job Aid for assessment if the software against DO-178C. There is no equivalent for DO-326A, so an informal compliance assessment will be undertaken. An open paper is available from D-RisQ on application.
WATCH OUR safety and security video
FIND OUT MORE ABOUT SAFETY AND SECURITY USING DO-326A
The Industry Sectors we work with