CheriBSD

How can I upgrade CheriBSD?

Currently, there are no binary upgrades for CheriBSD.

The only way to upgrade a CheriBSD host is to build and install CheriBSD from source code. See the wiki page for instructions how to do this. Note that we cannot guarantee stability when upgrading CheriBSD and it is important to make sure you can recover your data if an upgrade fails.

How can I build CheriBSD from source code?

You have two choices:

  • Build and install CheriBSD natively on Arm Morello using these instructions

  • Cross-compile (on FreeBSD, macOS or Linux) CheriBSD for CHERI-RISC-V or Arm Morello using cheribuild

Does CheriBSD implement spatial safety (e.g., to prevent out-of-bounds bugs)?

The official CheriBSD release runs basic programs and libraries compiled for the pure-capability ABI and a hybrid kernel.

It also includes a pure-capability kernel in /boot/kernel.GENERIC-MORELLO-PURECAP. See these instructions to find out how to do that.

Does CheriBSD implement temporal safety (e.g., to prevent use-after-free bugs)?

Currently, the official CheriBSD release does not include temporal safety mechanisms. This feature (also known as Cornucopia in CheriBSD) is scheduled for a future release and can be used today by installing a Cornucopia-enabled kernel and revocation-aware memory allocators.

See the Cornucopia tutorial to read more how to use it.

How can I switch to another CheriBSD kernel (e.g., a pure-capability kernel)?

Use one of the following methods:

  • Run nextboot -k KERNCONF

    See nextboot(8) for more details.

  • Add kernel="KERNCONF" to /boot/loader.conf

    See loader.conf(5) for more details.

  • In a boot loader, press 5 multiple times to select KERNCONF

KERNCONF is a name of a directory in the /boot directory with a kernel (e.g., kernel.GENERIC-MORELLO-PURECAP) that corresponds to a kernel configuration file from CheriBSD source code (e.g., GENERIC-MORELLO-PURECAP).

Is there any IDE for CheriBSD?

No. The closest to it is Kate Editor but it is still far from an actual IDE.