1.2.1.2.3. Compile Sources¶
1.2.1.2.3.1. Build All Components (RV64)¶
We use CMake as a build system. It lets you generate the Makefile for a given configuration.
PATH
must include the RISC-V tool path.
mkdir <build directory>
cd <build directory>
cmake ..
make
In order to build the driver and the tests, and have the final images for QEMU, you need to run
# in your <build directory>
make image
This updates all components except QEMU and the boot ROM.
If you want to use initramfs
, use the following flag when running cmake
cmake .. -Dinitramfs=y
If you want to use the Rust port of the Security Monitor, run cmake
with -DUSE_RUST_SM=y
.
Please refer to the following sections if you want to learn how to build each individual component. Otherwise, skip to Run Tests.
Most of the components will be built out-of-tree; in <build directory>/<component name>.build
directory.
If you run into any issues, check our
CMakeLists.txt
and as it will always have the up-to-date build recipes.
1.2.1.2.3.2. Build Buildroot¶
Buildroot config files are located at conf/
. RV64 buildroot will use conf/qemu_riscv64_virt_defconfig
.
The following command will build buildroot with the config:
# in your <build directory>
make buildroot
1.2.1.2.3.3. Build QEMU (in-tree)¶
We do not try to build QEMU out-of-tree as it will unlikely to be rebuilt once it’s compiled.
The in-tree compilation will take place in qemu
.
Thus, rebuilding QEMU may require make clean
in qemu
.
Keystone requires patches for QEMU (1) to emulate the secure boot via on-chip bootrom and (2) to
apply not-yet-upstreamed bug fixes. All patches are located at patches/qemu/
The following command will configure and build QEMU after applying the patches:
# in your <build directory>
make qemu
1.2.1.2.3.4. Build Linux Kernel¶
Kernel config files are located at conf/
. RV64 linux will use conf/linux-v5.0-defconfig-rv64
.
The following command will build the linux
Keystone requires patches for the Linux kernel to reserve CMA region at boot.
The patch is located at patches/linux/
# in your <build directory>
make linux
1.2.1.2.3.5. Build Berkeley Bootloader (BBL) with Keystone Security Monitor¶
The following command will build the M-mode security monitor.
# in your <build directory>
make sm
Optionally, you can specify the target platform when you run cmake
.
# in your <build directory>
cmake .. -Dplatform=fu540
make sm
The default platform is “default”, which does not have any platform-specific features.
See riscv-pk/sm/platform/
for available platforms.
See Building the Keystone Security Monitor for details.
1.2.1.2.3.6. Build Root-of-Trust Boot ROM¶
This is used for secure boot. With our patch for QEMU, compiled boot code will be copied to the boot ROM in QEMU.
# in your <build directory>
make bootrom
1.2.1.2.3.7. Build Keystone Driver (in-tree)¶
Linux module does not support in-tree build. Rebuilding the driver may require make clean
in
linux-keystone-driver
.
The following command will build the linux driver for Keystone.
# in your <build directory>
make driver
1.2.1.2.3.8. Build Tests (in-tree)¶
The tests will be built in-tree. We will make it out-of-tree soon.
Rebuilding the tests may require make clean
in tests/tests
.
The following command will build the tests
# in your <build directory>
make tests
1.2.1.2.3.9. Updating Images¶
Once you have built every component, you may need to update the final images by running
# in your <build directory>
make image