Keystone is an open-source TEE framework for RISC-V processors.
You can currently try Keystone on qemu, FireSim (FPGA), or the SiFive HiFive Unleashed board.
You can migrate the Keystone enclave into arbitrary RISC-V processor, with a very small modification on hardware to plant the silicon root of trust.
Attention!
We're actively adding more documents right now. Please post in Keystone forum or create a GitHub issue if you face any undocumented trouble.
Attention!
The current version (0.X) of Keystone is not formally verified, nor matured. We recommend you to use Keystone only for research purposes until it gets stablized. We appreciate any contribution for making Keystone better.
Following documents are quick guide to test or deploy Keystone on various platforms.
.. toctree:: :maxdepth: 1 Running-Keystone-with-QEMU Running-Keystone-with-FireSim Running-Keystone-on-Hardware
- :doc:`Hello world with libc<Tutorials/Build-Enclave-App-Hello-World>`
- :doc:`Hello world without libc<Tutorials/Build-Enclave-App-Hello-World-Native>`
The Keystone Demo is an example of the current capabilities of the Keystone enclave framework.
See https://github.com/keystone-enclave/keystone-demo and documentation contained within.
The Keystone repository (https://github.com/keystone-enclave/keystone) consists of a number of sub-components as gitmodules or directories. This is a brief overview of them.
+ keystone/ |-- bootrom/ | # Keystone bootROM for QEMU virt board, including trusted boot chain. |-- buildroot/ | # Linux buildroot. Builds a minimal working Linux image for our test platforms. |-- docs/ | # Contains read-the-docs formatted and hosted documentation, such as this article. |-- riscv-gnu-toolchain/ | # Unmodified toolchain for building riscv targets. Required to build all other components. |-- linux-keystone-driver/ | # A loadable kernel module for Keystone enclave. |-- riscv-linux/ | # Linux kernel with RISC-V patches. We use 4.15 with patches for the loadable module support. |-- riscv-pk/ | # Berkeley Bootloader (bbl) firmware + Keystone security monitor |-- riscv-qemu/ | # QEMU with RISC-V patches +-- sdk/ # Tools, libraries, and example apps for building enclaves on Keystone