Merge pull request #39 from keystone-enclave/dev

This resolves issue #28, #30, and #32.

.gitignore

@@ -1,2 +1 @@
 riscv/
-*.log

.travis.yml

@@ -1,13 +1,18 @@
-language: c
+language: minimal
 dist: xenial
 cache:
   apt: true
+
 git:
   submodules: false
 
+env:
+  - RISCV=$TRAVIS_BUILD_DIR/riscv PATH=$PATH:$RISCV/bin
+
 addons:
   apt:
     packages:
+    - expect
     - autoconf 
     - automake 
     - autotools-dev 
@@ -45,8 +50,18 @@ branches:
     - master
 
 before_install:
-  - git config --global submodule.riscv-gnu-toolchain.update none
-  - travis_wait 120 git submodule update --init --recursive
+  - git submodule init -- riscv-linux
+  - git submodule init -- riscv-qemu
+  - git clone --shallow-since=2018-05-01 https://github.com/riscv/riscv-linux riscv-linux
+  - git clone --shallow-since=2018-05-01 https://github.com/riscv/riscv-qemu riscv-qemu
+  - git submodule update --depth=1 -- riscv-linux
+  - git submodule update --depth=1 -- riscv-qemu
+  - ./fast-setup.sh
 
-script: 
-  - travis_wait 120 ./scripts/travis.sh
+jobs:
+  include:
+    - stage: build everything & test
+      script:
+        - source ./source.sh
+        - travis_wait 120 make
+        - travis_wait 10 ./scripts/travis.sh

Makefile

@@ -0,0 +1,71 @@
+LINUX_DIR=riscv-linux
+BUSYBEAR_DIR=busybear-linux
+BOOTROM_DIR=bootrom
+SM_DIR=riscv-pk
+SM_BUILD_DIR=$(SM_DIR)/build
+DRIVER_DIR=linux-keystone-driver
+SDK_DIR=sdk
+QEMU_DIR=riscv-qemu
+
+BOOTROM=$(BOOTROM_DIR)/bootrom.elf
+VMLINUX=$(LINUX_DIR)/vmlinux
+SM=$(SM_DIR)/build/bbl
+
+DISK=$(BUSYBEAR_DIR)/busybear.bin
+DRIVER=$(DRIVER_DIR)/keystone-driver.ko
+LINUX_CONFIG=$(LINUX_DIR)/.config
+QEMU=$(QEMU_DIR)/riscv64-softmmu/qemu-system-riscv64
+
+NPROC=$(shell nproc)
+
+all: $(BOOTROM) $(VMLINUX) $(SM) $(DISK) $(DRIVER) $(QEMU)
+	make -C $(SM_BUILD_DIR)
+	make -C $(SDK_DIR)
+	make -C $(SDK_DIR) copy-tests
+	make -C $(DRIVER_DIR) copy
+
+qemu: all
+	./scripts/run-qemu.sh
+
+$(QEMU):
+	./scripts/apply-patch.sh
+	cd $(QEMU_DIR); ./configure --target-list=riscv64-softmmu,riscv32-softmmu;
+	make -C $(QEMU_DIR)
+
+$(SM): $(VMLINUX) $(SM_BUILD_DIR)
+	make -C $(SM_BUILD_DIR)
+
+$(SM_BUILD_DIR): $(VMLINUX)
+	mkdir -p $(SM_BUILD_DIR)
+	cd $(SM_BUILD_DIR); ../configure \
+		--enable-logo \
+		--host=riscv64-unknown-elf \
+		--with-payload=../../$(VMLINUX) \
+		--enable-sm
+
+$(DRIVER): $(VMLINUX) $(LINUX_CONFIG)
+	make -C $(DRIVER_DIR)
+
+$(DISK):
+	make -C $(BUSYBEAR_DIR)
+	sudo chmod og+w $(DISK)
+
+$(LINUX_CONFIG):
+	cp $(BUSYBEAR_DIR)/conf/linux.config $(LINUX_DIR)/.config
+	make -C $(LINUX_DIR) ARCH=riscv olddefconfig
+
+$(VMLINUX): $(LINUX_CONFIG)
+	./scripts/apply-patch.sh
+	make -C $(LINUX_DIR) ARCH=riscv -j$(NPROC) vmlinux	
+
+$(BOOTROM):
+	cd bootrom; make; cd ..
+
+clean:
+	rm -f $(LINUX_CONFIG)
+	make -C $(LINUX_DIR) ARCH=riscv clean
+	make -C $(BUSYBEAR_DIR) clean
+	make -C $(BOOTROM_DIR) clean
+	make -C $(SM_BUILD_DIR) clean
+	make -C $(DRIVER_DIR) clean
+	make -C $(QEMU_DIR) clean

README.md

@@ -5,9 +5,56 @@
 
 Visit [Project Website](https://keystone-enclave.org) for more information.
 
+# Quick Start
+
+```bash
+git clone https://github.com/keystone-enclave/keystone
+cd keystone
+```
+
+Install Dependencies (Ubuntu)
+
+```
+sudo apt update
+sudo apt install autoconf automake autotools-dev bc bison build-essential curl \
+expat libexpat1-dev flex gawk gcc git gperf libgmp-dev libmpc-dev libmpfr-dev \
+libtool texinfo tmux patchutils zlib1g-dev wget bzip2 patch vim-common lbzip2 \
+python pkg-config libglib2.0-dev libpixman-1-dev
+```
+
+Setup Tools and Submodules
+```
+./fast-setup.sh
+```
+
+Build All
+```
+make
+```
+
+Run QEMU
+```
+./scripts/run-qemu.sh
+```
+
+Test 
+
+login with `root`/`busybear`.
+
+```
+[in QEMU machine]
+insmod keystone-driver.ko
+./test
+```
+
+Terminate QEMU
+```
+poweroff
+```
+
 # Documentation
 
-See [docs](http://docs.keystone-enclave.org) for trying Keystone.
+See [docs](http://docs.keystone-enclave.org) for detailed documentation.
 
 # Contributing
 

bootrom/bootloader.c

@@ -32,7 +32,7 @@ typedef unsigned char byte;
 // Sanctum header fields in DRAM
 extern byte sanctum_dev_public_key[32];
 extern byte sanctum_dev_secret_key[64];
-unsigned int sanctum_sm_size = 0x2ff000;
+unsigned int sanctum_sm_size = 0x1ff000;
 extern byte sanctum_sm_hash[64];
 extern byte sanctum_sm_public_key[32];
 extern byte sanctum_sm_secret_key[64];

bootrom/sanctum_params.lds

@@ -1,4 +1,4 @@
-. = 0x802ff000; /* the last page before the payload */
+. = 0x801ff000; /* the last page before the payload */
 
 /* ## manufacturer_keys : */
 

docs/source/Getting-Started/Running-Keystone-with-QEMU.rst

@@ -34,39 +34,46 @@ Ubuntu
   libtool texinfo tmux patchutils zlib1g-dev wget bzip2 patch vim-common lbzip2 \ 
   python pkg-config libglib2.0-dev libpixman-1-dev
 
+Quick Setup
+----------------------------
+
+In this stage, you will (1) install RISC-V toolchain, and (2) checkout git submodules.
+
+You can quickly setup everything by running ``./fast-setup.sh``
+
+::
+
+  ./fast-setup.sh
+
+This will download pre-compiled RISC-V tools and extract it to ``riscv`` directory.
+If you want to compile RISC-V tools from source code, run ``./setup.sh`` instead.
+
+To keep environment variables, add export PATH=$PATH:<path/to/keystone>/riscv/bin to your .bashrc. You can also manually run ``source source.sh`` to set the environment variables.
+
 
 Compile Sources
 -----------------------------
 
-Clone the repository
+Build All
 ########################
 
-::
-  
-  git clone https://github.com/keystone-enclave/keystone
-  cd keystone
-  git submodule update --init --recursive
+If you want to build all, simply run ``make``. 
 
-
-Install RISC-V GNU Toolchain
-############################
+``PATH`` must include the RISC-V tool path.
 
 ::
-  
-  mkdir riscv
-  export RISCV=$(pwd)/riscv
-  export PATH=$PATH:$RISCV/bin
-  cd riscv-gnu-toolchain
-  ./configure --prefix=$RISCV
-  make && make linux
-  cd ..
 
-This step installs RISC-V GNU toolchain in the ``keystone/riscv`` directory.
+  make
+
+If you want to manually build each individual component, please follow the instructions below.
+Otherwise, skip to :ref:`LaunchQEMU`. 
+
+.. attention::
 
-To keep environment variables, add ``export PATH=$PATH:<path/to/keystone>/riscv/bin`` to your ``.bashrc``.
-You can also manually run ``source source.sh`` to set the environment variables.
+  Currently, ``make`` requires sudo previlege to build Busybear image.
+  We are going to get rid of this requirement in the future.
 
-Create Disk Image using Busybear 
+Build Busybear 
 ################################
 
 See `Busybear repo <https://github.com/michaeljclark/busybear-linux>`_ for more information.
@@ -151,6 +158,8 @@ Keystone SDK includes sample enclave programs and some useful libraries. To run
   cd ..
 
 
+.. _LaunchQEMU:
+
 Launch QEMU
 --------------------------------------
 
@@ -166,10 +175,10 @@ The root of trust then jumps to the SM, and the SM boots Linux!
 
 Login as ``root`` with the password ``busybear``.
 
-You can exit QEMU by ``ctrl-a``+``x``
+You can exit QEMU by ``ctrl-a``+``x`` or using ``poweroff`` command
 
 Insert Keystone Driver
--------------------------------------
+##################################
 
 Insert the keystone driver.
 
@@ -178,11 +187,15 @@ Insert the keystone driver.
     insmod keystone-driver.ko
 
 Run Tests
----------------------------------------
+##################################
 
 You can run Keystone enclaves by using an untrusted host application. We already implemented a simple host ``test-runner.riscv`` for running tests.
 Following command will create and execute the enclave.
 
+You can find each of the test enclave in ``sdk/tests/<name>``
+
+Currently, Keystone is only compatible with a prototype runtime, ``eyrie-rt``, which you can find in ``sdk/runtime``.
+
 ::
 
   ./test-runner.riscv <user elf> <runtime elf>
@@ -193,4 +206,3 @@ To run all tests, you could simply run
 
   ./test
 
-

fast-setup.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+echo "Starting..."
+if ( $(command -v riscv64-unknown-linux-gnu-gcc > /dev/null) && 
+  $(command -v riscv64-unknown-elf-gcc > /dev/null) )
+then
+  echo "RISCV tools are already installed"
+else
+  echo "Downloading Prebuilt RISC-V Toolchain... "
+  export RISCV=$(pwd)/riscv
+  export PATH=$PATH:$RISCV/bin
+  git clone https://github.com/keystone-enclave/firesim-riscv-tools-prebuilt.git --depth 1
+
+  cd firesim-riscv-tools-prebuilt
+  ./installrelease.sh > riscv-tools-install.log 
+  mv distrib riscv  
+  cp -R riscv ../
+  cd ..
+  echo "Toolchain has been installed in $RISCV"
+fi
+
+git config --global submodule.riscv-gnu-toolchain.update none
+git submodule update --init --recursive

scripts/apply-patch.sh

@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 cd riscv-qemu
-patch hw/riscv/boot.c < ../patches/qemu-kernel-reloc.patch
+patch -p0 --forward hw/riscv/boot.c < ../patches/qemu-kernel-reloc.patch || true

scripts/run-qemu.sh

@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
-./riscv-qemu/riscv64-softmmu/qemu-system-riscv64 -D debug.log -nographic -machine virt\
+./riscv-qemu/riscv64-softmmu/qemu-system-riscv64 -D debug.log -nographic -m 4G -machine virt\
 	-bios bootrom/bootrom.elf \
   -kernel riscv-pk/build/bbl -append "root=/dev/vda ro console=ttyS0" \
   -drive file=busybear-linux/busybear.bin,format=raw,id=hd0 \
   -device virtio-blk-device,drive=hd0 \
-  #-netdev type=tap,script=./ifup,downscript=./ifdown,id=net0 \
+  -netdev  user,id=net0,net=192.168.100.1/24,dhcpstart=192.168.100.128,hostfwd=tcp::5555-:22 \
+  -device  virtio-net-device,netdev=net0

scripts/test-qemu.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/expect
+
+set timeout 60
+spawn ssh root@localhost -p 5555
+expect "yes/no" { 
+  send "yes\r"
+  expect "*?assword" { send "busybear\r" }
+  } "*?assword" { send "busybear\r" }
+
+log_file -noappend  output.log
+
+expect "# " { send "busybox --install -s /bin\r" }
+expect "# " { send "insmod keystone-driver.ko\r" }
+expect "# " { send "./test\r" }
+expect "# " { send "poweroff\r" }
+expect eof