3. A Guide to Keystone Components

The Keystone repository (https://github.com/keystone-enclave/keystone) consists of a number of sub-components as gitmodules or directories. This is a brief overview of them.

3.1. bootrom

Keystone bootrom, including trusted boot chain.

3.2. busybear-linux

Link: https://github.com/keystone-enclave/busybear-linux

Unmodified busybear Linux, supporting riscv. Our default untrusted Linux OS for testing.

3.3. docs

Contains read-the-docs formatted and hosted documentation, such as this article.

3.4. riscv-gnu-toolchain

Unmodified toolchain for building riscv targets. Required to build all other components.

3.5. riscv-linux

Link: https://github.com/keystone-enclave/riscv-linux

Linux kernel with riscv patches, updated to mainline semi-regularly. Only Keystone modification is the Keystone driver, in arch/riscv/drivers/.

3.6. riscv-pk

Link: https://github.com/keystone-enclave/riscv-pk

The proxy-kernel for machine-mode riscv. Trusted core component of Keystone, and includes the security monitor (in sm directory).

3.7. riscv-qemu

Qemu with riscv patches and minor modifications to better support PMP and Keystone needs for emulation. Our default testing platform.

3.8. sdk

Link: https://github.com/keystone-enclave/keystone-sdk

Tools, libraries, and tests for building applications on Keystone.

3.8.1. Runtime

Link: https://github.com/keystone-enclave/keystone-runtime

A submodule that implements the default minimal Keystone runtime running in S-mode for enclaves.

3.9. keystone-demo

Link: https://github.com/keystone-enclave/keystone-demo

A complete demo application using Keystone. Hosts an enclave that performs computation over data provided by a remote client using secure channels.