Can We Enable the Security Monitor On-Chip Memory Plugin in Keystone's QEMU Platform?

[AlfiRam]

Is it possible to implement or emulate the Security Monitor on-chip memory plugin in the Keystone QEMU platform?

I'm interested in using this feature alongside the runtime's enclave paging plugin for security testing against hardware attacks.

My current understanding is that in the paper, the on-chip memory plugin is implemented for FU540-C000 hardware, while QEMU is an emulator, not actual hardware. Given this context, I have a few questions:

1. Is enabling the SM on-chip memory plugin in QEMU possible?
2. If yes, what would be the best approach to implement this?
3. If not, are there alternative ways to achieve similar functionality for testing purposes?

[grg-haas]

Hi @AlfiRam ! I imagine this could be possible by modifying QEMU and the SM somewhat, yes! In QEMU you'd probably want to add a custom memory range, corresponding to the physical address range for the on-chip memory. Then you'd need to somehow load the SM into this memory range rather than the standard DRAM range. I'm not too familiar with QEMU's internal APIs in that regard, but it totally should be possible!