I can’t help but feel CHERI is a hardware hack for a software problem. Hardware has no business patching software’s errors. Given the history of vulnerabilities in hardware security features themselves, I’m also sceptical of it being a long term, robust solution. For instance, I recall a paper busting ARM’s Memory Tagging Extension.

Would be nice if an ARM Morello Framework motherboard was released with this.

Sadly, seL4's design approach and formal verification process still hasn't caught on. Until then, we're just rebuilding castles with slightly different grades of sand in the ocean surf and expecting a different result.

I wonder why a separate distro and not upstream this work to FreeBSD?

Does Apple do anything like this with their hardware/software combo?