1.2.1.4. Run Tests

Now, you’re ready to use QEMU to boot Keystone Security Monitor and Linux on top of it.

Simply running following command will build and run tests in QEMU.

make run-tests

If you wish to compile and run tests by your self, follow the following instructions.

1.2.1.4.1. Build Test Binaries

Simple tests live under tests/tests. You can build the tests by executing tests/tests/vault.sh (See Vault.sh). Note that KEYSTONE_SDK_DIR must be set to a built SDK path.

./tests/tests/vault.sh

This command will generate the enclave package named tests.ke in buildroot_overlay/root/tests directory.

1.2.1.4.2. Build Disk Image (initrd)

Next, you need to copy the enclave package into the disk image that you’re going to boot on.

We use Buildroot Overlay for injecting the test binaries into the disk image. The buildroot overlay directory is buildroot_overlay.

make image

This command will re-generate the Linux kernel with initrd containing overlay root file system in buildroot_overlay.

1.2.1.4.3. Launch QEMU

The following script will run QEMU, start executing from the emulated silicon root of trust. The root of trust then jumps to the SM, and the SM boots Linux!

./scripts/run-qemu.sh

Login as root with the password sifive.

You can exit QEMU by ctrl-a``+``x or using poweroff command

Note that the launch scripts for QEMU will start ssh on a random forwarded localhost port (this is to allow multiple qemu test runs on the same development machine). The script will print what port it has forwarded ssh to on start.

1.2.1.4.4. Insert Keystone Driver

Insert the keystone driver.

insmod keystone-driver.ko

1.2.1.4.5. Run Tests

fast-setup.sh or setup.sh script has already built the SDK and small test enclaves and put the binaries into the buildroot root file system. The source code of test enclaves are in sdk/examples/tests directory.

You can run the test enclaves by using a self-extracting keystone archive called tests.ke generated by the SDK.

cd ./tests
./tests.ke