COSMIC Secure Enclave

COSMIC is a new open-source project, funded by the UK Department for Science, Innovation and Technology (DSIT) and Innovate UK, to deliver an open-source secure enclave design. It runs between November 2025 and March 2028, and shows the UK government’s support for our Security by Design strategy.

COSMIC is led by lowRISC®, with support from Capabilities Limited.

The new key component in COSMIC is CVA6-CHERI: a 64-bit Linux-capable version of the CVA6 processor enhanced with CHERI memory safety capabilities. COSMIC will deliver a dual-core locked step CPU configuration with commercial standard verification, and will extend it with IP from the OpenTitan® root of trust project to enable its use as a secure enclave.

Memory safety and CHERI

The exploitation of memory vulnerabilities is a very common route of attack against software. At lowRISC we believe that the best approach to protecting your system against this type of attack is by taking a multi-pronged approach: improving the quality of your software with static analysis tools, adopting memory-safe languages, and letting the hardware enforce memory safety policies.

RISC-V processors, such as Ibex® and CVA6 can address memory safety in hardware through the addition of the powerful Capability Hardware Enhanced RISC Instructions (CHERI) technology. The adoption of CHERI also impacts the design of the memory system.

Since secure enclaves are intended to run complex software stacks, the addition of CHERI can contribute greatly to the security of the whole system.