This repo maintains sPMP version of Penglai Enclave.
- OpenSBI-based Penglai is maintained in Nuclei SDK now.
Penglai uses Docker for building and uses submodules to track different componets.
Therefore, the only requirement to build and run penglai-demo is:
- Docker: for building/running Penglai
- Git: for downloading the code
The version for FPGA and RISC-V board is comming soon.
First, download the all the code:
git clone https://github.com/Penglai-Enclave/Penglai-Enclave-sPMP.git
Enter the penglai-enclave directory, cd Penglai-Enclave
And then,
git submodule update --init --recursive
Last, build penglai using our Docker image:
./docker_cmd.sh build
When the building process finished, you are ready to run the penglai demo.
In the penglai-enclave directory,
./docker_cmd.sh qemu
If everything is fine, you will enter a Linux terminal booted by Qemu with Penglai-installed.
Enter the terminal with the user name: root, and passwords: penglai.
Insmod the enclave-driver
insmod penglai.ko
And the, you can run a demo, e.g., a prime enclave, using
./host prime
Here, the host is an enclave invoker, which will start an enclave (name from input).
Mulan Permissive Software License,Version 1 (Mulan PSL v1)
- buildroot: The buildroot rootfs for Penglai (from Sifive's Freedom U-sdk)
- linux: The Untrusted OS kernel (kernel 4.15) for Penglai (from Sifive's Freedom U-sdk)
- monitor: The secure monitor of Penglai, implementing isolation using PMP/sPMP, based on BBL
- riscv-qemu: The modified qemu (4.1) to support sPMP
- scripts: some scripts to build/run Penglai demo
- conf: some configuration files to build Penglai
- copy-files: a temp dir to store files copied into Penglai
If you are developing Penglai, please use pull requests on target submodule project (not on the super project).
Please fell free to post your concerns, ideas, code or anything others to issues.
Please refer the wiki for more details
The design of Penglai was inspired by Sanctum, Keystone and HexFive, thanks to their great work.