diff --git a/.gitmodules b/.gitmodules index fa53b5a23..a32a53f74 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "riscv-qemu"] path = riscv-qemu url = https://github.com/Penglai-Enclave/penglai-qemu.git +[submodule "u-boot"] + path = u-boot + url = https://github.com/u-boot/u-boot.git diff --git a/README.md b/README.md index 9de5fd7ab..8b0a394c5 100644 --- a/README.md +++ b/README.md @@ -9,19 +9,18 @@ ## Introduction -Penglai is a RISC-V TEE system, which is designed to be **secure**, **high-performant**, and **scalable**. -This repo maintains OpenSBI version of Penglai Enclave based on PMP. +Penglai is a RISC-V TEE system, which is designed to be **secure**, **high-performant**, and **scalable**. This repo maintains OpenSBI version of Penglai Enclave based on PMP. **How to use?** -Simply replace the OpenSBI used in your system with opensbi-0.9 in the top directory in the repo. +Simply replace the OpenSBI used in your system with opensbi-0.9/1.0/1.2 in the top directory in the repo. You can use our SDK and enclave-driver to build your trusted applications, or even write your own SDKs. ## Status and Info - Status: experimental: it's still experimental version now, please refer our TVM version for more features. -- Hardware requirement: riscv qemu (suggested version: >= 5.2.0) is fine +- Hardware requirement:for openEuler version $\le$ 20.03, riscv qemu version: $\geq$ 5.2.0 is fine;for openEuler version $\ge$ 22, qemu version:$\geq$ 8.0 is suggested. - Supported software system: This repo contains resources to run openEuler with Penglai TEE. - Real devices: Penglai for Nuclei devices is maintained in [Nuclei Linux SDK](https://github.com/Nuclei-Software/nuclei-linux-sdk/tree/dev_flash_penglai_spmp). @@ -33,15 +32,34 @@ You can refer our [Penglai-TVM](https://github.com/Penglai-Enclave/Penglai-Encla ### Requirements -Penglai uses Docker for building and uses submodules to track different componets. -Therefore, the only requirement to build and run penglai-demo is: +Penglai uses Docker for building and uses submodules to track different componets. Therefore, the only requirement to build and run penglai-demo is: - [Docker](https://docs.docker.com): for building/running Penglai - Git: for downloading the code -- Qemu for RISC-V (RV64): suggested version >= 5.2.0. You can download the qemu [here](https://www.qemu.org/) and follow the [instructions](https://wiki.qemu.org/Documentation/Platforms/RISCV) to build and install qemu. +- Qemu for RISC-V (RV64): suggested version >= 8.0. You can download the qemu [here](https://www.qemu.org/) and follow the [instructions](https://wiki.qemu.org/Documentation/Platforms/RISCV) to build and install qemu. + +### Build uboot + +**For openEuler version $\lt$ 23:** + +There is no need to compile uboot. + +**For openEuler version $\ge$ 23:** + +Follow the instructions in openeuler riscv gitee to compile uboot for OE-23.X. + +``` +# Fetch the uboot submodule +git submodule update --init --recursive +cd ./u-boot +make qemu-riscv64_defconfig +make ARCH=riscv CROSS_COMPILE=riscv64-unknown-linux-gnu- -j$(nproc) +``` ### Build openEuler Kernel +**For openEuler version $\lt$ 23:** + Follow the instructions in openeuler riscv gitee to compile openEuler kernel. For example, download the OKL-5.10 in current directory, and compile with penglai's docker image: @@ -50,8 +68,14 @@ For example, download the OKL-5.10 in current directory, and compile with pengla # In the docker image ./scripts/build_euler_kernel.sh +**For openEuler version $\ge$ 23:** + +For oe versions greater than 23, you can access the source code after [Run openEuler with Penglai Supports](#run-openeuler-with-penglai-supports) and don't need to compile the image like in the previous step for version $\lt$ 23. + ### Build OpenSBI (with Penglai supports) +**For openEuler version $\lt$ 23:** + cp openeuler-kernel/arch/riscv/boot/Image . docker run -v $(pwd):/home/penglai/penglai-enclave -w /home/penglai/penglai-enclave --rm -it ddnirvana/penglai-enclave:v0.5 bash # In the docker image cd /home/penglai/penglai-enclave/opensbi-0.9 @@ -60,17 +84,33 @@ For example, download the OKL-5.10 in current directory, and compile with pengla Note: the /home/penglai/penglai-enclave/Image is the image compiled openEuler Kernel Image. +**For openEuler version $\ge$ 23:** + +``` +cp ../Penglai-Enclave-sPMP/u-boot/u-boot.bin . +docker run -v $(pwd):/home/penglai/penglai-enclave -w /home/penglai/penglai-enclave --rm -it ddnirvana/penglai-enclave:v0.5 bash +cd /home/penglai/penglai-enclave/opensbi-1.2 +rm -rf build-oe/qemu-virt +mkdir -p build-oe/qemu-virt +CROSS_COMPILE=riscv64-unknown-linux-gnu- make O=build-oe/qemu-virt PLATFORM=generic FW_PAYLOAD=y FW_PAYLOAD_PATH=/home/penglai/penglai-enclave/u-boot.bin -j$(nproc) +``` + A simpler way: - ./docker_cmd.sh docker - #In the docker image - ./scripts/build_opensbi.sh +``` +./docker_cmd.sh docker +#In the docker image,build opensbi 1.2 for OE20.03 +#./scripts/build_opensbi.sh -v [opensbi version] -k [openEuler version] +./scripts/build_opensbi.sh -v 1.2 -k 2003 +``` -**Note**: if you use the simpler way, please **copy** your latest kernel image to the root dir of the repo. +**Note**: if you use the simpler way, please **copy** your latest kernel *Image* file to the root dir of the repo. ### Build Penglai SDK -Following the commands to build enclave driver: +**For openEuler version $\lt$ 23:** + +When openeuler version is less than 23,following the commands to build enclave driver: ./docker_cmd.sh docker # In the docker image @@ -78,11 +118,17 @@ Following the commands to build enclave driver: It will generate penglai.ko in the penglai-enclave-driver dir. -Following the commnads to build user-level sdk and demos: +**For openEuler version $\ge$ 23:** - # Fetch the sdk submodule - git submodule update --init --recursive +When openEuler version is >= 23, you need to start openEuler in qemu as the next step [Run openEuler with Penglai Supports](#run-openeuler-with-penglai-supports) finished before compiling penglai-driver. + + +When penglai.ko is completed,following the commnads to build user-level sdk and demos: + + #In host, fetch the sdk submodule + git submodule update --init --recursive + ./docker_cmd.sh docker # In the docker image cd sdk @@ -90,31 +136,104 @@ Following the commnads to build user-level sdk and demos: ### Run openEuler with Penglai Supports -You should download the disk image of openEuler (i.e., openEuler-preview.riscv64.qcow2) from [here](https://repo.openeuler.org/openEuler-preview/RISC-V/Image/) +You should download the disk image of openEuler (i.e., openEuler-preview.riscv64.qcow2) and raname image file to openEuler-xxxx-qemu-riscv64.qcow2. +You can download OE 2303 from [openEuler-23.03-V1-riscv64](https://mirror.iscas.ac.cn/openeuler-sig-riscv/openEuler-RISC-V/preview/openEuler-23.03-V1-riscv64/QEMU/)(i.e., openEuler-23.03-V1-base-qemu-preview.qcow2)or download openEuler 20.03 from [here](http://pan.sjtu.edu.cn/web/share/4440d1d40d859f141d9e6cf18b89bb4d). + +``` +wget https://mirror.iscas.ac.cn/openeuler-sig-riscv/openEuler-RISC-V/preview/openEuler-23.03-V1-riscv64/QEMU/openEuler-23.03-V1-base-qemu-preview.qcow2.zst +unzstd openEuler-23.03-V1-base-qemu-preview.qcow2.zst +mv openEuler-23.03-V1-base-qemu-preview.qcow2 openEuler-2303-qemu-riscv64.qcow2 +``` + +**For openEuler version $\lt$ 23:** + +Run VM in QEMU: + + # For openEuler version is 20.03 qemu-system-riscv64 -nographic -machine virt \ - -smp 4 -m 2G \ - -kernel ./opensbi-0.9/build-oe/qemu-virt/platform/generic/firmware/fw_payload.elf \ - -drive file=openEuler-preview.riscv64.qcow2,format=qcow2,id=hd0 \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-device,rng=rng0 \ - -device virtio-blk-device,drive=hd0 \ - -device virtio-net-device,netdev=usernet \ - -netdev user,id=usernet,hostfwd=tcp::12055-:22 \ - -append 'root=/dev/vda1 rw console=ttyS0 systemd.default_timeout_start_sec=600 selinux=0 highres=off mem=4096M earlycon' \ - -bios none - - -- The test qemu version is 5.2.0. + -smp 4 -m 2G \ + -kernel ./opensbi-0.9/build-oe/qemu-virt/platform/generic/firmware/fw_payload.elf \ + -drive file=openEuler-preview.riscv64.qcow2,format=qcow2,id=hd0 \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-device,rng=rng0 \ + -device virtio-blk-device,drive=hd0 \ + -device virtio-net-device,netdev=usernet \ + -netdev user,id=usernet,hostfwd=tcp::12055-:22 \ + -append 'root=/dev/vda1 rw console=ttyS0 systemd.default_timeout_start_sec=600 selinux=0 highres=off mem=4096M earlycon' \ + -bios none + + +- The test qemu version is 5.2.0 or 8.0.0. - The fw_payload.elf is the opensbi file. - The openEuler-preview.riscv64.qcow2 is the disk image for openEuler (You can download from https://repo.openeuler.org/openEuler-preview/RISC-V/Image/). - To login, username is "root", passwd is "openEuler12#$" Note: a script, run_openeuler.sh is provided to execute the above command easily +``` +./run_openeuler.sh -k [openEuler version] -o [opensbi version] +#when openEuler version less than 23,eg 2003 +./run_openeuler.sh -k 2003 -o 1.2 +``` If everything is fine, you will enter a Linux terminal booted by Qemu with Penglai-installed. +**For openEuler version $\ge$ 23:** + +Run VM in QEMU: + +``` +qemu-system-riscv64 -nographic -machine virt \ + -smp 4 -m 2G \ + -bios ./opensbi-1.2/build-oe/qemu-virt/platform/generic/firmware/fw_payload.bin \ + -drive file=openEuler-2303-qemu-riscv64.qcow2,format=qcow2,id=hd0 \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-device,rng=rng0 \ + -device virtio-blk-device,drive=hd0 \ + -device virtio-net-device,netdev=usernet \ + -netdev user,id=usernet,hostfwd=tcp::12055-:22 \ + -device qemu-xhci -usb -device usb-kbd -device usb-tablet +``` + +a simple way: + +``` +./run_openeuler.sh -k [openEuler version] -o [opensbi version] +#when openEuler version is greater than or equal 23,eg 2303 +./run_openeuler.sh -k 2303 -o 1.2 +``` + +After starting the VM, you need to get the source code in the qemu VM and execute compile kernel moudle with penglai-driver for openEuler version $\ge$ 23. + +Copy penglai-enclave-driver to the root/ directory of the oe VM: + +``` +#in host +scp -P 12055 penglai-enclave-driver root@localhost:~/ +``` + +Execute the following commands and the kernel source code will be downloaded locally, the path is `/usr/lib/modules/6.1.19-2.oe2303.riscv64`. + +``` +#in VM +cd ~/ +sudo dnf install -y kernel-devel kernel-source +``` + +Go into the penglai-enclave-driver directory and modify the original kernel source path openeuler-kernel in the Makefile from `../openeuler-kernel/`to `/usr/lib/modules/6.1.19-2.oe2303.riscv64/build/`. + +Compile and install the kernel module: + +``` +cd ~/penglai-enclave-driver +vim Makefile #modify source path +make -j$(nproc) +insmod penglai.ko +``` + +### RUN demo + **Copy files to openEuler Qemu** You can copy any files to the VM using *scp*. @@ -129,11 +248,17 @@ The passwd is "openEuler12#$" **Insmod the enclave-driver** -`insmod penglai.ko` +If you already installed in the previous step, you don't need to repeat it + +``` +insmod penglai.ko +``` And the, you can run a demo, e.g., a prime enclave, using -`./host prime` +``` +./host prime +``` Here, the `host` is an enclave invoker, which will start an enclave (name from input). @@ -144,6 +269,8 @@ Mulan Permissive Software License,Version 1 (Mulan PSL v1) ## Code Structures - opensbi-0.9: The Penglai-equipped OpenSBI, version 0.9 +- opensbi-1.0: The Penglai-equipped OpenSBI, version 1.0 +- opensbi-1.2: The Penglai-equipped OpenSBI, version 1.2 - openeuler-kernel: openEuler Kernel - riscv-qemu: The modified qemu (4.1) to support sPMP (you can also use the standard qemu) - scripts: some scripts to build/run Penglai demo @@ -176,15 +303,14 @@ To cite Penglai, please consider using the following bibtex: We thank all of our collaborators (companies, organizations, and communities). -[Huawei](https://www.huawei.com/) |[nuclei](https://www.nucleisys.com/) |[StarFive](https://starfivetech.com/) |[ISCAS](http://www.is.cas.cn/) | -:---: |:---: |:---: |:---: | -[Huawei (华为)](https://www.huawei.com/) |[Nuclei (芯来科技)](https://www.nucleisys.com/) |[StarFive (赛昉科技)](https://starfivetech.com/) |[ISCAS(中科院软件所)](http://www.is.cas.cn/) | +| [Huawei](https://www.huawei.com/) | [nuclei](https://www.nucleisys.com/) | [StarFive](https://starfivetech.com/) | [ISCAS](http://www.is.cas.cn/) | +| :----------------------------------------------------------: | :----------------------------------------------------------: | :----------------------------------------------------------: | :----------------------------------------------------------: | +| [Huawei (华为)](https://www.huawei.com/) | [Nuclei (芯来科技)](https://www.nucleisys.com/) | [StarFive (赛昉科技)](https://starfivetech.com/) | [ISCAS(中科院软件所)](http://www.is.cas.cn/) | -[openEuler](https://openeuler.org/) |[OpenHarmony](https://www.openharmony.cn/) |[secGear](https://gitee.com/openeuler/secGear) | -:---: |:---: |:---: | -[openEuler community](https://openeuler.org/) |[OpenHarmony community](https://www.openharmony.cn/) |[secGear framework](https://gitee.com/openeuler/secGear)| +| [openEuler](https://openeuler.org/) | [OpenHarmony](https://www.openharmony.cn/) | [secGear](https://gitee.com/openeuler/secGear) | +| :----------------------------------------------------------: | :----------------------------------------------------------: | :----------------------------------------------------------: | +| [openEuler community](https://openeuler.org/) | [OpenHarmony community](https://www.openharmony.cn/) | [secGear framework](https://gitee.com/openeuler/secGear) | ## Acknowledgements The design of Penglai was inspired by Sanctum, Keystone and HexFive, thanks to their great work! - diff --git a/run_openeuler.sh b/run_openeuler.sh index 6db3904e9..b134f6199 100755 --- a/run_openeuler.sh +++ b/run_openeuler.sh @@ -1,8 +1,79 @@ #!/bin/bash -qemu-system-riscv64 -nographic -machine virt \ - -smp 1 -m 2G \ - -kernel ./opensbi-0.9/build-oe/qemu-virt/platform/generic/firmware/fw_payload.elf \ - -drive file=openEuler-preview.riscv64.qcow2,format=qcow2,id=hd0 \ + +kernel_version=2003 +opensbi_version=1.2 + +function print_usage() { + RED='\033[0;31m' + BLUE='\033[0;34m' + BOLD='\033[1m' + NONE='\033[0m' + + echo -e "\n${RED}Usage${NONE}: + .${BOLD}/run_openeuler.sh${NONE} [OPTION]" + + echo -e "\n${RED}OPTIONS${NONE}: + ${BLUE}-k${NONE}: Select the openeuler version,default use openEuler2003 + ${BLUE}-o${NONE}: Select the opensbi version,default use opensbi-1.2 + " + echo -e "\n${RED}EXAMPLE${NONE}: + ${BLUE}./run_openeuler.sh -k 2003 -o 1.2${NONE}" +} + +if [[ $1 == *"help"* ]]; then + print_usage + exit 0 +fi + +while getopts ":k:o:" opt; do + case $opt in + k) + kernel_version=$OPTARG + ;; + o) + opensbi_version=$OPTARG + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + print_usage + exit 1 + ;; + esac +done + +if (($kernel_version == 2003)) +then + imagepath=openEuler-2003-qemu-riscv64.qcow2 +elif (($kernel_version == 2303)) +then + imagepath=openEuler-2303-qemu-riscv64.qcow2 +else + echo "Invalid kernel version: $kernel_version" >&2 + print_usage + exit 1 +fi + +if [ $(echo "$opensbi_version == 0.9" | bc -l) -eq 1 ] +then + opensbi_path=opensbi-0.9 +elif [ $(echo "$opensbi_version == 1.0" | bc -l) -eq 1 ] +then + opensbi_path=opensbi-1.0 +elif [ $(echo "$opensbi_version == 1.2" | bc -l) -eq 1 ] +then + opensbi_path=opensbi-1.2 +else + echo "Invalid opensbi version: $opensbi_version" >&2 + print_usage + exit 1 +fi + + +function run_qemu_1(){ + qemu-system-riscv64 -nographic -machine virt \ + -smp 4 -m 2G \ + -kernel ./${2}/build-oe/qemu-virt/platform/generic/firmware/fw_payload.elf \ + -drive file=${1},format=qcow2,id=hd0 \ -object rng-random,filename=/dev/urandom,id=rng0 \ -device virtio-rng-device,rng=rng0 \ -device virtio-blk-device,drive=hd0 \ @@ -10,6 +81,31 @@ qemu-system-riscv64 -nographic -machine virt \ -netdev user,id=usernet,hostfwd=tcp::12055-:22 \ -append 'root=/dev/vda1 rw console=ttyS0 systemd.default_timeout_start_sec=600 selinux=0 highres=off mem=4096M earlycon' \ -bios none +} + +function run_qemu_2(){ + qemu-system-riscv64 -nographic -machine virt \ + -smp 4 -m 2G \ + -bios ./${2}/build-oe/qemu-virt/platform/generic/firmware/fw_payload.bin \ + -drive file=${1},format=qcow2,id=hd0 \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-device,rng=rng0 \ + -device virtio-blk-device,drive=hd0 \ + -device virtio-net-device,netdev=usernet \ + -netdev user,id=usernet,hostfwd=tcp::12055-:22 \ + -device qemu-xhci -usb -device usb-kbd -device usb-tablet +} + +if ((kernel_version < 2303)) +then + echo "Run openEuer $kernel_version with opensbi $opensbi_version" + run_qemu_1 $imagepath $opensbi_path + exit 0 +else + echo "Run openEuer $kernel_version with opensbi $opensbi_version" + run_qemu_2 $imagepath $opensbi_path + exit 0 +fi ## For v1.0, use the following path #-kernel ./opensbi-1.0/build-oe/qemu-virt/platform/generic/firmware/fw_payload.elf \ diff --git a/scripts/build_opensbi.sh b/scripts/build_opensbi.sh index 6d173bc6f..31922d0bd 100755 --- a/scripts/build_opensbi.sh +++ b/scripts/build_opensbi.sh @@ -3,8 +3,68 @@ ## Author: Dong Du, dd_nirvana@sjtu.edu.cn ## Description: This script is for building opensbi v0.9 ## For older version (e.g., v0.6), please find other scripts +opensbi_version=1.2 +kernel_version=2003 -cd /home/penglai/penglai-enclave/opensbi-0.9 -mkdir -p build-oe/qemu-virt -CROSS_COMPILE=riscv64-unknown-linux-gnu- make O=build-oe/qemu-virt PLATFORM=generic FW_PAYLOAD=y FW_PAYLOAD_PATH=/home/penglai/penglai-enclave/Image -#cp build-oe/qemu-virt/platform/qemu/virt/firmware/fw_payload.elf build-oe/qemu-virt/boot/fw_payload_oe_qemuvirt.elf +function build_opensbi_1() { + # build opensbi + cd /home/penglai/penglai-enclave/opensbi-${1} + mkdir -p build-oe/qemu-virt + CROSS_COMPILE=riscv64-unknown-linux-gnu- make O=build-oe/qemu-virt PLATFORM=generic FW_PAYLOAD=y FW_PAYLOAD_PATH=/home/penglai/penglai-enclave/Image +} + +function build_opensbi_2() { + cd ../Penglai-Enclave-sPMP/opensbi-${1} + rm -rf build-oe/qemu-virt + mkdir -p build-oe/qemu-virt + CROSS_COMPILE=riscv64-unknown-linux-gnu- make O=build-oe/qemu-virt PLATFORM=generic FW_PAYLOAD=y FW_PAYLOAD_PATH=/home/penglai/penglai-enclave/u-boot/u-boot.bin -j$(nproc) +} + +function print_usage() { + RED='\033[0;31m' + BLUE='\033[0;34m' + BOLD='\033[1m' + NONE='\033[0m' + + echo -e "\n${RED}Usage${NONE}: + .${BOLD}/build_opensbi.sh${NONE} [OPTION]" + + echo -e "\n${RED}OPTIONS${NONE}: + ${BLUE}-v${NONE}: Select the opensbi version,default use 1.2 + ${BLUE}-k${NONE}: Select the openeuler version,default use openEuler-2003 + help: print usage" + echo -e "\n${RED}EXAMPLE${NONE}: + ${BLUE}./build_opensbi.sh -v 1.2 -k 2003${NONE} + " +} + +if [[ $1 == *"help"* ]]; then + print_usage + exit 0 +fi + +while getopts ":v:k:" opt; do + case $opt in + v) + opensbi_version=$OPTARG + ;; + k) + kernel_version=$OPTARG + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + print_usage + exit 1 + ;; + esac +done + + +if [ $(echo "$kernel_version < 2303" | bc -l) -eq 1 ] +then + build_opensbi_1 $opensbi_version + exit 0 +else + build_opensbi_2 $opensbi_version + exit 0 +fi \ No newline at end of file diff --git a/u-boot b/u-boot new file mode 160000 index 000000000..964aae164 --- /dev/null +++ b/u-boot @@ -0,0 +1 @@ +Subproject commit 964aae164414b15ef91a0319decb13e7e2c06b52