Hardware support

[Christian Vestlund]

Hi all!

I'm looking into experimenting with keystone and investigated possible development boards to use. The recommended hardware seems to be HiFive Unleashed, which is discontinued and HiFive Unmatched seems to be at least a month away (is there any more information whether the indicated shipping date of march 1 is reasonable to expect?)

Is there any other development boards that are supported at the moment? I noticed that the same question was asked about a year ago, which also pointed at FPGA-based setups. Would a development board such as PolarFire SoC Icicle kit be suitable?

Thanks in advance,

Christian

[Dayeol Lee]

Hello,

We have been moving the security monitor from BBL to OpenSBI, and I hope that this will enable Keystone to easily support more platforms.

Please refer to our new security monitor: https://github.com/keystone-enclave/sm

This uses OpenSBI to build firmware, so what you need to do is to create a platform directory under `plat` (e.g., plat/microchip/polarfire)

and replace PLATFORM_DIR to that directory when you compile the OpenSBI firmware.

You should write config.mk and objects.mk so that OpenSBI includes the security monitor SBIs.

You can see how other platforms (e.g., generic, sifive/fu540) are built.

We do have PolarFire SoC with us that we're planning to support as well, but also please feel free to go ahead and PR if you are able to do it before us.

[Li]

Hello all,

I also have a Polarfire SoC Icicle kit, and currently trying to run Keystone on it. 

Please let me know if there are any updates to this, and whether development boards like the Icicle Kit has been tested to run Keystone.

Thank you,

Li

[Dayeol Lee]

@Gui Andrade was able to boot Keystone on the board that you mentioned,

although he had an issue with getting u-boot working with SM's PMP region protected.

He needed some changes in polarfire boot option: https://github.com/polarfire-soc/hart-software-services/pull/18/files

and also to add a new platform to the security monitor: https://github.com/keystone-enclave/sm/pull/11/files

Gui might be able to give more information on how to set it up.

Thanks,

Dayeol

--
You received this message because you are subscribed to the Google Groups "Keystone Enclave Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keystone-enclave-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keystone-enclave-forum/90419f85-9c42-43ee-afc9-754d74bd5686n%40googlegroups.com.

[jayjay]

Hi, 

I also have an Icicle Kit, and looked through Gui Andrade's Keystone and the Polarfire SOC Icicle Kit documentation, and managed to get the Icicle Kit to work with the OpenSBI with the Security Monitor, and boot linux (icicle-kit-es). 

But I am not too sure how to build examples (like tests.ke, hello.ke, etc) and run these on the icicle kit. 

Should I follow the Sifive documentation to load the linux image with the Enclaves and drivers into the Icicle Kit, or is there some other way unique to the Icicle Kit in order to build and run the enclaves?

Thank you

[Li]

Hi JayJay,

After initialising the icicle kit with the OpenSBI, SM and after boot,  I copied the Keystone Overlay built from my development environment on the Icicle kit. However,  the keystone driver did not work for me. 

Thus the tests.ke that was built in my development environment and copied to the Icicle Kit gave the ioctl() failed error. 

If anyone was able to get the enclaves to run on the Icicle kit, please let me know! 

[jayjay]

I am in the process of trying to use the fw_payload and perhaps the rootfs.ext2 to flash the icicle kit eMMC. 

But it seems like the firmware was already flashed onto the Icicle kit through the flashpro according to the guide on @Gui Andrade's Github.

So Im not really sure if the same process for the Sifive can be used for the Icicle kit (probably unlikely).

I would also like to know how to build and run the examples successfully on the Icicle Kit.

[Ravi]

Hey everyone, 

Any updates on how it went? I am considering to get the Icicle Kit since that is one of the very few RISCV boards available.

[Samuel Chadwick]

Any update on support for SiFive's HiFive Unmatched? 

Is it currently possible to get Keystone running on the Unmatched? If so, would Keystone work well with Ubuntu 21.04?

Much thanks!

Sam

[木村啓二]

Hi,

I tried to execute Keystone on HiFive Unmatched with Ubuntu 20.04 by referring the following web page:

  https://github.com/carlosedp/riscv-bringup/blob/master/unmatched/Readme.md

I built OpenSBI with Security Monitor, then built u-boot with it.

However, it failed to boot. More concretely, it stopped after OpenSBI initialization.

I checked the source code of OpenSBI and Security Monitor, and I found it was caused by the inconsistency of PMP initialization between OpenSBI and Security Monitor.

I modified Security Monitor so that the size of the firmware to be set to PMP became the same size used in OpenSBI.

(I changed SMM_SIZE in sm.h to 0x40000.)

Now, Ubuntu boots successfully and I can execute the sample eapp programs on it.

2021年9月30日木曜日 15:46:29 UTC+9 samw...@gmail.com:

[Dayeol Lee]

Hi,

Thank you for your efforts!

Would it be possible for you to share the modification (i.e., the code or a PR)?

Also, I wonder what changes will make Security Monitor easier to port over new hardware.

Can you share any insights you got from your efforts?

Thanks!

Dayeol

To view this discussion on the web visit https://groups.google.com/d/msgid/keystone-enclave-forum/f5710563-1623-4291-8dba-ede23a6d8c46n%40googlegroups.com.

[木村啓二]

Hi,

I just made one line ad-hoc modification:

--- a/src/sm.h
+++ b/src/sm.h
@@ -11,7 +11,10 @@
 #include <sbi/riscv_encoding.h>
 
 #define SMM_BASE  0x80000000
+#if 0
 #define SMM_SIZE  0x200000
+#endif
+#define SMM_SIZE  0x40000
 
 /* 0-1999 are not used (deprecated) */
 #define FID_RANGE_DEPRECATED      1999

Fundamentally, OpenSBI and/or Security Monitor should be modified to share the PMP initialization information.

For instance, passing the root domain firmware memory region information of OpenSBI defined in opensbi/lib/sbi/sbi_domain.c:sbi_domain_init() to Secure Monitor initialization (sm.c:sm_init.c()) may be a possible solution.

But, I'm not sure whether it also woks for other platforms.

As far as HiFive Unmatched, there is no other porting issues.

Thanks,

2022年7月4日月曜日 5:57:28 UTC+9 Dayeol Lee:

[plaublin]

Hello

I recently acquired a PolarFire Icicle Kit and intend to run Keystone on it.

At first I tried to follow Gui Andrade's guide, but it didn't compile. My guess is it was intended for an old version of Keystone (<1.x?) and/or the Icicle kit software.

After a lot of headache, and without much conviction, I copied the Keystone image created for qemu (following Keystone documentation) on my sdcard, inserted it in the Icicle kit, and it worked! Keystone seems to have booted up correctly.

Please take a look at the attached UART 0 & 1 outputs.

Loading the keystone driver doesn't work yet,:

# insmod keystone-driver.ko
[  357.818243] keystone_driver: version magic '5.7.0-dirty SMP mod_unload riscv' should be '5.15.32-linux4microchip+fpga-2022.05 SMP mod_unload riscv'
[  357.848691] keystone_driver: version magic '5.7.0-dirty SMP mod_unload riscv' should be '5.15.32-linux4microchip+fpga-2022.05 SMP mod_unload riscv'
insmod: can't insert 'keystone-driver.ko': invalid module format

Now I need to find where to fiddle with to solve this issue.

[Dayeol Lee]

Hi Plaublin, awesome!

Could you share how you solved the issue?

The driver magic issue is usually when you use a different kernel from what was used for compiling the driver.

Thanks,

Dayeol

To view this discussion on the web visit https://groups.google.com/d/msgid/keystone-enclave-forum/4cba7b8d-c947-4e66-8d57-531b7b67ea57n%40googlegroups.com.

[PL Aublin]

Hi

I was over-excited when posting this message and didn't see that what I did actually didn't make much sense because I was not using the Keystone secure monitor nor kernel.

I've explored the problem a bit more and made a new post here.

Best

Pierre Louis Aublin