This post has been written with the help of @OussamaELmnaouri2001.

The Keystone framework provides some examples. The goal of this blogpost is to explain how we can add a new example and running it easily.

@OussamaELmnaouri2001 has a repository with some examples: https://github.com/OussamaELmnaouri2001/Keystone-Examples. In this tutorial, we will add addition example.

Requirements

It is assumed that the Keystone framework repository has been cloned on the host:

This post has been written with the help of @OussamaELmnaouri2001.

The goal of this blogpost if to show how we can play with Keystone in QEMu in three ways:

1. Running the default framework in QEmu
2. Debugging from the Security Monitor point of view
3. Debugging from an enclave binary point of view

Requirements

It is assumed that the Keystone framework repository has been cloned on the host:

KEYSTONE_REPO=$PWD/keystone
git clone https://github.com/keystone-enclave/keystone
cd keystone
git checkout 88c49ee
git submodule update --init --recursive

Running the default framework in QEmu

Compiling and running QEmu

cd KEYSTONE_REPO
make -j$(nproc) 
make run

Running default examples in the emulator

Once QEmu is launched, it will boot a Buildroot-based kernel:

Reference

• Documentation: http://docs.keystone-enclave.org/en/latest/Getting-Started/Running-Keystone-on-CVA6.html. Based on revision e9fcf7f.

• CVA6 revision f301d69.

Prerequisites

• Vivado 2018.3.

• Genesys2 FPGA board.

Building a CVA6-ready Keystone image

NB: we didn’t enable the root of trust for attestation report yet (http://docs.keystone-enclave.org/en/latest/Getting-Started/Running-Keystone-on-CVA6.html#root-of-trust) as it seems we don’t need it for the moment.

# Cloning the Keystone repository
export KEYSTONE_ROOT=$HOME/keystone
git clone https://github.com/keystone-enclave/keystone.git $KEYSTONE_ROOT
cd $KEYSTONE_ROOT
git checkout 88c49ee99e745980eea623bddacb40f7303107bd
git submodule update --init --recursive

# Building Keystone
KEYSTONE_PLATFORM=cva6 make

# Flashing an SD card
sudo KEYSTONE_PLATFORM=cva6 SD_DEVICE=/dev/sdb make flash

• Be careful of the device ID (/dev/sdb in this tutorial).

export REPO_ROOT=$HOME/keystone
git clone --recurse-submodules https://github.com/keystone-enclave/keystone.git $REPO_ROOT
cd $REPO_ROOT

For a first build of a Buildroot-based image:

make -j$(nproc)

The following command will simply run the Buildroot image in QEmu:

make run

• Login: root

Introduction

In the context of a research project with a PhD student, we have to work on the microarchitecture of a CVA6 and make it compatible with some JIT code (VMIL'23 talk). The official CVA6 repository has recently pushed new scripts to create the SDK. As we already started our work, we want to generate the SDK with the old method on a fork of the CVA6..

Introduction

The idea of this post is to explore how we can add a CSR in the CVA6 processor and how we can check its behavior in GTKwave. In this tutorial, we will try to add a CSR named dmpcfg at address 0x3f0.

Adding a CSR in the CVA6 HDL code

For the CVA6, CSRs are implemented in https://github.com/openhwgroup/cva6/blob/master/core/csr_regfile.sv. In this file, there are two important processes:

• csr_read_process: https://github.com/openhwgroup/cva6/blob/master/core/csr_regfile.sv#L188, the CSR read logic.
• csr_update: https://github.com/openhwgroup/cva6/blob/master/core/csr_regfile.sv#L488, the CSR update/write logic.

Update of the write logic

https://github.com/openhwgroup/cva6/blob/master/core/csr_regfile.sv#L488