lowRISC and Capabilities Limited launch the COSMIC Project to deliver a commercial-grade, open-source CHERI Secure Enclave.
lowRISC and Capabilities Limited have announced the launch of the COSMIC Project, backed by the UK Department for Science, Innovation and Technology (DSIT) and InnovateUK. The initiative aims to deliver the world’s first open source, commercial-quality, CHERI-enabled, 64-bit application-class Secure Enclave design, running until March 2028, with its first stage due in March 2026.
Designed to form a secure foundation for application-class SoCs, COSMIC integrates CHERI technology, formal verification, and open source design to provide advanced memory safety and compartmentalisation. Secure Enclaves protect sensitive data such as passwords and biometrics, even when other system components are compromised, a critical defence as cybercrime escalates globally.
Building on the OpenTitan open silicon Root of Trust, COSMIC incorporates the CVA6-CHERI processor from Capabilities Limited, based on OpenHW Foundation’s CVA6. The design supports a Linux-style operating system, implements the RISC-V ‘Y’ extension (CHERI) for hardware-level memory safety, and introduces a dual-core lockstep configuration for additional resilience.
Formal verification is led by Professor Tom Melham at Oxford University in collaboration with lowRISC, extending methods used in Microsoft’s CHERIoT-Ibex Core to ensure ISA-level correctness and commercial reliability.
“At lowRISC, we believe strongly in our mission to make commercial open source silicon real, and in security by openness, not obscurity,” said Javier Orensanz Martinez, CEO of lowRISC.
According to Professor John Goodacre of InnovateUK, COSMIC accelerates the commercial maturity of CHERI-enhanced RISC-V cores, paving the way for high-security open platforms such as OpenTitan.
