3. A Guide to Keystone Components¶

The Keystone repository (https://github.com/keystone-enclave/keystone) consists of a number of sub-components as gitmodules or directories. This is a brief overview of them.

3.1. bootrom¶

Keystone bootrom, including trusted boot chain.

Unmodified busybear Linux, supporting riscv. Our default untrusted Linux OS for testing.

Contains read-the-docs formatted and hosted documentation, such as this article.

Unmodified toolchain for building riscv targets. Required to build all other components.

Linux kernel with riscv patches, updated to mainline semi-regularly. Only Keystone modification is the Keystone driver, in arch/riscv/drivers/.

The proxy-kernel for machine-mode riscv. Trusted core component of Keystone, and includes the security monitor (in sm directory).

Qemu with riscv patches and minor modifications to better support PMP and Keystone needs for emulation. Our default testing platform.

Tools, libraries, and tests for building applications on Keystone.

A submodule that implements the default minimal Keystone runtime running in S-mode for enclaves.

A complete demo application using Keystone. Hosts an enclave that performs computation over data provided by a remote client using secure channels.