+ 
Latest news
About
Rust and CHERIoT provide complementary guarantees. Rust provides a rich set of properties that can be enforced at compile time. These go far beyond memory safety, and can enforce rich invariants. CHERIoT provides a rich compartmentalisation model and object-granularity memory safety for all objects, from assembly code on up to higher-level languages.
The combination will mean that you can use CHERIoT compartments for supply-chain safety in Rust and to allow Rust code to interoperate with existing C/C++ with dynamic guarantees that the C/C++ cannot violate any of the invariants that the Rust code depends on.
This code is being developed in the CHERIoT-Platform fork of Rust. It uses CHERIoT LLVM, which also includes a set of CHERI and CHERIoT-specific clang static analyser analyses that will evolve in tandem with this to make it easier to check C/C++ code that needs to interoperate with Rust in a CHERIoT firmware image.
Where to ask questions
We use GitHub Discussions for general queries about CHERIoT. This is persistent and searchable (without an account) and so a good place to ask questions that someone else may want to know the answer to.
We also have a public Signal chat. The Signal chat is intended for live discussions and automatically deletes messages. We encourage participants to write up the results of any discussions there in documentation, GitHub Discussions, Issues, or somewhere else that’s searchable. You can join the group from your phone by scanning this QR code:
