MultiZone™ Security Trusted Execution Environment for any RISC-V platform
MultiZone Security provides policy-based hardware-enforced separation for an unlimited number of security domains, with full control over data, code, peripherals and interrupts.
MultiZone Security SDK supports the following cores / boards:
- Andes N22 - RV32ACIMU Board: Corvette F1 FPGA
- Andes N25 - RV32ACIMU Board: GoWin GW2A-55K FPGA
- SiFive E21 - RV32ACIMU Board: Digilent ARTY7 FPGA
- SiFive E31 - RV32ACIMU Board: Digilent ARTY7 FPGA
- SiFIve E51 - RV64ACIMU Board: Digilent ARTY7 FPGA
- SiFIve S51 - RV64ACIMU Board: Digilent ARTY7 FPGA
- SiFive U540 - RV64ACIMU Board Unleashed https://github.com/hex-five/multizone-linux
- Hex Five X300 - RV32ACIMU Board: Digilent ARTY7 FPGA
This repository, maintained by Hex Five Security, makes it easy to build robust Trusted Execution Environments on RISC-V cores. For Questions or feedback - send email to info 'at' hex-five.com
Upload the bitstream to the Arty board following directions from SiFive - https://sifive.cdn.prismic.io/sifive%2Fed96de35-065f-474c-a432-9f6a364af9c8_sifive-e310-arty-gettingstarted-v1.0.6.pdf
Install the certified RISC-V toolchain for Linux - directions specific to a fresh Ubuntu 18.04 LTS, other Linux distros generally a subset
sudo apt update
sudo apt upgrade -y
sudo apt install git make default-jre libftdi1-dev
sudo ln -s /usr/lib/x86_64-linux-gnu/libmpfr.so.6 /usr/lib/x86_64-linux-gnu/libmpfr.so.4
wget https://github.com/hex-five/multizone-sdk/releases/download/v0.1.0/riscv-gnu-toolchain-20181226.tar.xz
tar -xvf riscv-gnu-toolchain-20181226.tar.xz
wget https://github.com/hex-five/multizone-sdk/releases/download/v0.1.0/riscv-openocd-20181226.tar.xz
tar -xvf riscv-openocd-20181226.tar.xz
git clone https://github.com/hex-five/multizone-sdk
sudo apt-get install libusb-0.1-4
sudo apt-get install screen
If you have not already done so, you need to edit or create a file to place the USB devices until plugdev group so you can access them without root privileges:
sudo vi /etc/udev/rules.d/99-openocd.rules
Then place the following text in that file if it is not already there
# These are for the HiFive1 Board
SUBSYSTEM=="usb", ATTR{idVendor}=="0403",
ATTR{idProduct}=="6010", MODE="664", GROUP="plugdev"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403",
ATTRS{idProduct}=="6010", MODE="664", GROUP="plugdev"
# These are for the Olimex Debugger for use with E310 Arty Dev Kit
SUBSYSTEM=="usb", ATTR{idVendor}=="15ba",
ATTR{idProduct}=="002a", MODE="664", GROUP="plugdev"
SUBSYSTEM=="tty", ATTRS{idVendor}=="15ba",
ATTRS{idProduct}=="002a", MODE="664", GROUP="plugdev"
Detach and re-attach the USB devices for these changes to take effect.
Add environment variables and a path to allow the Makefiles to find the toolchain
edit ~/.bashrc and ~/.profile and place the following text at the bottom of both files.
export RISCV=/home/<username>/riscv-gnu-toolchain-20181226
export OPENOCD=/home/<username>/riscv-openocd-20181226
export PATH="$PATH:/home/<username>/riscv-gnu-toolchain-20181226/bin"
Close and restart the terminal session for these changes to take effect.
cd multizone-sdk/
make clean
make
This will result in a HEX file that is now ready to upload to the Arty board.
make load
The system contains three zones:
- Zone 1: UART Console (115200 baud, 8N1) with commands that enable the following:
- load, store exec - issue discrete load / store / exec commands to test the boundaries of physical memory protection in Zone 1
- invalid commands generate hardware exceptions that send a response to the user via handlers that are registered in main.c
- send / recv messages to / from other zones
- timer - set a soft timer in ms
- yield - measure the round trip time through three zones when you yield context
- stats - complete a number of yield commands and calculate statistics on performance
- restart - restart the console
- load, store exec - issue discrete load / store / exec commands to test the boundaries of physical memory protection in Zone 1
- Zone 2: LED PWM + Interrupts
- This Zone is running a modified version of SiFive's coreplexip_welcome demo with trap and emulate functions
- Buttons 0-2 are mapped to interrupts in this Zone, they will cause the LED to change color for 5s and send a message to zone 1
- These interrupt handlers themselves can be interrupted and resumed by pressing another button before the first handler is complete
- Zone 3: Robot Control
- This zone controls a robot via GPIO; if you do not have the robot then this zone simply yields for you
- Robot commands are all issued ia messages from zone 1:
- send 3 > - unfold
- send 3 1 - begin recursive dance
- send 3 0 - stop recursive dance when it reaches home
- send 3 < - fold
- As temperature, humidity and battery life affect the robot motor speed, small adjustments can be made as follows
- send 3 q (open claw)
- send 3 a (close claw)
- send 3 w (lift wrist)
- send 3 s (drop wrist)
- send 3 e (lift elbow)
- send 3 d (drop elbow)
- send 3 r (lift shoulder)
- send 3 f (drop shoulder)
- send 3 t (rotate base counterclockwise)
- send 3 g (rotate base clockwise)
See the MultiZone Manual (Pending) or visit http://www.hex-five.com