RISC-V

SpacemiT K3 is an upcoming RVA23-compliant 64-bit RISC-V processor based on X100 cores clocked at up to 2.5 GHz. So far, we had limited information, but SpacemiT gave remote access to one SpacemiT K3-powered server to Sander, and he was kind enough to share some system information and early benchmarks.

GNU Guix 1.5 is out today as the latest major release for this platform built around its functional package manager. This is a big upgrade with it having been three years since the GNU Guix 1.4 release.

GNU Guix 1.5 brings the KDE Plasma 6.5 desktop as well as more than 12.5k new packages and 29.9k package updates. Those using GNOME on Guix will now find Wayland is used, GNU Shepherd 1.0 provides the init system, and a variety of other updates.

The first RISC-V Annual Report hit virtual shelves this week. Inside, it details a defining year for RISC-V, the open standard ISA I co-founded back in 2010. We share major technical milestones, accelerating industry adoption, global ecosystem growth, and how we’ve laid foundations for the next phase of commercial deployment.

You’ll find me on page 10 of the report, delivering the same consistent message to audiences at RISC-V Summits around the world: The State of the Union Is Strong.

By ‘union’, I refer to the RISC-V ecosystem: its contributors, users, and developers, from multi-national corporations to solo academics, working together under a shared banner to strengthen the standard and deliver real, functioning systems.

Xous is a message-passing microkernel implemented in pure Rust, targeting secure embedded applications. This talk covers three novel aspects of the OS: hardware MMU support (and why we had to make our own chip to get this feature), how and why we implemented the Rust standard library in Rust (instead of calling the C standard library, like most other Rust platforms), and how we combine the power of Rust semantics with virtual memory to create safe yet efficient asynchronous messaging primitives. We conclude with a short demo of the OS running on a new chip, the "Baochip-1x", which is an affordable, mostly-open RTL SoC built in 22nm TSMC, configured expressly for running Xous.

The world is full of small, Internet-of-Things (IoT) gadgets running embedded operating systems. These devices generally fall into two categories: larger devices running a full operating system using an MMU which generally means Linux, or smaller devices running without an MMU using operating systems like Zephyr, chibios, or rt-thread, or run with no operating system at all. The software that underpins these projects is written in C with coarse hardware memory protection at best. As a result, these embedded OSes lack the security guarantees and/or ergonomics offered by modern languages and best practices.

The Xous microkernel borrows concepts from heavier operating systems to modernize the embedded space. The open source OS is written in pure Rust with minimal dependencies and an emphasis on modularity and simplicity, such that a technically-savvy individual can audit the code base in a reasonable period of time. This talk covers three novel aspects of the OS: its incorporation of hardware memory virtualization, its pure-Rust standard library, and its message passing architecture.

Desktop OSes such as Linux require a hardware MMU to virtualize memory. We explain how ARM has tricked us into accepting that MMUs are hardware-intensive features only to be found on more expensive “application” CPUs, thus creating a vicious cycle where cheaper devices are forced to be less safe. Thanks to the open nature of RISC-V, we are able to break ARM’s yoke and incorporate well-established MMU-based memory protection into embedded hardware, giving us security-first features such as process isolation and encrypted swap memory. In order to make Xous on real hardware more accessible, we introduce the Baochip-1x, an affordable, mostly-open RTL 22nm SoC configured expressly for the purpose of running Xous. The Baochip-1x features a Vexriscv CPU running at 400MHz, 2MiB of SRAM, 4MiB of nonvolatile RRAM, and a quad-core RV32E-derivative I/O accelerator called the “BIO”, based on the PicoRV clocked at 800MHz.

Most Rust targets delegate crucial tasks such as memory allocation, networking, and threading to the underlying operating system’s C standard library. We want strong memory safety guarantees all the way down to the memory allocator and task scheduler, so for Xous we implemented our standard library in pure Rust. Adhering to pure Rust also makes cross-compilation and cross-platform development a breeze, since there are no special compiler or linker concerns. We will show you how to raise the standard for “Pure Rust” by implementing a custom libstd.

Xous combines the power of page-based virtual memory and Rust’s strong borrow-checker semantics to create a safe and efficient method for asynchronous message passing between processes. This inter-process communication model allows for easy separation of different tasks while keeping the core kernel small. This process maps well onto the Rust "Borrow / Mutable Borrow / Move" concept and treats object passing as an IPC primitive. We will demonstrate how this works natively and give examples of how to map common programming algorithms to shuttle data safely between processes, as well as give examples of how we implement features such as scheduling and synchronization primitive entirely in user space.

We conclude with a short demo of Xous running on the Baochip-1x, bringing Xous from the realm of emulation and FPGAs into everyday-user accessible physical silicon.

I've been out of the loop on RISC-V for a little bit. Are there any interesting chips or boards that are releasing this year? I know the Milk-V titan is releasing soon, but it's not RVA23 which is what I am interested in seeing.

Increasingly complex RISC-V cores aren't magically immune to the speculative execution / side-channel vulnerabilities that have rattled the x86_64 and ARM64 landscape for years. Following recent work on Spectre V1 handling for RISC-V in the Linux kernel, merged this weekend for Linux 6.19-rc5 is another RISC-V attack vector safeguard.

A patch was merged on Saturday in time for today's Linux 6.19-rc5 release as another security improvement for RISC-V. The RISC-V architecture code in the Linux kernel is now sanitizing the system call table indexing under speculation, similar to how the code is already handled in the x86 and ARM space. Due to the system call number being a user-controlled value for indexing into the syscall table, special handling is needed to prevent speculative out-of-bounds access and possible data leakage via cache side channels.

Box64 is a x86 emulator that supports RiSC-V. With this, its possible to run steam, wine/proton, many games, and a lot of software on a RiSC-V computer!

The Gentoo Linux project published their 2025 retrospective this week with their many accomplishments, including the recruitment of four more developers and now being up to 31,663 ebuilds and a total of 89GB worth of x86_64 binary packages on mirrors.

Gentoo in 2025 moved away from GitHub to the Forgejo-based Codeberg in order to avoid Microsoft Copilot usage of their repositories. On the financial front, Gentoo moved their financial structure over to Software in the Public Interface (SPI).

The developers behind the Debian-based ParrotOS ethical hacking and penetration testing distribution announced today the general availability of Parrot 7.0 (codename Echo) as a major update with a new base and new features.

Based on the latest Debian 13 “Trixie” operating system series and powered by Linux kernel 6.12 LTS, the Parrot 7.0 release ships with KDE Plasma as the default desktop environment on Wayland, which was tweaked to make it as lightweight as possible, along with a classic terminal green style across the entire system.

New hacking tools have been included in this release, such as ConvoC2, a Red Teamer’s tool to exploit MS Teams, goshs, a SimpleHTTPServer written in Go, evil-winrm-py, a Python-based tool for executing commands on remote Windows machines, and AutoRecon, a multi-threaded network reconnaissance tool.

QEMU, a popular open-source machine emulator and virtualizer, has officially released version 10.2 (following a four-release candidate cycle) as the second point update to the 10.x series.

A notable change is a clarification of QEMU’s security policy. The project now explicitly defines which machine types fall under the “virtualization use case” when determining what qualifies as a security bug.

Several legacy components have been removed. The long-deprecated -old-param option is gone, and the Arm PXA CPU family has been fully removed.

It's been a rocky few days for Arm

Spectre V1 mitigations in the Linux kernel are coming for RISC-V with newer RISC-V core designs being vulnerable to Spectre Variant One style attacks.

Spectre V1 as a reminder is the variant for Bounds Check Bypass with CPU speculative execution in conditional branches. The Linux kernel RISC-V code hasn't seen Spectre V1 protections since earlier more basic RISC-V core designs have been immune to Variant One and other Spectre vulnerabilities. But newer more complex RISC-V core designs are bringing some of the same challenges exhibited on x86_64 and AArch64 architectures.

LILYGO has introduced the T-Display P4, a handheld development board built around Espressif’s ESP32-P4 application processor and a companion ESP32-C6 for wireless connectivity. The platform targets portable HMIs, sensor-equipped field devices, and edge systems that require a display, camera support, and multiple radios in a compact enclosure.

Measuring about 63 × 109 × 22 mm, the T-Display P4 is built around the ESP32-P4, which combines a dual-core RISC-V CPU running at up to 360–400 MHz with an additional low-power RISC-V core operating at 40 MHz

The RISC-V CPU architecture changes have been merged for the in-development Linux 6.19 kernel.

With this new kernel RISC-V now supports CPU hot-plugging in parallel for secondary CPU cores. Secondary CPU cores can now be brought up asynchronously with the "HOTPLUG_PARALLEL" kernel feature now being supported on RISC-V for more quickly bringing up multiple CPU cores besides the primary CPU0. The CPU hot-plugging support particularly with RISC-V SoCs is primarily about dynamic enabling/disabling of CPU cores while the system is running rather than needing to handle their bring-up sequentially.

The set of six branches containing SoC and platform updates/additions for the Linux 6.19 kernel have been merged for enabling a lot of new RISC-V and ARM 64-bit hardware as well as enhancing some existing SoCs/platforms.

Arnd Bergmann sent out all of the SoC updates/additions on Friday for the ongoing Linux 6.19 merge window. There is some exciting new hardware, Device Trees for some new ARM machines, and more