Skip to content

sancus-tee/sancus-examples

Repository files navigation

sancus-examples

Run Sancus examples

Elementary example programs to test your Sancus distribution.

Overview

The following programs showcase the security properties offered by a Sancus processor.

Security feature Example program Comments
Software module isolation hello-world Minimal working example to enable/disable a Sancus module.
Secure linking sensor-reader Caller/callee authentication between sensor and reader SMs.
Remote attestation sensor-reader Compute MAC over fresh challenge (nonce).
Secure communication sensor-reader Authenticated encryption with associated data primitive.
Confidential deployment confidential-loading SM text section is transparently encrypted at build time.
Secure interrupts timer Interruption and resumption of an application SM by untrusted ISR software.

Building upon the above primitives, compiler support has been implemented for the following additional features.

Compiler feature Example program Comments
Secure memory-mapped I/O sensor-reader Assembly driver SM with exclusive ownership over sensor device.
Secure interrupt handling timer-protected Secure, authenticated interrupt delivery to an intra-SM interrupt handler.
Dynamic loading dynamic-loader SM binary image is dynamically linked and loaded by untrusted support software at runtime.
Intra-SM multiplication arithmetic Dummy SMs performing secure (inlined) arithmetic operations.
Reactive programming todo issue #20 Minimalist (non-contiki) program with SM_INPUT/OUTPUT?

Running the examples

First, make sure you have a working Sancus distribution. See the sancus-main repository for detailed installation instructions.

All example binaries can be ran in either the Sancus Verilog simulator, or on an external FPGA. To build and run the example in sancus-sim, proceed as follows:

$ make sim

Alternatively, to upload the example to an FPGA using sancus-loader:

$ make load