Capability Hardware Enhanced RISC Instructions

Last updated

Capability Hardware Enhanced RISC Instructions (CHERI) is a computer processor technology designed to improve security. CHERI aims to address the root cause of the problems that are caused by a lack of memory safety in common implementations of languages such as C/C++, which are responsible for around 70% of security vulnerabilities in modern systems. [1] [2]

Contents

The hardware works by giving each reference to any piece of data or system resource its own access rules. This prevents programs from accessing or changing things they should not. It also makes it hard to trick a part of a program into accessing or changing something that it should be able to access, but at a different time. The same mechanism is used to implement privilege separation, dividing processes into compartments that limit the damage that a bug (security or otherwise) can do.

CHERI can be added to many different instruction set architectures including MIPS, AArch64, and RISC-V, making it usable across a wide range of platforms.

Software must be recompiled to gain fine-grained memory-safety benefits from CHERI, but most software requires few (if any) changes to the source code. [3] CHERI's importance has been recognised by governments as a way to improve cybersecurity and protect critical systems. [4] It is under active development by various business and academic organizations. [5]

Background

CHERI is a capability architecture. [6] Early capability architectures, such as the CAP computer and Intel iAPX 432, demonstrated secure memory management but were hindered by performance overheads and complexity. [7] As systems became faster and more complex, vulnerabilities like buffer overflows and use-after-free errors became widespread. CHERI addresses these challenges with a design intended for modern computing environments. It enforces memory safety and provides secure sharing and isolation to handle increasing software complexity and combat cyberattacks.

Mechanism

Memory access with and without CHERI. CapabilityLayoutForWikipedia.svg
Memory access with and without CHERI.

A CHERI system operates at a hardware level by providing a hardware-enforced type (a CHERI capability) that authorises access to memory. This type includes an address and other metadata, such as bounds and permissions. Instructions such as loads, stores, and jumps, that access memory use one of these types to authorise access, whereas on traditional architectures they would simply use an address.

This metadata is stored inline, alongside the address, in the computer's memory and protected by a tag bit, which is cleared if the capability is tampered with. This informs the computer of which areas of memory can be accessed through a specific operation and how a program can modify or read memory through that operation. This allows CHERI systems to catch cases where memory that was outside the bounds of where the program was supposed to read or write to was operated on. Associating the metadata with the value used to access memory, rather than with the memory being accessed (in contrast to a memory management unit) means that the hardware can catch cases where a program attempts to access a part of memory that it should have access to while intending to access a different piece of memory.

Implementations of CHERI systems also include modifications to the default memory allocator. A memory allocator is a component that defines that a range of addresses should be treated by the programmer as an object. On a CHERI system, it must also communicate this information to the hardware, by setting the bounds on the pointer (represented by a CHERI capability) that is returned. [8] It may also communicate the lifetime, to prevent use-after-free or use-after-reuse bugs. [9] [10] [11]

Depending on the context, CHERI systems can be used to enhance compiler-level checks, build secure enclaves, [12] or even be used to augment existing instruction architectures. A report by Microsoft in 2019 found that CHERI's protections could be used to mitigate over 70% of memory safety issues found in 2019 at the company. [13] CHERI architectures are also designed to be backward compatible with existing programming languages such as C and C++. A study performed by University of Cambridge researchers found that porting six million lines of C and C++ code to CHERI required changes to 0.026% of the Lines-of-Code (LoC). [3]

Limitations

The architecture introduces hardware complexity due to the tag-bit mechanisms and capability checks required for enforcing memory safety. Although optimisations have been implemented to minimise these impacts, [14] the performance trade-offs can vary depending on specific workloads and specific implementations. Additionally, CHERI requires modifications to both software and hardware ecosystems. Implementations such as Morello allow unmodified binaries to run but these do not get any additional security benefits. Software must be recompiled or adapted to utilise CHERI's capability-based model, and hardware manufacturers must incorporate CHERI extensions into their designs.

Standardisation remains an ongoing effort. While initiatives such as the CHERI Alliance [15] and RISC-V standardisation [16] aim to establish broader support, the lack of widely accepted industry standards for CHERI features have delayed adoption. Adapting legacy software or retrofitting existing systems to work with CHERI can be challenging, particularly for large and heterogeneous codebases. The difficulty often stems from programming practices used during the software's original development, such as implementing custom memory management, where identifying pointers from integers can be particularly problematic. [17]

CHERI implementations

The CHERI architecture has been implemented across multiple platforms and projects:

CHERI implementations that target mainstream operating systems are designed to accommodate both legacy and pure capability software, allowing for gradual adaptation for existing applications. CHERI has also been implemented across various hardware architectures in a research setting, including MIPS, [6] AArch64 (via the Morello platform), and RISC-V. [25]

History

In the 1970s and 1980s early capability architectures such as the CAP computer (developed at the University of Cambridge) and the Intel iAPX 432 demonstrated strong security properties. These systems relied on indirection tables to manage capabilities, introducing performance bottlenecks as memory access required multiple lookups. While this approach worked when processors were slow and memory was fast, it became impractical by the mid-1980s as processors became faster and memory access times lagged behind. [7]

In 2010 DARPA launched the Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) programme, [26] [27] which tasked participants with redesigning computer systems to improve security. SRI International and University of Cambridge team revisited capability architectures, seeking to address memory safety challenges inherent in conventional designs.

By 2012 early CHERI prototypes were presented, [28] These prototypes ran a microkernel with hand-written assembly for manipulating capabilities. CHERI was designed to be easy to implement on modern superscalar pipelined architectures. Unlike earlier capability systems, CHERI eliminated the need for indirection tables, [6] avoiding the associated performance issues and proving that modern capability architectures could be efficiently implemented.

In 2014 CHERI hardware demonstrated its ability to run a full UNIX-like operating system, FreeBSD. This demonstration showed that CHERI's capability model can integrate with existing software ecosystems. CHERI was originally prototyped as an extension to MIPS-64. [6] The implementation used 256-bit capabilities, containing fields for a 64-bit base, length, object type, and permissions, with some bits reserved for experimental purposes.

In 2015 CHERI introduced a new capability encoding model that separated the address (referred to as a cursor) from the bounds and permissions. This refinement allowed capabilities to function as pointers in compiled C code, [11] improving usability. That same year, Arm joined the project and provided critical feedback, highlighting that while doubling pointer sizes might be acceptable, quadrupling them would not. This feedback led to the development of CHERI Concentrate, [14] a compressed encoding model that reduced capability size to 128 bits by eliminating redundancy between the base, address, and top.

In 2019 CheriABI [29] demonstrated a fully memory-safe implementation of POSIX, allowing existing desktop software to become memory safe with a single recompile.

By 2020 it became evident that software vendors were reluctant to port their software without hardware vendor support, while hardware vendors were unwilling to produce chips without sufficient customer demand. UK Research and Innovation (UKRI) launched the Digital Security by Design (DSbD) programme [30] to address adoption barriers for CHERI. The programme allocated £70M, matched by £100M of industrial investment, to build the CHERI software ecosystem. [30]

This initiative funded Arm's Morello chip, a superset architecture designed to evaluate experimental CHERI features for potential production use based on AArch64. The Morello board was designed to run CheriBSD, as well as custom versions of Android and Linux. At the same time, the Cornucopia [31] project demonstrated that CHERI could enforce both spatial and temporal memory safety, offering deterministic protection against heap object temporal aliasing (roughly, "use-after-free"). The follow-up project, Cornucopia Reloaded, [9] showcased efficient temporal safety using page-table features in Morello, in particular, near-negligible pause times for the application making use of revocation.

In 2023 Microsoft introduced CHERIoT, [10] a RISC-V CHERI adaptation optimised for small embedded devices. CHERIoT incorporated ideas from Cornucopia and memory colouring techniques such as SPARC ADI and Arm MTE to enhance security. As part of the UKRI-funded Sunburst project, lowRISC launched the Sonata platform to advance RISC-V-based CHERI development and support standardisation efforts. Both the CHERI RISC-V research work and CHERIoT fed into the standardisation process for an official CHERI family of RISC-V extensions. [16] Codasip announced that they had RISC-V IP cores with CHERI extensions available to license. [32]

By 2024 SCI Semiconductors announced ICENI, [24] a CHERIoT-compatible chip designed specifically for secure embedded systems. Codasip is actively developing a Linux kernel implementation for the RISC-V architecture. [33] The CHERI Alliance, a non-profit organisation based in Cambridge, UK, was established to promote the adoption of CHERI technology and its integration into secure digital products and systems, including Google as a founding member. [5]

Related Research Articles

<span class="mw-page-title-main">Harvard architecture</span> Computer architecture where code and data each have a separate bus

The Harvard architecture is a computer architecture with separate storage and signal pathways for instructions and data. It is often contrasted with the von Neumann architecture, where program instructions and data share the same memory and pathways. This architecture is often used in real-time processing or low-power applications.

ARM is a family of RISC instruction set architectures (ISAs) for computer processors. Arm Holdings develops the ISAs and licenses them to other companies, who build the physical devices that use the instruction set. It also designs and licenses cores that implement these ISAs.

The 801 was an experimental central processing unit (CPU) design developed by IBM during the 1970s. It is considered to be the first modern RISC design, relying on processor registers for all computations and eliminating the many variant addressing modes found in CISC designs. Originally developed as the processor for a telephone switch, it was later used as the basis for a minicomputer and a number of products for their mainframe line. The initial design was a 24-bit processor; that was soon replaced by 32-bit implementations of the same concepts and the original 24-bit 801 was used only into the early 1980s.

Plessey System 250, also known as PP250, was the first operational computer to implement capability-based addressing, to check and balance the computation as a pure Church–Turing machine. Plessey built the systems for a British Army message routing project.

<span class="mw-page-title-main">Intel iAPX 432</span> Discontinued Intel microprocessor architecture

The iAPX 432 is a discontinued computer architecture introduced in 1981. It was Intel's first 32-bit processor design. The main processor of the architecture, the general data processor, is implemented as a set of two separate integrated circuits, due to technical limitations at the time. Although some early 8086, 80186 and 80286-based systems and manuals also used the iAPX prefix for marketing reasons, the iAPX 432 and the 8086 processor lines are completely separate designs with completely different instruction sets.

A processor register is a quickly accessible location available to a computer's processor. Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. In computer architecture, registers are typically addressed by mechanisms other than main memory, but may in some cases be assigned a memory address e.g. DEC PDP-10, ICT 1900.

Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware within a process from affecting other processes, or the operating system itself. Protection may encompass all accesses to a specified area of memory, write accesses, or attempts to execute the contents of the area. An attempt to access unauthorized memory results in a hardware fault, e.g., a segmentation fault, storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable-space protection.

The MicroBlaze is a soft microprocessor core designed for Xilinx field-programmable gate arrays (FPGA). As a soft-core processor, MicroBlaze is implemented entirely in the general-purpose memory and logic fabric of Xilinx FPGAs.

<span class="mw-page-title-main">Hardware acceleration</span> Specialized computer hardware

Hardware acceleration is the use of computer hardware designed to perform specific functions more efficiently when compared to software running on a general-purpose central processing unit (CPU). Any transformation of data that can be calculated in software running on a generic CPU can also be calculated in custom-made hardware, or in some mix of both.

In computer science, a single address space operating system is an operating system that provides only one globally shared address space for all processes. In a single address space operating system, numerically identical logical addresses in different processes all refer to exactly the same byte of data.

<span class="mw-page-title-main">Protection ring</span> Layer of protection in computer systems

In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults and malicious behavior.

CPU modes are operating modes for the central processing unit of most computer architectures that place restrictions on the type and scope of operations that can be performed by instructions being executed by the CPU. For example, this design allows an operating system to run with more privileges than application software by running the operating systems and applications in different modes.

In computer science, capability-based addressing is a scheme used by some computers to control access to memory as an efficient implementation of capability-based security. Under a capability-based addressing scheme, pointers are replaced by protected objects which specify both a location in memory, along with access rights which define the set of operations which can be carried out on the memory location. Capabilities can only be created or modified through the use of privileged instructions which may be executed only by either the kernel or some other privileged process authorised to do so. Thus, a kernel can limit application code and other subsystems access to the minimum necessary portions of memory, without the need to use separate address spaces and therefore require a context switch when an access occurs.

<span class="mw-page-title-main">Kernel (operating system)</span> Core of a computer operating system

A kernel is a computer program at the core of a computer's operating system that always has complete control over everything in the system. The kernel is also responsible for preventing and mitigating conflicts between different processes. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources e.g. CPU & cache usage, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup. It handles the rest of startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit.

<span class="mw-page-title-main">Motorola 88110</span> Microprocessor developed by Motorola

The MC88110 was a microprocessor developed by Motorola that implemented the 88000 instruction set architecture (ISA). The MC88110 was a second-generation implementation of the 88000 ISA, succeeding the MC88100. It was designed for use in personal computers and workstations.

<span class="mw-page-title-main">Computer architecture</span> Set of rules describing computer system

In computer science and computer engineering, computer architecture is a description of the structure of a computer system made from component parts. It can sometimes be a high-level description that ignores details of the implementation. At a more detailed level, the description may include the instruction set architecture design, microarchitecture design, logic design, and implementation.

In computer architecture, 256-bit integers, memory addresses, or other data units are those that are 256 bits wide. Also, 256-bit central processing unit (CPU) and arithmetic logic unit (ALU) architectures are those that are based on registers, address buses, or data buses of that size. There are currently no mainstream general-purpose processors built to operate on 256-bit integers or addresses, though a number of processors do operate on 256-bit data.

IBM POWER is a reduced instruction set computer (RISC) instruction set architecture (ISA) developed by IBM. The name is an acronym for Performance Optimization With Enhanced RISC.

RISC-V is an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles. The project began in 2010 at the University of California, Berkeley, transferred to the RISC-V Foundation in 2015, and on to RISC-V International, a Swiss non-profit entity, in November 2019. Like several other RISC ISAs, e.g. Amber (ARMv2) or OpenRISC, RISC-V is offered under royalty-free open-source licenses. The documents defining the RISC-V instruction set architecture (ISA) are offered under a Creative Commons license or a BSD License.

Codasip is a processor technology company enabling system-on-chip developers to differentiate their products. The company specializes in RISC-V processor technologies and offers Codasip Studio, a tool suite for processor design using the CodAL architecture description language.

References

  1. "Chrome: 70% of all security bugs are memory safety issues". ZDNet. 22 May 2020. Retrieved 24 January 2025.
  2. "Microsoft: 70 percent of all security bugs are memory safety issues". ZDNet. 11 February 2019. Retrieved 24 January 2025.
  3. 1 2 Robert N. M. Watson; Ben Laurie; Alex Richardson (17 September 2021). Assessing the Viability of an Open-Source CHERI Desktop Software Ecosystem (PDF) (Technical report). Capabilities Ltd.
  4. "Final ONCD Technical Report" (PDF). White House. Office of the National Cyber Director. February 2024. Archived (PDF) from the original on 21 January 2025. Retrieved 21 January 2025.
  5. 1 2 Manners, David (13 November 2024). "CHERI Alliance launched". Electronics Weekly. Retrieved 20 January 2025.
  6. 1 2 3 4 Jonathan Woodruff; Robert N. M. Watson; David Chisnall; Simon W. Moore; Jonathan Anderson; Brooks Davis; Ben Laurie; Peter G. Neumann; Robert Norton; Michael Roe (2014). The CHERI capability model: Revisiting RISC in an age of risk. 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). Minneapolis, MN, USA. pp. 457–468. doi:10.1109/ISCA.2014.6853201.
  7. 1 2 Levy, Henry M. (1984). Capability-based computer systems. Bedford, Mass.: Digital Press. ISBN   978-1483107400 . Retrieved 24 January 2025.
  8. Bramley, Jacob; Jacob, Dejice; Lascu, Andrei; Singer, Jeremy; Tratt, Laurence (6 June 2023). "Picking a CHERI Allocator: Security and Performance Considerations" (PDF). Proceedings of the 2023 ACM SIGPLAN International Symposium on Memory Management. ISMM 2023. New York, NY, USA: Association for Computing Machinery. pp. 111–123. doi:10.1145/3591195.3595278. ISBN   979-8-4007-0179-5.
  9. 1 2 Nathaniel Wesley Filardo; Brett F. Gutstein; Jonathan Woodruff; Jessica Clarke; Peter Rugg; Brooks Davis; Mark Johnston; Robert Norton; David Chisnall; Simon W. Moore; Peter G. Neumann; Robert N. M. Watson (2024). "Cornucopia Reloaded: Load Barriers for CHERI Heap Temporal Safety". Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2 (ASPLOS '24). Vol. 2. New York, NY, USA: Association for Computing Machinery. pp. 251–268. doi:10.1145/3620665.3640416.
  10. 1 2 3 Saar Amar; David Chisnall; Tony Chen; Nathaniel Wesley Filardo; Ben Laurie; Kunyan Liu; Robert Norton; Simon W. Moore; Yucong Tao; Robert N. M. Watson; Hongyan Xia (2023). "CHERIoT: Complete Memory Safety for Embedded Devices". Proceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO '23). New York, NY, USA: Association for Computing Machinery. pp. 641–653. doi: 10.1145/3613424.3614266 .
  11. 1 2 David Chisnall; Colin Rothwell; Robert N.M. Watson; Jonathan Woodruff; Munraj Vadera; Simon W. Moore; Michael Roe; Brooks Davis; Peter G. Neumann (2015). "Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine". Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '15). New York, NY, USA: Association for Computing Machinery. pp. 117–130. doi:10.1145/2694344.2694367.
  12. Van Strydonck, Thomas; Noorman, Job; Jackson, Jennifer; Alves Dias, Leonardo; Vanderstraeten, Robin; Oswald, David; Piessens, Frank; Devriese, Dominique (1 July 2023). CHERI-TrEE: Flexible enclaves on capability machines. 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE. pp. 1143–1159. doi:10.1109/EuroSP57164.2023.00070. ISBN   978-1-6654-6512-0.
  13. "Security Analysis of CHERI ISA". Microsoft Security Response Center blog. Retrieved 21 January 2025.
  14. 1 2 Jonathan Woodruff; Alexandre Joannou; Hongyan Xia; Anthony Fox; Robert Norton; Thomas Bauereiss; David Chisnall; Brooks Davis; Khilan Gudka; Nathaniel W. Filardo; A. Theodore Markettos; Michael Roe; Peter G. Neumann; Robert N. M. Watson; Simon W. Moore (2019). "CHERI Concentrate: Practical Compressed Capabilities". IEEE Transactions on Computers. 68 (10). IEEE: 1455–1469. doi:10.1109/TC.2019.2914037.
  15. "CHERI Alliance – Industry-led security technology". CHERI Alliance. Retrieved 27 January 2025.
  16. 1 2 "CHERI Ratification Plan" . Retrieved 10 January 2025.
  17. Robert N.M. Watson; David Chisnall; Jessica Clarke; Brooks Davis; Nathaniel Wesley Filardo; Ben Laurie; Simon W. Moore; Peter G. Neumann; Alexander Richardson; Peter Sewell; Konrad Witaszczyk; Jonathan Woodruff (July–August 2024). "CHERI: Hardware-Enabled C/C++ Memory Protection at Scale". IEEE Security & Privacy. 22 (4): 50–61. doi: 10.1109/MSEC.2024.3396701 .
  18. "Arm Morello Program" . Retrieved 9 January 2025.
  19. Robinson, Dan. "How Arm popped CHERI architecture into Morello Program hardware". The Register. Retrieved 11 January 2025.
  20. Saar Amar; Tony Chen; David Chisnall; Felix Domke; Nathaniel Filardo; Kunyan Liu; Robert Norton-Wright; Yucong Tao; Robert N. M. Watson; Hongyan Xia (February 2023). CHERIoT: Rethinking security for low-cost embedded systems (Technical report). Microsoft. MSR-TR-2023-6.
  21. "Who controls the CHERIoT project?". November 2024. Retrieved 20 January 2025.
  22. "Welcome to the Sunburst Project". lowRISC. Retrieved 20 January 2025.
  23. "Codasip Protects Memory With Cheri | TechInsights". www.techinsights.com. Retrieved 27 January 2025.
  24. 1 2 Flaherty, Nick (23 October 2024). "First CHERI RISC-V embedded chip and Early Access Programme". eeNews Europe. Retrieved 11 January 2025.
  25. "CHERI-Piccolo, CHERI-Flute, and CHERI-Toooba CPU cores on FPGA" . Retrieved 24 January 2025.
  26. "CRASH: Clean-slate design of Resilient, Adaptive, Secure Hosts". DARPA. 2010. Retrieved 18 January 2025.
  27. "DARPA's CRASH Program Reinvents The Computer For Better Security". Breaking Defence. 21 December 2012. Retrieved 18 January 2025.
  28. Robert N.M. Watson; Peter G. Neumann; Jonathan Woodruff; Jonathan Anderson; Ross Anderson; Nirav Dave; Ben Laurie; Simon W. Moore; Steven J. Murdoch; Philip Paeps; Michael Roe; Hassen Saidi (2 March 2012). CHERI: a research platform deconflating hardware virtualization and protection (PDF). Workshop on Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012).
  29. Brooks Davis; Robert N. M. Watson; Alexander Richardson; Peter G. Neumann; Simon W. Moore; John Baldwin; David Chisnall; Jessica Clarke; Nathaniel Wesley Filardo; Khilan Gudka; Alexandre Joannou; Ben Laurie; A. Theodore Markettos; J. Edward Maste; Alfredo Mazzinghi; Edward Tomasz Napierala; Robert M. Norton; Michael Roe; Peter Sewell; Stacey Son; Jonathan Woodruff (2019). "CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment". Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19). New York, NY, USA: Association for Computing Machinery. pp. 379–393. doi:10.1145/3297858.3304042.
  30. 1 2 "Digital security by design". UK Research and Innovation. 2020. Retrieved 18 January 2025.
  31. Nathaniel Wesley Filardo; Brett F. Gutstein; Jonathan Woodruff; Sam Ainsworth; Lucian Paul-Trifu; Brooks Davis; Hongyan Xia; Edward Tomasz Napierala; Alexander Richardson; John Baldwin; David Chisnall; Jessica Clarke; Khilan Gudka; Alexandre Joannou; A. Theodore Markettos; Alfredo Mazzinghi; Robert M. Norton; Michael Roe; Peter Sewell; Stacey Son; Timothy M. Jones; Simon W. Moore; Peter G. Neumann; Robert N. M. Watson (18–20 May 2020). "Cornucopia: Temporal Safety for CHERI Heaps" (PDF). Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland 2020). San Jose, CA, USA. doi:10.1109/SP40000.2020.00098.
  32. "Codasip delivers first commercial CHERI processor using RISC-V". eeNews. 2 November 2023. Retrieved 20 January 2025.
  33. "Codasip enables secure Linux by donating CHERI RISC-V SDK to the CHERI Alliance". Codasip. 21 October 2024. Retrieved 20 January 2025.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.