Myuu’s Trashcan  


Use Keystone Enclave on HiFive Unmatched


Create2023-12-17 04:49:42
Last Update2024-01-01 20:08:47

Build SD card image

You can build all-in-one SD card image by single make command from this commit.

make KEYSTONE_PLATFORM=unmatched -j $(nproc)

SD card image is to be located in build-unmatched64/

Included components

Some patches included in freedom-u-sdk are also applied.

  • U-Boot SPL
    • applied secureboot patch for Keystone
  • Keystone SM (OpenSBI)
  • U-Boot
    • load address is modified due to PMP conflict issue
  • Buildroot
    • Linux
    • Keystone Driver

Known Issues

  • building linux perf sometimes fails
    • re-running make , build will succeed

Deal with buildroot build system

In Keystone's build system, buildroot target can be passed directly by BUILDROOT_TARGET. For example,

make BUILDROOT_TARGET=linux-build

Target name format is <package>-<command>. <package> is package name such as linux, u-boot, opensbi and keystone-sm. <command> is subcommand for package such as build, configure, patch, clean and rebuild.

Build single component

Keystone SM

You can build following command:

make KEYSTONE_PLATFORM=unmatched BUILDROOT_TARGET=opensbi-build

Artifacts are located in build-unmatched64/<version>/build/platform/generic/firmware

PMP issue

Security Monitor set no permission to range 0x80000000 - 0x801fffff. But U-Boot initially set stack pointer its load address, 0x80200000, and stack stretches to lower region. So U-Boot try to touch protected region, and access violation occurs.

Changing U-Boot's load address to upper region solve this issue. U-Boot built in keystone build system is loaded to 0x80210000.

U-Boot load address can be changed by adding/modifying config as following: