- What is Coffer?
- Quickstart with QEMU.
- Quickstart with Nezha D1.
- Current Status.
- Contact.
- License and Copyright.
Coffer is designed to be an flexible, software-based trusted execution environment. It requires a minimal hardware primitive (PMP is all you need!) to provide a powerful software interface for TEE.
To run Linux with Coffer, you will need to prepare a Linux image and a rootfs.
One may refer to this tutorial (EN) or this tutorial (CN) to learn how to build your own image and rootfs.
Once your Linux/rootfs is ready, you can run just one line to get coffer booting Linux in qemu.
just qemu <path-to-your-kernel> <path-to-your-rootfs>
Quickstart with Nezha D1
To run Linux with Coffer on Nezha D1 SoC, you will first need to get the Nezha SDK ready.
One may refer to the official guide to learn how to get Allwinner SDK setup.
To replace OpenSBI with Coffer, you will need to run the following command.
# Make other stuff using Allwinner SDK
just release sunxi # build coffer for target platform Nezha D1
cp coffer <path-to-allwinner-sdk>/device/config/chips/d1/bin/opensbi_sun20iw1p1.bin # replace OpenSBI with Coffer
Once copied into the SDK, you can continue the tutorial provided by AllWinner and run Linux on D1 with Coffer enabled.
Coffer has serveral goals to archive in terms of both security and functionality.
- Linux-capable Bootload
- SBI Standard Implementation
- Runtime Memory Protection
- I/O Space Protection
- Firmware Specific Binary Interface
- Port to SiFive Unleashed Board
- Enclave Memory Migration
You can email luhy2017@mail.sustech.edu.cn if you have any questions about Coffer.
See LICENSE for distribution and use of source code, binaries, and documentation.