18.104.22.168.4. Run Tests¶
Now, you’re ready to use QEMU to boot Keystone Security Monitor and Linux on top of it.
Simply running following command will build and run tests in QEMU.
source source.sh cd <build directory> make run-tests
If you wish to compile and run tests by your self, follow the following instructions.
22.214.171.124.4.1. Build Test Binaries¶
Simple tests live under
You can build the tests by executing
tests/tests/vault.sh (See Vault.sh).
KEYSTONE_SDK_DIR must be set to a built SDK path.
This command will generate the enclave package named
<build directory>/overlay directory.
126.96.36.199.4.2. Build Disk Image¶
Next, you need to copy the enclave package into the disk image that you’re going to boot on.
We use Buildroot Overlay for
injecting the test binaries into the disk image.
The buildroot overlay directory is
# in your <build directory> make image
188.8.131.52.4.3. Launch QEMU¶
The following script will run QEMU, start executing from the emulated silicon root of trust. The root of trust then jumps to the SM, and the SM boots Linux!
# in your <build directory> ./scripts/run-qemu.sh
root with the password
You can exit QEMU by
ctrl-a``+``x or using
Note that the launch scripts for QEMU will start ssh on a random forwarded localhost port (this is to allow multiple qemu test runs on the same development machine). The script will print what port it has forwarded ssh to on start.
184.108.40.206.4.4. Insert Keystone Driver¶
Insert the keystone driver.
220.127.116.11.4.5. Run Tests¶
You can run the test enclaves by using a self-extracting keystone archive called tests.ke generated by the SDK.
In order to extract the package, run
./tests.ke --target <dst>
./tests.ke --help for more information.