Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
43 lines (29 sloc) 1.34 KB

Building the Keystone Security Monitor

The security monitor (SM) is the core component of Keystone.

The SM is implemented on top of Berkeley Bootloader (bbl). You can find the latest SM at (upstream bbl: Most of the Keystone SM source code lives in sm directory.

git clone
cd riscv-pk

If you have followed :doc:`Quick Start <../Getting-Started/Running-Keystone-with-QEMU>`, the build directory is already created at hifive-work/riscv-pk. Otherwise, create a build directory.

mkdir build
cd build

Configure and build bbl. The SM can be built by additional flags --enable-sm and --with-target-platform at configuration.

../configure \
        --enable-sm \
        --with-target-platform=default \
        --host=riscv64-unknown-linux-gnu \
        --with-payload=<path to vmlinux>


This will generate the boot image bbl in the build directory. Use it to boot the machine.

Now, we will customize the SM for a FU540 chip on HiFive Unleashed board. Currently, we only have one experimental platform configuration for FU540. If you wish to add your platform as a target, please submit a proposal to GitHub.

You can’t perform that action at this time.