-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
seL4 won't run on latest keystone version #448
Comments
Hi, I cannot say much about current Keystone and seL4 compatibility. However, FWIW, you can debug the enclaves in QEMU using
from here can use |
Thank you, but GDB seems to only help until the program counter is inside the enclave. Unfortunately, GDB is unable to access the memory in that location, so I don't know what exactly is happening:
This is why I think that Enclaves themselves are not debuggable. I also found this open issue about this: keystone-enclave/keystone-sdk#6
|
I usually put breakpoints at privilege modes entry points because single stepping between them never worked for me. Generally speaking, this should be this way regardless of the enclave you have. Note, that 0xffffffffc0000000 is a virtual address and the CPU is managing physical addresses at the SM. That might be the reason it cannot access that address. |
Hi @swidi ! The original issue that you're facing (
RISC-V typically uses 4kB pages, so I'd recommend bumping your untrusted size to at least that value. @finmackandal is correct in that enclaves can be debugged, but this can get a little tricky when things are not working correctly. In your specific case, you say that you get to
And this will show you the current PMP configuration. In your case, I have a gut instinct that PMP is not getting correctly configured since your untrusted size is not a multiple of the page size. If you fix that, I wouldn't be too surprised if your runtime starts working as well. Keep me updated! |
Thank you guys, that was already quite helpful. You were right about debugging enclaves being possible in general, it works well with the example applications and Eyrie. I can easily break at a function within the EApp and debug from there. With seL4 or a small baremetal example that I am currently trying, though, it seems like the entry function is never reached. Could it be that the loader.bin only works with Eyrie? It is part of the Eyrie repository after all. @grg-haas Indeed setting the untrusted size to a different value resolved the warning message. Unfortunately, the runtime did not start working. PMP seems to be the same, both for the working hello world example and the non working seL4 or baremetal test:
However, I don't know enough about RISC-V to be able to interpret this. For reference, my 'baremetal example' looks like this:
With the linker script adapted from Eyrie:
|
Hmmmm, so with this example I could see a couple of issues. First, it seems that you are storing to the address Here's what I'd be interested in to debug this:
|
You might be right about the address thing! I was able to break on
However, when I step through, only the first three instructions are executed. After
This is starting to make sense now. However, for seL4, I still can't read from
Perhaps the binary just isn't loaded there. I have followed the instructions from here, and it does say that it is deprecated in keystone 0.5. I wonder what changed from there. Surely the loading mechanisms is different now since we have a seperate loader binary. When I take a look at the patch applied to seL4, it does seem like it is loaded at |
I think I found out why I can't access that region for seL4. Objdump revealed that the code is mapped at a very different location:
And indeed, I can examin this memory location with GDB and find the instructions. So, it seems like the jump-in address has changed from the old to the new keystone version. Now I just need to find out how to change either the location of seL4 or the location where the loader jumps to... |
Ahhhh, I see what you're saying. You have both your baremetal example which stores I believe this is where the address to return to is loaded: keystone/runtime/loader-binary/loader.S Line 36 in e310f6a
And this is the function that actually does ELF loading: keystone/runtime/loader/loader.c Line 17 in e310f6a
One thing you could check when running seL4 is set a breakpoint on |
Describe the bug
seL4 won't run with the latest keystone version. The kernel has been compiled just as described and runs well on the old keystone version. Host application has been adapted to the new SDK:
Screenshots or Error Log
No error, just nothing happens after extraction. Unfortunately, debugging of enclave applications is not possible, so I cannot provide any more info.
Additional context
I am working on a research project with the goal of having OP-TEE as an enclave besides Linux, having seL4 as an enclave would serve as a good reference.
The text was updated successfully, but these errors were encountered: