3. A Guide to Keystone Components

The Keystone repository (https://github.com/keystone-enclave/keystone) consists of a number of sub-components as gitmodules or directories. This is a brief overview of them.

3.1. bootrom

Keystone bootrom, including trusted boot chain.

3.2. buildroot

Link: https://github.com/keystone-enclave/buildroot

Linux buildroot. Builds a minimal working Linux image for our test platforms.

3.3. busybear-linux

Link: https://github.com/keystone-enclave/busybear-linux

Unmodified busybear Linux, supporting riscv. Deprecated. Soon to be removed.

3.4. docs

Contains read-the-docs formatted and hosted documentation, such as this article.

3.5. riscv-gnu-toolchain

Unmodified toolchain for building riscv targets. Required to build all other components.

3.6. linux-keystone-driver

Link: https://github.com/keystone-enclave/linux-keystone-driver

A loadable module for Keystone Enclave. Works in kernels >= 4.17

3.7. riscv-linux

Link: https://github.com/riscv/riscv-linux

Linux kernel with riscv patches. We use 4.15 with patches for the loadable module support.

3.8. riscv-pk

Link: https://github.com/keystone-enclave/riscv-pk

The proxy-kernel for machine-mode riscv. Trusted core component of Keystone, and includes the security monitor (in sm directory).

3.9. riscv-qemu

Qemu with riscv patches and minor modifications to better support PMP and Keystone needs for emulation. Our default testing platform.

3.10. sdk

Link: https://github.com/keystone-enclave/keystone-sdk

Tools, libraries, and tests for building applications on Keystone.

3.10.1. Runtime

Link: https://github.com/keystone-enclave/keystone-runtime

A submodule that implements the default minimal Keystone runtime running in S-mode for enclaves.

3.11. keystone-demo

Link: https://github.com/keystone-enclave/keystone-demo

A complete demo application using Keystone. Hosts an enclave that performs computation over data provided by a remote client using secure channels.