Implementing Keystone on FPGA

1 min read

1 Introduction

Keystone is an open framework for building customizable trusted execution environments (TEEs) based on RISC-V. We tried to implement it on a customizable RISC-V SoC seeking potentials for acceleration and enhanced security.

However, at that time Keystone is only officially supported to run in the QEMU emulator. As Keystone utilizes some of the low-level hardware primitives of the RISC-V architecture, compatibility between the hardware, bootloader and operating system needs to be addressed during porting.

2 Outline

  • Implemented a RocketChip on our Xilinx Nexys4DDR FPGA
  • Booted Linux to validate the implementaion
  • Replaced the BBL bootloader with OpenSBI
  • Built Keystone with a specific version of Linux
  • Ran Keystone on Nexys4DDR
  • Ported the system to an FPGA with larger DDR memory: Xilinx KC705