Prune stale FLUTE support
diff --git a/azure-pipelines.yml b/azure-pipelines.yml deleted file mode 100644 index 9cd81d7..0000000 --- a/azure-pipelines.yml +++ /dev/null
@@ -1,149 +0,0 @@ -trigger: -- core - -resources: - pipelines: - - pipeline: LLVM - project: CHERI-MCU - source: LLVM - - pipeline: Flute-TCM - project: CHERI-MCU - source: Flute-TCM - - pipeline: sail-cheri-mcu - project: CHERI-MCU - source: sail-cheri-mcu - -jobs: -############################################## Linux Builds -- job: - displayName: RTOS tests - pool: - vmImage: ubuntu-20.04 - timeoutInMinutes: 300 - strategy: - matrix: - HardwareRevokerRelease: - board: flute - flags: --debug-loader=n --debug-scheduler=n --debug-allocator=n - mode: release - SoftwareRevokerRelease: - board: flute-software-revoker - flags: --debug-loader=n --debug-scheduler=n --debug-allocator=n - mode: release - SailRelease: - board: sail - flags: --debug-loader=n --debug-scheduler=n --debug-allocator=n - mode: release - HardwareRevokerDebug: - board: flute - flags: --debug-loader=y --debug-scheduler=y --debug-allocator=y - mode: debug - SoftwareRevokerDebug: - board: flute-software-revoker - flags: --debug-loader=y --debug-scheduler=y --debug-allocator=y - mode: debug - SailDebug: - board: sail - flags: --debug-loader=y --debug-scheduler=y --debug-allocator=y - mode: debug - steps: - - checkout: self - submodules: recursive - - download: LLVM - - download: Flute-TCM - - download: sail-cheri-mcu - - script: | - set -eo pipefail - sudo add-apt-repository ppa:xmake-io/xmake - sudo apt update - sudo apt install xmake - displayName: 'Installing dependencies' - - script: | - chmod +x $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/* \ - $(Pipeline.Workspace)/$(resources.triggeringAlias)/Flute-TCM/FluteSimulator/* \ - $(Pipeline.Workspace)/$(resources.triggeringAlias)/sail-cheri-mcu/SailSimulator/* - echo $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM - echo $(Pipeline.Workspace) - ls -R $(Pipeline.Workspace) - displayName: 'See where anything is installed' - - script: | - ls $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/ - echo xmake f -P . --board=$(board) --sdk=$(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/ $(flags) -m $(mode) - xmake f -P . --board=$(board) --sdk=$(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/ $(flags) -m $(mode) - workingDirectory: 'tests' - displayName: 'Configure the build' - - script: | - xmake -P . -v - workingDirectory: 'tests' - displayName: 'Building the test suite' - - script: | - $(Pipeline.Workspace)/$(resources.triggeringAlias)/sail-cheri-mcu/SailSimulator/cheriot_sim -p --no-trace build/cheriot/cheriot/$(mode)/test-suite - condition: startsWith(variables['board'],'sail') - workingDirectory: 'tests' - displayName: 'Running the test suite on Sail' - - script: | - export PATH=$(Pipeline.Workspace)/$(resources.triggeringAlias)/Flute-TCM/FluteSimulator:$PATH - for I in `seq 32768` ; do echo 00000000 >> tail.hex ; done - elf_to_hex build/cheriot/cheriot/$(mode)/test-suite Mem.hex - hex_to_tcm_hex.sh - cp tail.hex Mem-TCM-tags-0.hex - exe_HW_sim +tohost | tee sim.log - EXIT_CODE=$(expr $(printf '%d' $(grep -E -e 'tohost_value is 0x[0-9a-zA-Z]+' -o sim.log | awk '{print $3}')) / 2) - echo "Exit code: $EXIT_CODE" - exit $EXIT_CODE - condition: startsWith(variables['board'],'flute') - workingDirectory: 'tests' - displayName: 'Running the test suite on Flute' - - script: | - set -eo pipefail - for example_dir in $PWD/examples/*/; do - cd $example_dir - echo Building $example_dir - xmake f --board=$(board) --sdk=$(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/ $(flags) -m $(mode) - xmake - done - displayName: 'Building the examples' - - script: | - set -eo pipefail - for example_dir in $PWD/examples/*/; do - cd $example_dir - echo Running $example_dir - example_name=$(basename ${example_dir#*.}) - $(Pipeline.Workspace)/$(resources.triggeringAlias)/sail-cheri-mcu/SailSimulator/cheriot_sim \ - build/cheriot/cheriot/$(mode)/${example_name} - done - condition: startsWith(variables['board'],'sail') - displayName: 'Running the examples' - -- job: - displayName: Check coding style - pool: - vmImage: ubuntu-20.04 - timeoutInMinutes: 300 - steps: - - checkout: self - submodules: recursive - - download: LLVM - - script: | - chmod +x $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/* - echo $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM - echo $(Pipeline.Workspace) - ls -R $(Pipeline.Workspace) - displayName: 'See where anything is installed' - - script: | - ./scripts/run_clang_tidy_format.sh $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/ - displayName: 'Running clang-tidy and clang-format' - -- job: - displayName: Compliance checks - pool: - vmImage: windows-latest - steps: - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 - displayName: 'Run CredScan' - inputs: - debugMode: false - - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 - displayName: 'Component Detection' - - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3 - displayName: 'Publish Security Analysis Logs'
diff --git a/docs/WritingADeviceDriver.md b/docs/WritingADeviceDriver.md index 305a4df..e24ce92 100644 --- a/docs/WritingADeviceDriver.md +++ b/docs/WritingADeviceDriver.md
@@ -194,11 +194,11 @@ ### Platform includes Each board description contains a set of include paths. -For example, our Flute prototype platform has this: +For example, our Ibex prototype platform has this: ```json "driver_includes" : [ - "../include/platform/flute", + "../include/platform/ibex", "../include/platform/generic-riscv" ], ```
diff --git a/scripts/run-flute.sh b/scripts/run-flute.sh deleted file mode 100755 index 107c9e3..0000000 --- a/scripts/run-flute.sh +++ /dev/null
@@ -1,45 +0,0 @@ -#!/bin/sh -if [ -z "${FLUTE_BUILD}" ] ; then - echo The FLUTE_BUILD environment variable should be set to the flute build directory - exit 0 -fi -# This script depends on non-portable GNU extensions, so prefer the g-prefixed -# versions if they exist -TAIL=tail -if which gtail ; then TAIL=gtail ; fi -HEAD=head -if which ghead ; then HEAD=ghead ; fi -PASTE=paste -if which gpaste ; then PASTE=gpaste ; fi -echo Using ${TAIL}, ${HEAD}, and ${PASTE} - -if [ ! -f tail.hex ] ; then - for I in $(seq 0 32768) ; do - echo 00000000 >> tail.hex - done -fi - -${FLUTE_BUILD}/../../Tests/elf_to_hex/elf_to_hex $1 Mem.hex - -awk '{print substr($0,33,8); print substr($0,0,8)}' Mem.hex > 1u-0.hex -awk '{print substr($0,41,8); print substr($0,9,8)}' Mem.hex > 0u-0.hex -awk '{print substr($0,49,8); print substr($0,17,8)}' Mem.hex > 1l-0.hex -awk '{print substr($0,57,8); print substr($0,25,8)}' Mem.hex > 0l-0.hex - -${TAIL} -n +3 1u-0.hex > 1u-1.hex -${TAIL} -n +3 0u-0.hex > 0u-1.hex -${TAIL} -n +3 1l-0.hex > 1l-1.hex -${TAIL} -n +3 0l-0.hex > 0l-1.hex - -${HEAD} -n -4 1u-1.hex > 1u-2.hex -${HEAD} -n -4 0u-1.hex > 0u-2.hex -${HEAD} -n -4 1l-1.hex > 1l-2.hex -${HEAD} -n -4 0l-1.hex > 0l-2.hex - -${PASTE} -d \\n 1l-2.hex 1u-2.hex > 1-0.hex -${PASTE} -d \\n 0l-2.hex 0u-2.hex > 0-0.hex - -cat 1-0.hex tail.hex | ${HEAD} -n 32768 > Mem-TCM-1.hex -cat 0-0.hex tail.hex | ${HEAD} -n 32768 > Mem-TCM-0.hex - -${FLUTE_BUILD}/exe_HW_sim +tohost > /dev/null
diff --git a/sdk/boards/flute-debug-uart.json b/sdk/boards/flute-debug-uart.json deleted file mode 100644 index b0dd865..0000000 --- a/sdk/boards/flute-debug-uart.json +++ /dev/null
@@ -1,52 +0,0 @@ -{ - "devices" : - { - "clint" : { - "start" : 0x2000000, - "length" : 0x10000 - }, - "plic" : { - "start" : 0xc000000, - "length" : 0x400000 - }, - "uart" : { - "start" : 0x10000100, - "end" : 0x10000200 - }, - "ethernet" : { - "start" : 0x10000100, - "end" : 0x10000200 - }, - "shadow" : { - "start" : 0x40000000, - "end" : 0x40001000 - }, - "shadowctrl" : { - "start" : 0x40001000, - "end" : 0x40001028 - } - }, - "instruction_memory" : { - "start" : 0x80000000, - "end" : 0x80040000 - }, - "heap" : { - "end" : 0x80040000 - }, - "revoker" : "hardware", - "stack_high_water_mark" : true, - "driver_includes" : [ - "../include/platform/flute", - "../include/platform/generic-riscv" - ], - "defines" : [ - "FLUTE", - "FLUTE_SHADOW_BASE=0x40000000U", - "FLUTE_SHADOW_SIZE=0x1000U" - ], - "timer_hz" : 40000, - "tickrate_hz" : 10, - "simulator" : "${sdk}/../scripts/run-flute.sh", - "simulation" : true -} -
diff --git a/sdk/boards/flute-no-revoker.json b/sdk/boards/flute-no-revoker.json deleted file mode 100644 index aca256b..0000000 --- a/sdk/boards/flute-no-revoker.json +++ /dev/null
@@ -1,43 +0,0 @@ -{ - "devices" : - { - "clint" : { - "start" : 0x2000000, - "length" : 0x10000 - }, - "plic" : { - "start" : 0xc000000, - "length" : 0x400000 - }, - "uart" : { - "start" : 0x10000100, - "end" : 0x10000200 - }, - "shadow" : { - "start" : 0x40000000, - "end" : 0x40001000 - } - }, - "instruction_memory" : { - "start" : 0x80000000, - "end" : 0x80040000 - }, - "heap" : { - "end" : 0x80040000 - }, - "defines" : [ - "FLUTE", - "FLUTE_SHADOW_BASE=0x40000000U", - "FLUTE_SHADOW_SIZE=0x1000U" - ], - "stack_high_water_mark" : false, - "driver_includes" : [ - "../include/platform/flute", - "../include/platform/generic-riscv" - ], - "timer_hz" : 40000, - "tickrate_hz" : 10, - "simulator" : "${sdk}/../scripts/run-flute.sh", - "simulation" : true -} -
diff --git a/sdk/boards/flute-software-revoker.json b/sdk/boards/flute-software-revoker.json deleted file mode 100644 index 0968fd2..0000000 --- a/sdk/boards/flute-software-revoker.json +++ /dev/null
@@ -1,44 +0,0 @@ -{ - "devices" : - { - "clint" : { - "start" : 0x2000000, - "length" : 0x10000 - }, - "plic" : { - "start" : 0xc000000, - "length" : 0x400000 - }, - "uart" : { - "start" : 0x10000100, - "end" : 0x10000200 - }, - "shadow" : { - "start" : 0x40000000, - "end" : 0x40001000 - } - }, - "instruction_memory" : { - "start" : 0x80000000, - "end" : 0x80040000 - }, - "heap" : { - "end" : 0x80040000 - }, - "stack_high_water_mark" : false, - "driver_includes" : [ - "../include/platform/flute", - "../include/platform/generic-riscv" - ], - "defines" : [ - "FLUTE", - "FLUTE_SHADOW_BASE=0x40000000U", - "FLUTE_SHADOW_SIZE=0x1000U" - ], - "timer_hz" : 40000, - "tickrate_hz" : 10, - "revoker" : "software", - "simulator" : "${sdk}/../scripts/run-flute.sh", - "simulation" : true -} -
diff --git a/sdk/boards/flute.json b/sdk/boards/flute.json deleted file mode 100644 index 42586f5..0000000 --- a/sdk/boards/flute.json +++ /dev/null
@@ -1,51 +0,0 @@ -{ - "devices" : - { - "clint" : { - "start" : 0x2000000, - "length" : 0x10000 - }, - "plic" : { - "start" : 0xc000000, - "length" : 0x400000 - }, - "uart" : { - "start" : 0x10000000, - "end" : 0x10000100 - }, - "ethernet" : { - "start" : 0x10000100, - "end" : 0x10000200 - }, - "shadow" : { - "start" : 0x40000000, - "end" : 0x40001000 - }, - "shadowctrl" : { - "start" : 0x40001000, - "end" : 0x40001028 - } - }, - "instruction_memory" : { - "start" : 0x80000000, - "end" : 0x80040000 - }, - "heap" : { - "end" : 0x80040000 - }, - "driver_includes" : [ - "../include/platform/flute", - "../include/platform/generic-riscv" - ], - "defines" : [ - "FLUTE", - "FLUTE_SHADOW_BASE=0x40000000U", - "FLUTE_SHADOW_SIZE=0x1000U" - ], - "timer_hz" : 40000, - "tickrate_hz" : 10, - "revoker" : "hardware", - "simulator" : "${sdk}/../scripts/run-flute.sh", - "simulation" : true -} -
diff --git a/sdk/core/loader/boot.S b/sdk/core/loader/boot.S index ae915cb..953db9e 100644 --- a/sdk/core/loader/boot.S +++ b/sdk/core/loader/boot.S
@@ -65,7 +65,7 @@ la_abs s0, loader_entry_point csetaddr cra, cra, s0 // Base and size of the GP of loader - // Flute doesn't support unaligned loads, so we have to load the base as + // Old sails don't support unaligned loads, so we have to load the base as // bytes clbu s0, IMAGE_HEADER_LOADER_DATA_START_OFFSET+3(ca1) sll s0, s0, 8 @@ -157,14 +157,7 @@ ecall // The idle thread sleeps and only waits for interrupts. .Lidle_loop: - // There is a bug in the Flute hardware revoker that means it stops during - // wfi, but we want it to run here. Flute is simulation only at the - // moment, so we don't care that the nop is power-inefficient. -#if defined(TEMPORAL_SAFETY) && defined(FLUTE) && !defined(SOFTWARE_REVOKER) - nop -#else wfi -#endif j .Lidle_loop .Lfill_block:
diff --git a/sdk/core/scheduler/plic.h b/sdk/core/scheduler/plic.h index 99874d5..246b905 100644 --- a/sdk/core/scheduler/plic.h +++ b/sdk/core/scheduler/plic.h
@@ -38,7 +38,7 @@ /* * FIXME: Sail doesn't have an interrupt controller at all, but we pretend - * it does just like FLUTE build to let things compile. We need tons of + * it does just like other builds to let things compile. We need tons of * #ifdefs or a big rewrite to make the entire external interrupt path * optional. *
diff --git a/sdk/include/cheri.hh b/sdk/include/cheri.hh index 0307cf7..f4d27aa 100644 --- a/sdk/include/cheri.hh +++ b/sdk/include/cheri.hh
@@ -1065,20 +1065,7 @@ */ Capability<T> &unseal(void *key) { -#ifdef FLUTE - // Flute still throws exceptions on invalid use. As a temporary - // work-around, add a quick check that this thing has the sealing - // type and don't unseal if it hasn't. This isn't a complete test, - // it's just sufficient to get the tests passing on Flute. - if (type() != __builtin_cheri_address_get(key)) - { - ptr = nullptr; - } - else -#endif - { - ptr = static_cast<T *>(__builtin_cheri_unseal(ptr, key)); - } + ptr = static_cast<T *>(__builtin_cheri_unseal(ptr, key)); return *this; }
diff --git a/sdk/include/platform/flute/platform-early_boot.inc b/sdk/include/platform/flute/platform-early_boot.inc deleted file mode 100644 index f8532a5..0000000 --- a/sdk/include/platform/flute/platform-early_boot.inc +++ /dev/null
@@ -1,12 +0,0 @@ - // Ugly hack. For some reason if I don't give this first load, subsequent mem - // ops will trap on Flute-TCM. - li a3, 0x80000000 - cspecialr ca4, mtdc - csetaddr ca4, ca4, a3 - clc c0, 0(ca4) - // The shadow memory may not be zeroed, ensure it is before we start or - // random capability loads will fail. - li a0, FLUTE_SHADOW_BASE - csetaddr ca0, ca4, a0 - li a1, FLUTE_SHADOW_BASE + FLUTE_SHADOW_SIZE - cjal .Lfill_block
diff --git a/sdk/include/platform/flute/platform-hardware_revoker.hh b/sdk/include/platform/flute/platform-hardware_revoker.hh deleted file mode 100644 index 759db15..0000000 --- a/sdk/include/platform/flute/platform-hardware_revoker.hh +++ /dev/null
@@ -1,105 +0,0 @@ -// Copyright Microsoft and CHERIoT Contributors. -// SPDX-License-Identifier: MIT - -#pragma once - -#include <cdefs.h> -#include <compartment-macros.h> -#include <riscvreg.h> -#include <stddef.h> -#include <stdint.h> - -namespace Flute -{ - template<typename WordT, size_t TCMBaseAddr> - class HardwareRevoker - { - private: - // layout of the shadow space control registers - struct ShadowCtrl - { - uint32_t base; - uint32_t pad0; - uint32_t top; - uint32_t pad1; - uint32_t epoch; - uint32_t pad2; - uint32_t go; - uint32_t pad4; - }; - static_assert(offsetof(ShadowCtrl, epoch) == 16); - static_assert(offsetof(ShadowCtrl, go) == 24); - - volatile ShadowCtrl *shadowCtrl; - - public: - /** - * Currently the only hardware revoker implementation is async which - * sweeps memory in the background. - */ - static constexpr bool IsAsynchronous = true; - - /** - * Initialise a revoker instance. - */ - void init() - { - /** - * These two symbols mark the region that needs revocation. We - * revoke capabilities everywhere from the start of compartment - * globals to the end of the heap. - */ - extern char __compart_cgps, __export_mem_heap_end; - - auto base = LA_ABS(__compart_cgps); - auto top = LA_ABS(__export_mem_heap_end); - shadowCtrl = MMIO_CAPABILITY(ShadowCtrl, shadowctrl); - shadowCtrl->base = base; - shadowCtrl->top = top; - // Clang tidy is checking headers as stand-alone compilation units - // and so doesn't know what Debug is defined to. -#ifndef CLANG_TIDY - Debug::Invariant(base < top, - "Memory map has unexpected layout, base {} is " - "expected to be below top {}", - base, - top); -#endif - } - - /** - * Returns the revocation epoch. This is the number of revocations - * that have started. - */ - uint32_t system_epoch_get() - { - asm volatile("" ::: "memory"); - return shadowCtrl->epoch; - } - - /** - * Queries whether the specified revocation epoch has finished. - */ - template<bool AllowPartial = false> - uint32_t has_revocation_finished_for_epoch(uint32_t epoch) - { - asm volatile("" ::: "memory"); - if (AllowPartial) - { - return shadowCtrl->epoch > epoch; - } - return shadowCtrl->epoch - epoch >= (2 + (epoch & 1)); - } - - // Start a revocation. - void system_bg_revoker_kick() - { - asm volatile("" ::: "memory"); - shadowCtrl->go = 1; - asm volatile("" ::: "memory"); - } - }; -} // namespace Flute - -template<typename WordT, size_t TCMBaseAddr> -using HardwareRevoker = Flute::HardwareRevoker<WordT, TCMBaseAddr>;