Setting up Keystone without Linux

[Moein]

Hi all!

I have a question on how to set up the Keystone framework without using a Linux kernel? More specifically, I want to build Keystone on top of proxy kernel and pass my ELF (enclave app) to the PK. My goal is to simulate (using Verilator) the BOOM processor running a Keystone enclave on top of proxy kernel. Any comments would be highly appreciated!

 Thanks!

[Alexander Thomas]

Hello Moein, 

You may do this by modifying the payload from the bbl to point to your ELF file instead. Currently the payload is the Linux Kernel.

Let me know if you have any further questions!

[Moein]

Hi Alex,

Thanks for the response. In this way, the payload will be running in supervisor mode, right? However, the enclave app should be running in user mode. I think bbl is just a supervisor execution environment. I assume that I need to run my enclave on pk itself which is an application execution environment but I don't know exactly how to do it.

Thanks!

[Alexander Thomas]

Yes, currently the bbl is set up to drop down to supervisor mode once it initializes the security monitor. 

You are going to want to edit the MPP bit in $mstatus:

https://github.com/keystone-enclave/riscv-pk/blob/sm_rs/machine/minit.c#L191

The MPP bit is the privileged mode that you will return to upon calling mret. You will have to change the MPP to be user-mode. 

[Dayeol Lee]

Alex, could you write a short document (or just a markdown file) that explains how to try out your FreeRTOS prototype?

It'd be really appreciated by a lot of folks!

Thanks,

Dayeol

[Stephan Kaminsky]

I have been meaning to add a readme to the kernel. I actually did a bit of work on the CMake build system to more easily support different OS’s. There are some issues of compiler dependencies which I may need to talk with you about to figure out how to correctly do it.

-- 
You received this message because you are subscribed to the Google Groups "Keystone Enclave Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keystone-enclave-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keystone-enclave-forum/72890d76-32e7-4bd3-a723-811a27830dbbn%40googlegroups.com.