[CI] Move to CircleCI and make tests to pass (#9)

* Added basis for migration to circleci with fixed to CMakeLists to compensate for migration to opensbi
* Build opensbi as a dependency of cmocka test
* Fix missing secure boot key locations
* Fix sifive/fu540 platform not calling sm_init, remove compiler error
* Add patch to the opensbi build
* Add CircleCI rv32 build
* Update README.md

Co-authored-by: Stephan Kaminsky <[email protected]>

.circleci/config.yml

@@ -0,0 +1,112 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/2.0/configuration-reference
+version: 2.1
+
+# prebuilt docker images with toolchain
+executors:
+  setup-rv64gc:
+    docker:
+      - image: keystoneenclaveorg/keystone:init-rv64gc
+  setup-rv32gc:
+    docker:
+      - image: keystoneenclaveorg/keystone:init-rv32gc
+
+# toolchain should be already installed in the docker image
+commands:
+  # Patch opensbi for secure boot parameters.
+  # This will be removed once the secure key locations are moved to the device tree
+  patch-opensbi:
+    steps:
+      - run:
+          command: |
+            cd /keystone
+            source source.sh
+            mkdir build
+            cd build
+            cmake ..
+            make patch
+  patch-opensbi-32:
+    steps:
+      - run:
+          command: |
+            cd /keystone
+            source source.sh
+            mkdir build
+            cd build
+            cmake .. -DRISCV32=y
+            make patch
+  update-riscv-toolchain-path:
+    steps:
+      - run: echo 'export PATH=/keystone/riscv64/bin:/keystone/riscv32/bin:$PATH' >> $BASH_ENV
+  download-qemu-riscv64:
+    steps:
+      - run:
+          name : "download qemu-riscv64"
+          command: |
+            wget https://keystone-enclave.eecs.berkeley.edu/files/qemu-riscv64 -P /keystone/riscv64/bin
+            chmod +x /keystone/riscv64/bin/qemu-riscv64
+  download-qemu-riscv32:
+    steps:
+      - run:
+          name : "download qemu-riscv32"
+          command: |
+            wget https://keystone-enclave.eecs.berkeley.edu/files/qemu-riscv32 -P /keystone/riscv32/bin
+            chmod +x /keystone/riscv64/bin/qemu-riscv32
+
+jobs:
+  build-platform-generic-64:
+    executor: setup-rv64gc
+    working_directory: /keystone/sm
+    steps:
+      - checkout
+      - update-riscv-toolchain-path
+      - patch-opensbi
+      - run:
+          name: "Build for generic platform"
+          command: |
+              make -C opensbi O=$(pwd)/build PLATFORM_DIR=$(pwd)/plat/generic CROSS_COMPILE=riscv64-unknown-elf-
+  build-platform-generic-32:
+    executor: setup-rv32gc
+    working_directory: /keystone/sm
+    steps:
+      - checkout
+      - update-riscv-toolchain-path
+      - patch-opensbi-32
+      - run:
+          name: "Build for generic platform"
+          command: |
+              make -C opensbi O=$(pwd)/build PLATFORM_DIR=$(pwd)/plat/generic CROSS_COMPILE=riscv32-unknown-elf- \
+                PLATFORM_RISCV_XLEN=32 PLATFORM_RISCV_ISA=rv32imafd PLATFORM_RISCV_ABI=ilp32d
+  build-platform-sifive-fu540:
+    executor: setup-rv64gc
+    working_directory: /keystone/sm
+    steps:
+      - checkout
+      - update-riscv-toolchain-path
+      - patch-opensbi
+      - run:
+          name: "Build for sifive/fu540 platform"
+          command: |
+              make -C opensbi O=$(pwd)/build PLATFORM_DIR=$(pwd)/plat/sifive/fu540 CROSS_COMPILE=riscv64-unknown-elf-
+  unit-test-rv64:
+    executor: setup-rv64gc
+    working_directory: /keystone/sm
+    steps:
+      - checkout
+      - update-riscv-toolchain-path
+      - download-qemu-riscv64
+      - run:
+          name: "Run cmocka unit tests"
+          command: |
+              cd tests
+              mkdir build
+              cd build
+              cmake ..
+              make
+              make test
+workflows:
+  build-and-test:
+    jobs:
+      - build-platform-generic-64
+      - build-platform-generic-32
+      - build-platform-sifive-fu540
+      - unit-test-rv64

.gitignore

@@ -0,0 +1 @@
+build/

README.md

@@ -11,7 +11,18 @@ We have changed all of our SBI functions to follow OpenSBI's SBI specification.
 To see the spec, please see `spec` directory.
 
 This version does not contain the Rust implementation that was in BBL version.
-We will port the Rust version in the future
+We will port the Rust version in the future.
+
+## Initialize
+
+Update the submodules.
+
+```
+git submodule update --init
+```
+
+OpenSBI is a submodule of this repository.
+We periodically check for new OpenSBI versions for bump.
 
 ## Build
 
@@ -21,10 +32,38 @@ You can build the bootloader firmware with Keystone security monitor using OpenS
 make -C opensbi O=<build dir> PLATFORM_DIR=$(pwd)/plat/generic CROSS_COMPILE=riscv64-unknown-elf- FW_PAYLOAD_PATH=<path/to/linux/image> FW_PAYLOAD=y
 ```
 
+In order to build 32-bit firmware, try:
+
+```
+make -C opensbi O=<build dir> PLATFORM_DIR=$(pwd)/plat/generic CROSS_COMPILE=riscv32-unknown-elf- FW_PAYLOAD_PATH=<path/to/linux/image> FW_PAYLOAD=y PLATFORM_RISCV_XLEN=32
+```
+
 Replace <build dir> with your build directory path and <path/to/linux/image> with Linux image.
 
+For other platforms, please refer to the [Keystone documentation](https://docs.keystone-enclave.org).
+
 The firmware will be generated under `<build dir>/platform/generic/firmware`
 
-## Test
+## Unit Test
+
+Our unit tests are implemented with CMocka, and will run on RISC-V QEMU.
+Please make sure `qemu-riscv64` (or `qemu-riscv32` for rv32) is in your PATH.
+You can also download the prebuilt QEMU by:
+
+```
+wget https://keystone-enclave.eecs.berkeley.edu/files/qemu-riscv64
+```
 
-WIP
+The test requires patched OpenSBI firmware because of software-simulated secure boot keys.
+The patch is under `tests/patch`.
+Please apply any patches under the directory to the opensbi submodule.
+
+To run the tests, try the following:
+
+```
+cd tests
+mkdir build
+cd build
+cmake ..
+make test
+```

plat/sifive/fu540/platform.c

@@ -18,6 +18,7 @@
 #include <sbi_utils/irqchip/plic.h>
 #include <sbi_utils/serial/sifive-uart.h>
 #include <sbi_utils/sys/clint.h>
+#include <sm.h>
 
 /* clang-format off */
 
@@ -76,6 +77,8 @@ static int fu540_final_init(bool cold_boot)
 {
 	void *fdt;
 
+  sm_init(cold_boot);
+
 	if (!cold_boot)
 		return 0;
 

src/ipi.c

@@ -3,6 +3,8 @@
 #include <sbi/sbi_scratch.h>
 #include <sbi/sbi_platform.h>
 #include <sbi/sbi_console.h>
+#include <sbi/sbi_hsm.h>
+#include <sbi/sbi_domain.h>
 #include "ipi.h"
 #include "pmp.h"
 
@@ -16,3 +18,15 @@ void sbi_pmp_ipi_local_update(struct sbi_tlb_info *__info)
   }
 }
 
+void send_and_sync_pmp_ipi(int region_idx, int type, uint8_t perm)
+{
+  ulong mask = 0;
+  ulong source_hart = current_hartid();
+  struct sbi_tlb_info tlb_info;
+  sbi_hsm_hart_started_mask(sbi_domain_thishart_ptr(), 0, &mask);
+
+  SBI_TLB_INFO_INIT(&tlb_info, type, 0, region_idx, perm,
+      sbi_pmp_ipi_local_update, source_hart);
+  sbi_tlb_request(mask, 0, &tlb_info);
+}
+

src/ipi.h

@@ -22,4 +22,6 @@ void sbi_pmp_ipi_local_update(struct sbi_tlb_info *info);
 int sbi_pmp_ipi_init(struct sbi_scratch* scratch, bool cold_boot);
 
 int sbi_pmp_ipi_request(ulong hmask, ulong hbase, struct sbi_pmp_ipi_info* info);
+
+void send_and_sync_pmp_ipi(int region_idx, int type, uint8_t perm);
 #endif

src/platform/sifive/fu540/waymasks.c

@@ -1,6 +1,19 @@
 #include <sbi/sbi_console.h>
 #include "waymasks.h"
 
+/* Ways currently allocated to enclaves */
+waymask_t enclave_allocated_ways;
+
+/* Ways currently allocated to the scratchpad */
+waymask_t scratchpad_allocated_ways;
+
+/* All allocated ways, should be OR of above two */
+waymask_t allocated_ways;
+
+/* PMP Region ID for the scratchpad */
+region_id scratch_rid;
+region_id l2_controller_rid;
+
 void waymask_debug_printstatus(){
   unsigned int hartid = csr_read(mhartid);
   sbi_printf("mhartid: %x, coremasters: %x & %x\r\n",hartid, (hartid)*2, (hartid)*2 + 1);

src/platform/sifive/fu540/waymasks.h

@@ -39,17 +39,17 @@
 typedef uint64_t waymask_t;
 
 /* Ways currently allocated to enclaves */
-waymask_t enclave_allocated_ways;
+extern waymask_t enclave_allocated_ways;
 
 /* Ways currently allocated to the scratchpad */
-waymask_t scratchpad_allocated_ways;
+extern waymask_t scratchpad_allocated_ways;
 
 /* All allocated ways, should be OR of above two */
-waymask_t allocated_ways;
+extern waymask_t allocated_ways;
 
 /* PMP Region ID for the scratchpad */
-region_id scratch_rid;
-region_id l2_controller_rid;
+extern region_id scratch_rid;
+extern region_id l2_controller_rid;
 
 // Waymask master IDs
 #define WM_Hart_0_DCache_MMIO           0

src/pmp.c

@@ -10,8 +10,6 @@
 #include "page.h"
 #include "ipi.h"
 #include <sbi/sbi_hart.h>
-#include <sbi/sbi_hsm.h>
-#include <sbi/sbi_domain.h>
 #include <sbi/riscv_asm.h>
 #include <sbi/riscv_locks.h>
 #include <sbi/riscv_atomic.h>
@@ -189,18 +187,6 @@ int pmp_detect_region_overlap_atomic(uintptr_t addr, uintptr_t size)
   return region_overlap;
 }
 
-static void send_and_sync_pmp_ipi(int region_idx, int type, uint8_t perm)
-{
-  ulong mask = 0;
-  ulong source_hart = current_hartid();
-  struct sbi_tlb_info tlb_info;
-  sbi_hsm_hart_started_mask(sbi_domain_thishart_ptr(), 0, &mask);
-
-  SBI_TLB_INFO_INIT(&tlb_info, type, 0, region_idx, perm,
-      sbi_pmp_ipi_local_update, source_hart);
-  sbi_tlb_request(mask, 0, &tlb_info);
-}
-
 /*********************************
  *
  * External Functions