|
|
Log in / Subscribe / Register

Not really like CHERI at all

Not really like CHERI at all

Posted Feb 19, 2026 13:41 UTC (Thu) by Vorpal (guest, #136011)
Parent article: Kernel control-flow-integrity support comes to GCC

> CHERI-like hardware-enforced capabilities can be used to completely block indirect-jump-based attacks.

CHERI is unrelated to indirect jumping or control flow in general. CHERI is about protecting about out of bounds accesses by adding metadata to pointers to indicate what memory range they are valid for.

A clarification to the article is probably warranted.

to post comments

Not really like CHERI at all

Posted Feb 19, 2026 13:59 UTC (Thu) by daroc (editor, #160859) [Link] (1 responses)

CHERI supports using sealed function pointers that encode type information about the function being jumped to:

https://cheriot.org/isa/ibex/2024/06/26/sentries-cfi.html
https://cheriot.org/rtos/sealing/2025/11/06/sealing.html

So saying that CHERI is unrelated to control flow is incorrect. It might help to know that the accesses through a pointer that CHERI metadata controls includes whether the resulting address can be executed or not. And capability sealing, which was originally intended to allow passing opaque handles to untrusted code, combines well with that ability.

Not really like CHERI at all

Posted Feb 28, 2026 7:12 UTC (Sat) by Vorpal (guest, #136011) [Link]

Interesting! I wasn't aware it had that feature.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds