Linux Strategy Meeting Notes

06 May 2026

• Uwe sent additional patches to the Linux kernel mailing list that could help upstream CHERI support, and some of them are already in Linux-next. Although these patches are not CHERI-specific, their references to CHERI sparked more discussion than he had anticipated.
• Branching-strategy discussions continued in this meeting. Allison proposed introducing a collab- prefix, alongside vendor branches prefixed with codasip-, morello-, etc. She argued that the burden of reviewing and merging community contributions should be shifted away from Codasip, a view echoed by Andrew Murray from the Capable Hub. Under this model, support for other architectures, for example, would live in these branches rather than the codasip- branches, with the option for Codasip to cherry pick patches. Some repositories (mainly cheri-meta) struggle with pending pull requests and this proposal would help to alleviate this. Christian from Codasip indicated that he would still be happy to review and merge patches by the community into the Codasip branches in the Linux kernel and Musl repositories. Jessica suggested to have no collab- prefix for the non-vendor branches and just call them for example linux-6.8, linux-7.0, etc. In a separate, shorter discussion on main branches, Uwe volunteered to maintain a fast-forward branch. Jess objected that the history would become chaotic and that such a branch shouldn’t be named main.
• Repository and branch permission management was discussed. Allison suggested different roles that could be implemented with GitHub Teams for the repositories that belong to the CHERI Alliance Linux Working Group. Consensus was reached to try out a model that introduces only a modest number of roles and relies on ‘social rules’ rather than technical enforcement of rules for the small group of people that will have write access. These rules and the roles will be documented in the ‘Contributing’ section on cheri-linux.org. The new roles also meet Christian’s desire to be able to add someone as reviewer to a PR without having to give them write access to the repository. He also remarked that he’d like to be able to see who has write access to which repositories, which is currently not publicly visible.

22 Apr 2026

Because this meeting was longer than usual, the notes follow a slightly different format to accommodate all discussion points.

Morello GitLab instance and CI:
Fathi from Linaro, the maintainer of the Morello GitLab instance, let us know that the contract with ARM for the maintenance of the Morello GitLab and CI ends in September and that the servers might be turned off due to this. Kevin Brodsky will raise this matter internally at ARM. Linaro has resources to help with the migration as they are still contracted by ARM. Everyone agreed that we shouldn’t lose the ability to run the Morello Linux software stack on Morello boards. Multiple suggestions were made how to address this:

• The GitLab instance could possibly remain available with help from ARM.
• Some of ARM’s Morello software work could be moved into branches in the CHERI Alliance repositories.
• A new GitLab instance could be hosted by another organisation. The Capable Hub could create a CI setup that replaces the CI setup that’s currently offered by Linaro. The CI setup should test with CheriBSD and CHERI/Morello Linux. Hesham mentioned that we have cheribuild targets for the Linux kernel, userspace, and tests (some targets for tests will be merged soon).

It was noted that firmware maintenance cannot be taken over by other organisations as not all source code is available. It would be useful for the Capable Hub to have more Morello boards and Linaro will discuss redistribution of the their boards with ARM. Allison asked Fathi to create a document that details the repositories and other components that would need to be migrated if Linaro cannot continue to host the Morello GitLab instance in the future.

Contribution guidelines and collaboration model:
Allison created a draft for contribution guidelines: https://github.com/CHERI-Alliance/cheri-linux-website/blob/main/content/docs/contributing.md
Different branching strategies were discussed:

• Having contributions made by others than Codasip in a separate branch that unifies them and Codasip’s work,
• or, alternatively, per-vendor branches.

It was noted that Allison’s suggestions also apply to other repositories. Pawel would like to have a branch that more closely tracks upstream. Andrew suggested that maybe a unified branch is not best solution, as work-in-progress research and other work is best kept in separate branches. Christian would like to avoid fragmentation and breaking further things (Morello support is currently broken in CHERI Linux). He will continue to try and review pull requests in a timely manner.

The use of unsigned long for pointers in the Linux kernel:
Uwe sent a small CHERI Linux patch to the Linux kernel mailing list that addresses CHERI’s requirement for a 128bit data type for pointers upstream in one particular area. In the following discussion, several noted that it would be useful to get guidance from upstream how to switch from unsigned long for pointers, which is common practice in the Linux kernel but a data type that’s too small for CHERI capabilities, to something else. Linus Torvalds has expressed opposition to uintptr_t in the past. To help advance this discussion, a small example and further reasons to not use unsigned long might be useful. These could include current trends in the hardware industry that require larger pointer representations.

Morello support in CHERI Linux:
Hesham has created a planning document for having Morello support in the CHERI-Linux ecosystem: https://github.com/CHERI-Alliance/linux-roadmap/milestones
Contributions and additions are welcome. Christian is happy to receive pull requests for Morello support

Notes:
Paul will from now on take meeting notes and create a monthly Linux working group news update.

8 Apr 2026

• Updates and discussion

25 Mar 2026

• Updates and discussion

11 Mar 2026

• Updates and discussion

25 Feb 2026

• Updates and discussion

11 Feb 2026

• The Capable Hub is looking into porting syzkaller. It’s written in Go, but the runner doesn’t need to be ported.
• Yocto has been released. The manifest repo has instructions for building it. The meta-cheri repo contains the versioned branches of the yocto layer.
• Pawel will help with inplementing multi-lib in the yocto layer.
• Planning to push out a new musl 1.2.5. Also looking at the latest, thinking about which one makes more sense.
• Looking at pushing out a newer version of the compiler 19.1.7. Have started experimenting with LLVM 20

28 Jan 2026

• Yocto release will probably be next week. Update to scarthgap (upstream LTS), and Linux kernel 6.18.
• Got CHERI Linux working on CVA6 CHERI (no networking yet, minimal drivers)

14 Jan 2026

• Capable Hub has joined CHERI Alliance, is now authorized to add their plugin to projects. Projects who want to use Capable Hub CI need to request from Marno and Capable Hub to enable a new repo for the plugin.
• CA linux kernel is just running a compile test. Morello ported LTP, and Codasip updated it to a newer version. Codasip says they’ll look into releasing that.
• Capable Hub is working on porting Cyrus, FreeBSD’s test suite.
• Codasip expects to release their Yocto within a few days.
• Hesham got CHERI Linux running on CVA6 with kernel and root filesystem. Slow to load kernel and filesystem from SD card on Genesys2 board.
• Paul continuing to work on converting CheriBSD tests to general infrastructure. Cataloging the differences between Morello Linux and CheriBSD causing the failures.
• Brooks is starting a working group for cross operating system working group in CHERI Alliance.

3 Dec 2025

• Introducing The Capable Hub
• Discussion of CI needs:
  • Want to be able to test CHERI version and non-CHERI version. Can just do that in docker images.
  • Hosting for Docker images
• Hesham has been experimenting with muslc and busybox, have been discussing on Slack. Has found bugs in muslc, qemu, llvm.
• future topics: temporal safety, sub-object bounds

19 Nov 2025

• Codasip will push musl as-is, and then plan to release a cleaned-up branch later. Aiming to have everything out out by the end of the month.
• Hesham has been trying to test everything from Codasip, they have released the kernel, busybox. Has been adding bits to cheribuild to test what Codasip release. Has gotten busybox to build, but not run (faulting). Codasip has released some custom scripts for building, but it builds without those custom scripts.
• Hesham submitted a pull request to CHERI Alliance linux repo to fix build failures on Morello, which has been merged. Still exploring other build failures.
• Codasip expect to have a QEMU update out soon. At LLVM 19.1.7 (the module loading they’re working on requires at least LLVM 18).
• Codasip is testing busybox and musl with dynamic linking.
• Paul has been working on converting the test infrastructure for CheriBSD into a stand-alone test suite. Working on bounds-check tests, Cheri ABI tests, etc. A bit more than half of the tests are still on the to-do list. Will work on integrating the tests into the cheribuild system. The goal is to make these tests available to CHERI Linux, but also have an eye toward a POSIX-like standard across operating systems.

5 Nov 2025

• Codasip has released Linux Kernel 6.16. The linux-previous branch has the old contents.
• musl should be out today
• Yocto is still a sticking point, have to do a re-org to use external reps instead of internal repos.
• Discussion of CI options:
  • Using GitLab, doing regular builds, with offloading.
  • Good Penguin uses AWS runners, but won’t do this for the new program (kicks out runners, failures happen). Might have dedicated hardware for this in the future. Talk to Pawel Zalewski.
  • Have set up Digital Catapult with physical hardware, and have it running in Cambridge data center.
  • For Morello, we do have bhyve, so can run VMs for testing kernels

22 Oct 2025

• Hesham’s update to cheribuild to build both Morello Linux and Codasip Linux has merged into main
• Hesham plans to work on merging into a single Linux repo
• Codasip plans to release the 6.16 Kernel in the next few days
• The Roadmap doc is ready to go public, link it in from cheri-linux.org
• Ask Mike about whether he’d like to do a blog post about the roadmap
• Identify low-hanging fruit for initial contribution areas. Plan for how people can help us. Self-contained items for a todo list.
• If there was a centralized CI, what would we be able to do there? What does a sensible CI strategy look like? e.g. Paul’s OS test, QEMU emulation for morello. Add issues, “it’d be great to have a section on CI strategy”
• Welcome to the CHERI Linux community talk for CHERI Tech/start of the new year.
• Codasip has people tackling iouring, compat support,
• glibc is on the wishlish, there’s a branch that can be built with LLVM
• what does the cheri-enabled Debian require? X and Wayland are running on Codasip, in a matchbox window manager. On CheriBSD, openGL doesn’t work on X, but probably because of a driver rather than X itself.
• QT6 patches are not upstream yet. Does Codasip want to work on KDE6?

8 Oct 2025

• Repository management: when we want to push some branches.
• Check with Carl if Hesham can have early access to Codasip’s musl c and busybox.
• Pawel Zalewski gave a deep dive on the Morello Yocto configs:
  • Went with a dual sysroot, which proved problematic. If they had it to do over again, they would use Clang and CHERI-enabled LLVM, and just change compiler flags between CHERI and non-CHERI.
  • Userspace was postgres and zabbix.
  • The proliferation of forks is difficult to work with, found it worked better to use a clean upstream source and apply patches in the Yocto build process.
  • Found a memory leak in the ducttape embedded javascript engine (only in the purecap version, not in the non-CHERI version).
  • Porting commonly-used software is a barrier to adoption of CHERI.

24 Sep 2025

• Paul Metzger is going to start working on transitioning the CheriBSD test suite to a more general test suite.
• Codasip has a functional 6.16 Linux Kernel, basics of module loading working, prototype of running both CHERI and non-CHERI userspace. Have updates for QEMU, are working on cleaning up musl fork. Aiming to get things more closely aligned with upstream. (For example, have added a test suite in musl.)
• In some repositories, have multiple versions of things, would be useful to explore how much they are diverging, and if we can pull them together. (musl C, and busybox).
• Codasip now has LLVM 18 functional, and are building their Linux system with that. How many people are waiting for 6.16 Linux Kernel to be pushed out?

10 Sep 2025

• Hesham Almatary has been working on VMs on seL4,
• Ruslan Bucan has been working on platform, device drivers.
• Discussed differences between CVA6-cheri and Codasip X730. Targeting the same version of the CHERI RISC-V standard, may be differences in device drivers, virtualization, performance counters.

13 Aug 2025

• QEMU working group is working toward convergence, will add Codasip’s “prime” features on top after converging other variants.
• Christian is working on 6.16, nearly done but will probably be released in early September (August holidays).
• Alfredo presented a deep dive on his temporal safety work.

30 Jul 2025

• Codasip is preparing to release their Yocto configurations to build simple Linux images for CHERI RISC-V, together with an update to Linux Kernel to 6.16, and other projects including qemu, llvm, and gdb.
• Discussion of repository naming for a handful of ported projects that Codasip is releasing with their Yocto configurations, as well as convergence plans for the projects that have multiple ports.
• Derrick presented a deep dive on MIT Lincoln Lab’s work on Linux compartmentalization.

16 Jul 2025

• General discussion, status updates, and planning future deep dive topics.
• Preview of Alfredo’s work on temporal safety (will be a topic for a future deep dive).

2 Jul 2025

• Edward successfully combined hybrid aarch64 Codasip kernel and mostly stock Debian userspace compiled with stock Morello SDK. Can also run purecap binaries. Some discussion of future work:
  • Edward will work on purecap kernel for aarch64.
  • Need to understand where we are, and decide what we want to do with userspace.
  • Upstream Debian depends on Python and Perl, which are ported for CheriBSD and Morello, but not yet CHERI RISC-V. You can’t compile glibc with LLVM (though, there is some existing work to compile Debian entirely with LLVM and their libc). ARM will not build a purecap kernel from either Morello or Codasip sources.
  • First, aim to make the Codasip kernel as compatible as possible with Morello.
  • Gchips has just updated Morello LLVM to converge with the Cambridge/SRI research version of LLVM.

18 Jun 2025

• Roadmap doc to be published, waiting on attribution
• Edward is reviewing Codasip changes on CHERI Linux. Will have results to share in a few weeks.
• NSA replicated the Nginx experiments on Morello Linux.

4 Jun 2025

• These meeting notes and slides from the deep dive sessions are published in the git repo for the CHERI Linux website.
• We have a collaborative space on the CHERI Alliance NextCloud to post recordings of the deep dive sessions. It would require you to set up an account to access, does that work for everyone?
• The mailing list has archiving now, so it’s worth posting meeting reminders.
• Status updates:
  • Codasip is getting the SPEC CPU benchmarks running on their cores. Currently have Embench. Have been using them to fix compiler issues.
• Reminder of the upcoming July 4th holiday, if we do a deep dive on the July 2nd call, make sure to record it.

21 May 2025

• Q: Is there at 6.14 branch of the Codasip Linux Kernel? A: Still cleaning up the 6.10 branch first, then will do the update to 6.14.
• CHERI C Examples repository: https://github.com/CTSRD-CHERI/cheri-c-examples with discussion in the #cheri-c-examples channel in the public CHERI-CPU Slack.
  • Carl pointed out another example repo: https://github.com/capablevms/cheri-examples
• Q: How to publish updates to the website? A: Commit the update, and Carl will launch the changes (not handed over to CHERI Alliance sysadmin yet).
• Future topics: temporal safety on RISC-V CheriBSD ports (Alfredo, end of June or early July), MIT Lincoln Lab work on Linux compartmentalization (Derrick, 2+ months), Yocto (Codasip after released, see if Good Penguin will do a deep dive on theirs), bpf, aio (Christian Ehrhardt), graphics, ioctl, compat, testing, ltp, plan to increase coverage, principles, performance improvements (benchmarking/optimization).
• Ongoing action items:
  • Release CHERI Linux strategy doc
  • Publish collaboration guidelines on website
  • Publish a page with meeting schedule/information on website
  • Publish these meeting notes on website

7 May 2025

• Christian presented a deep dive on the Codasip Linux Kernel work.

23 Apr 2025

• The CHERI Alliance Linux Kernel repo is now public on GitHub. This is Codasip’s work combining the Morello Linux patches with their own patches, on Linux Kernel version 6.10 as a base.
• Next step will be to update to Linux Kernel version 6.14, with a cleanly rebased history.
• Discussion of setting up CI for the CHERI Alliance repos related to Linux. Currently, Codasip uses GitLab internally and Cambridge uses Jenkins. Explore using GitHub’s built-in CI. Initially target QEMU, but eventually also target Codasip’s cores, Tooba, and CVA6.

9 Apr 2025

• Carl presented Linux status update talk on Porting Linux to CHERI (repeat from CHERI Blossoms conference).

26 Mar 2025

• musl - doesn’t seem to be one in CHERI Alliance, would be good to get it released
• When Morello tried to get some graphics working in purecap, Morello in purecap means you cannot use TLS in any purecap libraries. For any real porting needs to be addressed first. Has Codasip already done this?
• Reasonable expectations for malloc and free, could go in the CHERI C/C++ Programming Guide.
• Still hoping to get a walkthrough of the Codasip Kernel patches, choices they made, and things we know are still missing.
• Portfolio of different potential targets:
  • Desktop workstation (requires a very large software stack, but a lot of that is not FreeBSD-specific, so established work is useful there)
  • Server stack (nginx, haven’t done mysql)
  • Most of the gaps are currently in the Linux kernel, the low level bits that enable memory safety and temporal safety
  • Would be good to try out the things that are already ported to FreeBSD on Linux, including private patches that can’t be upstreamed.
• Move toward a KDE demo, a complete development stack that people can target. That’s what people experimenting with CheriBSD frequently asked “when can we get a real idea”. A list of targets in cheribuild, but cross-compiling kde will likely be faster than native compiling in a VM. KDE cross-compile targets exist, but haven’t been tested in a while. But, at least the cross-compile infrastructure is there.
• QEMU userlevel support for CHERI.
• Can debian image building do cross-compile using QEMU?
• What are the interventions we can make as early as possible, to enable others to do work?
• Codasip in 18 months may have chips, but in order, single pipeline, etc.
• Draw out a roadmap for CHERI Linux as a distro.
• Release the CHERI Linux Roadmap. Either a wiki or mdbook. Check with CHERI Alliance for a repo. Get permission from existing contributors.

12 Mar 2025

• General discussion, status updates, and planning future deep dive topics.

26 Feb 2025

• Historically CTSRD QEMU, and CheriBSD, have been making merge commits when they update to a new upstream version. Here’s the work in progress update merge for QEMU 6.2: https://github.com/CTSRD-CHERI/qemu/pull/264
  • Pros: This preserves the upstream history and the CHERI development history without rebasing (so the SHAs are all the same, and you avoid all the problems of multiple collaborators working on a mainline that’s constantly rebased).
  • Cons: The merge commit approach works best when you’re updating regularly from upstream, otherwise you can end up with a large and complex merge commit.
• Morello was rebasing all their patches on each new upstream version, but was only updating every third release of the upstream Linux Kernel.
• Codasip also rebased all the Morello patches on Linux Kernel 6.10.
• Generally agreed on one of two paths:
  • Option A: Start with clean Linux kernel v6.10 with full history, apply Morello patches on top, and then a cleaned up set of Codasip patches on top of that
  • Option B: Start with clean Linux kernel v6.14 with full history, apply Morello patches on top, and then a cleaned up set of Codasip patches on top of that
• Carl is going to do an assessment of the changes between v6.10 and v6.14, to help decide which of the two options will be the most reasonable.
• Compat accelerated development, because you can run entire existing applications, and also check that you didn’t break anything.)
• Morello merged 5 patches to support netfilter on hybrid kernel (fixes problem when kernel and userspace pointers aren’t the same size)
• Carl will make Allison an admin on the CHERI Alliance Linux Kernel mailing list.
• Ongoing work on the CHERI C/C++ Programming Guide
• Future topics: yocto, bpf, aio (Christian Ehrhardt), graphics, ioctl, compat, testing, ltp, plan to increase coverage

12 Feb 2025

• Discussion of Morello and Codasip versions of the Linux Kernel, and paths toward convergence.

29 Jan 2025

• Alfredo presented a deep dive on CheriBSD and lessons learned for porting an OS kernel to CHERI.
• Codasip has a binary userspace image they can release.
• Yocto build system still coming.
• Codasip is working on aligning with the latest RISC-V profiles.
• Future topics: collaboration guidelines, deep dive on Yocto.

15 Jan 2025

• Alfredo presented a deep dive on CHERI QEMU development.
• Yocto build system is coming.
• Have some Codasip boards to try out the new Linux branch. Should be able to give a bitstream for Codasip boards next week.
• Have run benchmarks, but limited by lacking things like strcopy/memcopy.
• Request to record the deep dive sessions.
• Would be helpful to have a deep dive session on CHERI design principles and user expectations.

18 Dec 2024

• Vincenzo and Kevin gave deep dive presentations on the Morello Linux project, and the Morello Linux Kernel – the choices they made, what they accomplished, lessons learned, and thoughts on future development for Linux on CHERI.
• Alfredo presented a deep dive on CheriBSD development.

4 Dec 2024

• Website has been launched: https://cheri-linux.org/
  • Ask Carl about making the website repo public.
• Carl is working on setting up mailing lists.
• Question: Could CheriBSD tests be abstracted to other OS and systems [after the call, Robert suggests that cheribsdtest could become something like cheriabitest or cheriposixtest, hosted under CHERI Alliance]
  • What tests has Morello been running on Linux?
  • Seemed that Codasip wanted to do some work, but anyone could work on that.
  • Within CheriBSD, a set of binaries you can build
  • Morello, main test were LTP, not the full syscall suite, there were exceptions, have some separate tests too, specific to purecap (self-contained, no libc)
  • https://git.morello-project.org/morello/morello-linux-ltp
  • https://git.morello-project.org/morello/kernel/linux/-/tree/morello/master/tools/testing/selftests/arm64/morello
• Allison proposes starting deep-dive sessions and intro calls on topics for Linux on CHERI:
  • Alfredo volunteers to do a session on CHERI QEMU, and another on CheriBSD purecap kernel.
  • Carl can do one on Codasip’s Linux repo.
  • Kevin and Vincenzo can do one on Morello Linux (What obstacles did they encounter? Plan was to finish the CHERI ABI first, and then do a purecap kernel. CHERI ABI isn’t finished yet.)
• Pull initial draft of contribution guidelines from Morello slides: https://git.morello-project.org/morello/kernel/linux/-/wikis/res/Linux_on_Morello_Contribution_Process.pdf
• Do we want to add a linux-roadmap repo, for the roadmap document and tracking issues/epics for who’s working on what?
• Action items
  • Merge website cleanup branch
  • Add a page to the website with meeting/schedule information

20 Nov 2024

• Carl set up a new repo cheri-linux-website on CHERI Alliance for the cheri-linux.org website, initially based on the Morello website.
• Alfredo has continued working on CHERI QEMU (Cambridge/Codasip).
• Continuing work on Codasip’s Linux Kernel, not yet up on CHERI Alliance GitHub.

6 Nov 2024

• Set the cadence of meetings to every other week, at the same time.
• Codasip is nearly ready to push their Linux Kernel repo to the CHERI Alliance org on GitHub.
  • Codasip kernel is purecap, cherry-picked patches from Morello kernel to a new baseline.
• Alfredo is looking into Morello support in Codasip’s QEMU.
• Carl is working on setting up a CHERI Alliance mailing list for Linux work.
• Discussion of contribution workflows: Morello used mailing list for patch reviews (like the upstream linux and glibc). Most existing CHERI-related software projects are using git pull requests. General consensus is to accept both.
• Decision to use Hugo for cheri-linux.org website, model it on linux.morello-project.org.
• Do we want to use CHERI Alliance wiki (BookStack) or Next Cloud?

30 Oct 2024

• Add more participants from other organizations.
• Analyze the differences between Morello Linux and Codasip’s work on Linux, and the scope of merging.
  • Codasip includes most of Morello’s Linux patches.
  • Codasip LLVM (version 17) is derived from Cambridge LLVM (version 16). End goal is to merge forks of LLVM into one CHERI Alliance repo.
  • Codasip QEMU has Morello hardware emulation in it, but not tested.
  • Codasip doesn’t have virtualization yet, but have some work on it.
  • Codasip hasn’t looked at subobject bounds yet, but may be easier on Linux than it was on BSD.
• Action items:
  • Collect GitHub usernames for (currently private) access to Linux Kernel repo at CHERI Alliance.
  • Setup #cheri-linux channel on public CHERI-CPU Slack.
  • Publish CHERI Linux Roadmap.
  • Setup cheri-linux.org website.

16 Oct 2024

• Discussions on roadmap and the scope of merging multiple CHERI-related Linux forks into one unified set of repos.

9 Oct 2024

• Discussions on roadmap and the scope of merging multiple CHERI-related Linux forks into one unified set of repos.

2 Oct 2024

• Second meeting on CHERI Linux Strategy.
• Check-in on status of ARM Morello port of Linux.
• Decision to repeat strategy calls weekly for the first few weeks.

30 Sept 2024

• First meeting on CHERI Linux Strategy.
• Check-in on status of Codasip port of Linux.

21 Apr 2024

• First draft of CHERI Linux Roadmap document shared for collaborative editing.

22 Feb 2024

• Strategy meeting, plan to draft CHERI Linux Roadmap document