Embedded software is becoming more critical as it gets more widely used in operational technology and as those systems become more complicated and interconnected. Mitigating memory safety vulnerabilities and efficient compartmentalisation are two techniques that are essential in making operational technology safer.

This presentation describes our experience in developing Sonata which is a platform that brings CHERI technology into the hands of embedded systems engineers. CHERI allows a system on chip (SoC) to enforce memory safety in the hardware, and it provides the foundation to address garbage collection and compartmentalisation. Sonata is a development platform that includes a tool-chain, a supporting software stack, an FPGA experimentation board, an SoC design and accompanying documentation to port existing embedded software to run on a CHERI-based system. The system supports CHERIoT-RTOS which is a real time operating system written from scratch by Microsoft to support compartmentalisation and memory safety in embedded systems. In this presentation, we describe our latest developments including integrating a newly released CHERI-aware debug module and how this improves the developer experience.

The presentation will also assess the necessary modifications of code to port an embedded application to CHERI including what portion has to change. This can then be compared to rewriting applications in a memory-safe language like Rust. In particular we assess a network stack that re-uses code from FreeRTOS to see how much code is necessary to make a common embedded library usable on a CHERI system.

Finally, Sonata is completely open source from the PCB design to the RTL specification. All the lessons we have learned will feed into future CHERI designs and drive the field forward for high integrity software.