Keystone enclaves

Hello everyone,

I would really like to ask if there are resources (documentation) on how to setup Keystone (TEE enclaves) on BeagleV board. I searched the Internet but with no luck.

Thanks in advance,

I have tried to get Keystone running in BeagleV Ahead. I made small modifications and used OpenSBI 1.4 with Keystone as it seems to contain many BeagleV Ahead related commits. There were some problems, as OpenSBI is using Kconfig-based configuration since version 1.2 and Keystone is referring to an old version OpenSBI 1.1. This led to problems when compiling Keystone SM that I managed to solve a bit hackish way. There were also other minor issues. I made similar modifications to the qemu version and it works with OpenSBI 1.4 and the newest Linux kernel 6.8.

However, there is a show stopper with BeagleV Ahead as underlying RISC-V protection mechanism called Physical Memory Protection (PMP) is not working as expected. Keystone SM code is running in M-mode and is trying to configure RISC-V pmpcfg and pmpaddr CSRs to protect regions. This does not work as after value set operation those registers are always zero-valued when reading. OpenSBI is trying to probe PMP count, granularity and address bits during startup. With BeagleV Ahead all those values are always zeroes. BeagleV Ahead is based on Xuantie C910. The documentation describes PMP mechanism, but either there is something that I have not detected, PMP is not available in BeagleV Ahead, or PMP must be enabled in some other way. I have also tried to test PMP in U-Boot.

There is more discussion in a thread “PMP (Physical Memory Protection) on BeagleV Ahead” initiated by @fthomas earlier this month. He also opened a related issue in sipeed/LicheePi4A forum (there is a link in one of @fthomas postings).