This page is an archive of a Q&A session between Linaro tech-leads and a couple of engineer's working on Morello. This page contains only public information largely derived from the following links:

• https://ktn-uk.co.uk/news/digital-security-by-design-collaborators-workshop
  • slides https://www.slideshare.net/KTNUK/digital-security-by-design-technology-platform-richard-grisenthwaite-arm
  • Video of presentation https://vimeo.com/366246134
• Public soft launch of Morello, in particular see presentation by Arm's Chief Architect Richard Gristhenthwaite
• Morello is an implementation of the CHERI architecture on Arm. The concepts are the same although the implementation choices may be different. A lot of detailed information about how capabilities work and what they can be used for can be found by reading the CHERI research papers.
• CHERI v7 https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-927.pdf

Questions

• [Question] What are current tasks for Morello?
• [Answer] The current tasks are finalising the specifications for what Morello will be, architecture, hardware, SoC etc. The existing models, toolchain and software will need to be modified to meet the Morello specification.
• [Question] Where are git repos for Morello support located?
• [Answer] Currently all Morello git repos are internal to Arm. There is an intent to move development to public repos early next year.
• [Question] What functional and Performance test is needed for Linux / Android by the time the silicon arrives
  • [Answer]  One of the primary motivations behind Morello is to get a realistic estimate of the impact on performance of many different usage models. Measurements of the early capability aware platforms versus AArch64 will likely be one of those use cases. Given that Android is a primary target, the impact on power use will be of significant interest.
• Is it relevant to do power  regression tests
• Secular performance
• [Question] How do we get involved in writing security tests to prove the arch actually  provides better security
• [Answer] I think it is a bit too early to give a useful answer. The early focus is on board bring up and low-level software.
• [Question] When can Linaro employees play around with this? We’ve heard that FVP might be available in October next year, is that correct?
• [Answer] Yes it is correct that the FVP of the Morello board is aiming at Q4 next year see slide 14 of https://www.slideshare.net/KTNUK/digital-security-by-design-technology-platform-richard-grisenthwaite-arm . 
• [Question] How will other partners test, can they benefit from Linaro publishing test results, or aggregating them from all the players ?
• [Answer] From the Digital Security By Design Platform Event presentation. The primary focus is FreeBSD, and Android, Secondary Windows PE and Yocto, Tertiary Linux distributions. There may be some scope for a reference implementation of these projects that is tested. As the main focus of Morello is research - it will not become a product - it may be that each partner chooses their own area of investigation.
• [Question] Will TrustZone exist in Morello or will that be totally gone in favor for the new security features?
• [Answer] Morello will be backwards compatible with v8.2 AArch64 only, TrustZone is a part of that. Looking forwards capabilities provide an alternative method to implementing TrustZone like secure environments, the main advantages being a finer grained control of what memory can be accessed. Morello is a platform that can be used for researching how to write such a system.
• [Question] Do we have an estimate of the code size increase and the pressure on the cache ?
• [Answer] Based on a quick look at an immature compiler at -O2 we are looking at an average of 5% code-size increase for compiling using pure capabilities (every pointer is a capability). This does not include the increase in data size due to larger pointer sizes. Disclaimer, this is not the result of a detailed investigation, it is rough and we'd expect to change.
• There isn’t any data for Morello yet, for CHERI there are some research papers that cover this. For example https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/2019tc-cheri-concentrate.pdf and http://fm.csl.sri.com/SSFT19/20190523-ssft-cheri.pdf have some figures for CHERI. I think it is a reasonable assumption that the results for 128-bit Capabilities should be comparable to Morello. In summary: 128-bit capabilities have a 1 - 2 % increase in L1 D-Cache miss rate. Pointer chasing workloads suffer more. In both cases L2 misses increased.
• [Question] which capability implementation has been chosen for Arm ISA ?
• Morello will be using 128-bit Capabilities with a 129th validity bit invisible to software.
• [Question] are you using dedicated capacity registers or extending the integer registers ?
• [Answer]  Details aren't public at the moment. The decision isn't visible architecturally to software.