22.214.171.124.4. Run Tests¶
Now, you’re ready to use QEMU to boot Keystone Security Monitor and Linux on top of it.
Simply running following command will build and run tests in QEMU.
source source.sh make run-tests
If you wish to compile and run tests by your self, follow the following instructions.
126.96.36.199.4.1. Build Test Binaries¶
Simple tests live under
You can build the tests by executing
tests/tests/vault.sh (See Vault.sh).
KEYSTONE_SDK_DIR must be set to a built SDK path.
This command will generate the enclave package named
188.8.131.52.4.2. Build Disk Image (initrd)¶
Next, you need to copy the enclave package into the disk image that you’re going to boot on.
We use Buildroot Overlay for
injecting the test binaries into the disk image.
The buildroot overlay directory is
This command will re-generate the Linux kernel with
initrd containing overlay root file system
184.108.40.206.4.3. Launch QEMU¶
The following script will run QEMU, start executing from the emulated silicon root of trust. The root of trust then jumps to the SM, and the SM boots Linux!
root with the password
You can exit QEMU by
ctrl-a``+``x or using
Note that the launch scripts for QEMU will start ssh on a random forwarded localhost port (this is to allow multiple qemu test runs on the same development machine). The script will print what port it has forwarded ssh to on start.
220.127.116.11.4.4. Insert Keystone Driver¶
Insert the keystone driver.
18.104.22.168.4.5. Run Tests¶
fast-setup.sh or setup.sh script has already built the SDK and small test enclaves and put the binaries into the buildroot root file system. The source code of test enclaves are in sdk/examples/tests directory.
You can run the test enclaves by using a self-extracting keystone archive called tests.ke generated by the SDK.
cd ./tests ./tests.ke