Running Keystone on the CVA6 RISC-V processor

2025-04-15 414 words 2 minutes

Contents

Reference

Documentation: http://docs.keystone-enclave.org/en/latest/Getting-Started/Running-Keystone-on-CVA6.html. Based on revision e9fcf7f.
CVA6 revision f301d69.

Prerequisites

Vivado 2018.3.
Genesys2 FPGA board.

Building a CVA6-ready Keystone image

NB: we didn’t enable the root of trust for attestation report yet (http://docs.keystone-enclave.org/en/latest/Getting-Started/Running-Keystone-on-CVA6.html#root-of-trust) as it seems we don’t need it for the moment.

        
        
        
    
# Cloning the Keystone repository
export KEYSTONE_ROOT=$HOME/keystone
git clone https://github.com/keystone-enclave/keystone.git $KEYSTONE_ROOT
cd $KEYSTONE_ROOT
git checkout e9fcf7f26a788c282647f820393dd262560f60cc
git submodule update --init --recursive

# Building Keystone
KEYSTONE_PLATFORM=cva6 make

# Flashing an SD card
sudo KEYSTONE_PLATFORM=cva6 SD_DEVICE=/dev/sdb make flash

Be careful of the device ID (/dev/sdb in this tutorial).
make flash will basically perform a dd of fw_payload.bin.

Building a CVA6 compatible with Keystone

The Keystone documentation shows it has been tested with CVA6 revision f301d69.

        
        
        
    
# Clone CVA6 repository
export CVA6_ROOT=$HOME/cva6
git clone https://github.com/openhwgroup/cva6 $CVA6_ROOT
cd $CVA6_ROOT
git checkout f301d6967517336a21a58c9b8a00ea3186906c01
git submodule update --init --recursive

The CVA6 prerequisites are well described here. We assume you have installed the RISC-V toolchain from these instructions.

Then, don’t forget to source your Vivado settings script.

make fpga

It will generate a bitstream (*.bit) in corev_apu/fpga/work-fpga which can be download with the Xilinx Hardware Manager.

Current status

        
        
        
    
OpenSBI v1.1
   ____                    _____ ____ _____
  / __ \                  / ____|  _ \_   _|
 | |  | |_ __   ___ _ __ | (___ | |_) || |
 | |  | | '_ \ / _ \ '_ \ \___ \|  _ < | |
 | |__| | |_) |  __/ | | |____) | |_) || |_
  \____/| .__/ \___|_| |_|_____/|____/_____|
        | |
        |_|

[SM] Initializing ... hart [0]
[SM] Keystone security monitor has been initialized!
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Platform Name             : ARIANE RISC-V
Platform Features         : medeleg
Platform HART Count       : 1
Platform IPI Device       : aclint-mswi
Platform Timer Device     : aclint-mtimer @ 1000000Hz
Platform Console Device   : uart8250
Platform HSM Device       : ---
Platform Reboot Device    : ---
Platform Shutdown Device  : ---
Firmware Base             : 0x80000000
Firmware Size             : 364 KB
Runtime SBI Version       : 1.0

Domain0 Name              : root
Domain0 Boot HART         : 0
Domain0 HARTs             : 0*
Domain0 Region00          : 0x0000000002008000-0x000000000200bfff (I)
Domain0 Region01          : 0x0000000002000000-0x0000000002007fff (I)
Domain0 Region02          : 0x0000000080000000-0x000000008007ffff ()
Domain0 Region03          : 0x0000000000000000-0xffffffffffffffff (R,W,X)
Domain0 Next Address      : 0x0000000080200000
Domain0 Next Arg1         : 0x0000000082200000
Domain0 Next Mode         : S-mode
Domain0 SysReset          : yes

Boot HART ID              : 0
Boot HART Domain          : root
Boot HART Priv Version    : v1.11
Boot HART Base ISA        : rv64imafdc

Known issues

And the boot freezes here. It seems that OpenSBI works but what’s next? Need some debug on this.