ISLET is a project to enable on-device confidential computing for end users by leveraging ARMv9 CCA that is the newly emerging confidential computing hardware on ARM devices. Using the hardware support, ISLET enables a Trusted Execution Environment (TEE) on user’s devices within which users can securely process, store, communicate and manage their private data. The protection provided by ISLET applies not only to data-at-rest but also to data-in-use even in the presence of malicious privileged software on devices. We develop components enabling Realm Virtual Machines (VMs), which are secure VM-level TEE provided by ARMv9 CCA. To manage Realm VMs, Realm Management Monitor (RMM) is needed to be running at EL2 in the Realm world. Although the Monitor firmware is available as an open source, there is no functional Realm Management Monitor (RMM) code available yet. ISLET provides the implementation of RMM that is written in Rust.
./scripts/init.sh./scripts/fvp-cca --normal-world={linux|tf-a-tests} --realm-vm={tftf|linux}
./scripts/fvp-cca --nw={linux|tf-a-tests| -vm={tftf|linux}Welcome to Buildroot, type root or test to login
buildroot login: root# cd /qemu/guest/
# ../qemu-system-aarch64 \
-kernel tftf-realm.elf \
--enable-kvm \
-cpu host \
-smp 1 \
-m 256M \
-M virt,gic-version=3 \
-nographic../qemu-system-aarch64 \
-kernel Image_realmvm \
-initrd initramfs-busybox-aarch64.cpio.gz \
-append "earlycon=pl011,mmio,0x1c0a0000 console=ttyAMA0" \
--enable-kvm \
-cpu host \
-smp 1 \
-M virt,gic-version=3 \
-m 256M \
-nographic./scripts/test.sh --unit-test./scripts/test.sh --coverage./scripts/fvp-cca --normal-world=tf-a-tests --debugThen, execute the t32 application (e.g., ./t32marm-qt) and run the script ./debug/t32.cmm via "File -> Run Script".
For bash scripts,
assets/formatter/shfmt -w -ci -bn -fn <TARGET>For rust,
cargo fmt.editorconfig is also ready as well.
This file helps use proper indentation when you use editor (e.g., vim, vscode).
You can set the editor configuration like the below if you use vim.