This work presents the first complete open-source hardware implementation of the standard RISC-V Control-Flow Integrity (CFI) extensions Zicfiss and Zicfilp in the open-source CVA6 processor. By integrating a shadow stack and landing pad mechanism, the design provides hardware-enforced CFI protection for both forward and backward edges. Fabricated in 22 nm FDX technology, the implementation incurs only 1.0% area overhead and exhibits a maximum performance overhead of 15.6% on the MiBench automotive benchmark suite. The solution is highly configurable and achieves low resource and performance costs, marking it as the first open-source hardware realization supporting the official RISC-V CFI extensions.

This work presents the first design, integration, and evaluation of the standard RISC-V extensions for Control-Flow Integrity (CFI). The Zicfiss and Zicfilp extensions aim at protecting the execution of a vulnerable program from control-flow hijacking attacks through the implementation of security mechanisms based on shadow stack and landing pad primitives. We introduce two independent and configurable hardware units implementing forward-edge and backward-edge control-flow protection, fully integrated into the open-source CVA6 core. Our design incurs in only 1.0% area overhead when synthesized in 22 nm FDX technology, and up to 15.6% performance overhead based on evaluation with the MiBench automotive benchmark subset. We release the complete implementation as open source.