Run Tests

Now, you’re ready to use QEMU to boot Keystone Security Monitor and Linux on top of it.

Simply running following command will build and run tests in QEMU.

source source.sh
cd <build directory>
make run-tests

If you wish to compile and run tests by your self, follow the following instructions. Build Test Binaries

Simple tests live under tests/tests. You can build the tests by executing tests/tests/vault.sh (See Vault.sh). Note that KEYSTONE_SDK_DIR must be set to a built SDK path.


This command will generate the enclave package named tests.ke in <build directory>/overlay directory. Build Disk Image

Next, you need to copy the enclave package into the disk image that you’re going to boot on.

We use Buildroot Overlay for injecting the test binaries into the disk image. The buildroot overlay directory is <build directory>/overlay.

# in your <build directory>
make image Launch QEMU

The following script will run QEMU, start executing from the emulated silicon root of trust. The root of trust then jumps to the SM, and the SM boots Linux!

# in your <build directory>

Login as root with the password sifive.

You can exit QEMU by ctrl-a``+``x or using poweroff command

Note that the launch scripts for QEMU will start ssh on a random forwarded localhost port (this is to allow multiple qemu test runs on the same development machine). The script will print what port it has forwarded ssh to on start. Insert Keystone Driver

Insert the keystone driver.

insmod keystone-driver.ko Run Tests

You can run the test enclaves by using a self-extracting keystone archive called tests.ke generated by the SDK.


In order to extract the package, run

./tests.ke --target <dst>

Run ./tests.ke --help for more information.