Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
43 lines (29 sloc) 1.34 KB

Building the Keystone Security Monitor

The security monitor (SM) is the core component of Keystone.

The SM is implemented on top of Berkeley Bootloader (bbl). You can find the latest SM at https://github.com/keystone-enclave/riscv-pk (upstream bbl: https://github.com/riscv/riscv-pk). Most of the Keystone SM source code lives in sm directory.

git clone https://github.com/keystone-enclave/riscv-pk
cd riscv-pk

If you have followed :doc:`Quick Start <../Getting-Started/Running-Keystone-with-QEMU>`, the build directory is already created at hifive-work/riscv-pk. Otherwise, create a build directory.

mkdir build
cd build

Configure and build bbl. The SM can be built by additional flags --enable-sm and --with-target-platform at configuration.

../configure \
        --enable-sm \
        --with-target-platform=default \
        --host=riscv64-unknown-linux-gnu \
        --with-payload=<path to vmlinux>

make

This will generate the boot image bbl in the build directory. Use it to boot the machine.

Now, we will customize the SM for a FU540 chip on HiFive Unleashed board. Currently, we only have one experimental platform configuration for FU540. If you wish to add your platform as a target, please submit a proposal to GitHub.

You can’t perform that action at this time.