CHES Workshop Preparation
CHES CHERIoT Workshop Preparation
In advance of the CHES Affiliated Sunburst Workshop, it's essential you prepare your environment so any issues can be sorted in advance of the day. If you have any issues in following this guide please contact the Sunburst Team on
The Sonata software build environment can be setup under Windows, OSX and Linux.
We use a tool called Nix to manage the build environment on all platforms. You will install it but don't need to know anything about it to follow these instructions.
Only Windows requires specific instructions, Nix handles everything you need on Linux and OSX. So if you're not using Windows jump straight to 'Installing Nix'.
Windows Specific Setup
To obtain a Linux environment on Windows, you can choose to start a virtual machine or use Windows Subsystem for Linux (WSL).
Microsoft provides a detailed guide on how to install WSL: For latest systems this would just be a single command:
wsl --install
You might need to enable virtualisation in the BIOS if it's not enabled by default.
If you are running the command without admin privileges, user account control (UAC) popups will appear a few times asking to allow changes to be made to the device. Click "yes" to approve.
After the command's completion, it should say that Ubuntu is installed. Reboot your machine to make these changes effective.
After rebooting, Ubuntu should be available in your start menu. Click it to start. For the first time, it would prompt you to select a Unix username and password. Follow the Linux (Ubuntu) steps for the rest of this guide.
ℹ️ If you have installed your WSL a long time ago, systemd may not have been enabled by default. It is recommended to use enable systemd. See
Installing Nix
The Nix package manager is used to create reproducible builds and consistent development environments.
We recommend installing Nix with the Determinate Systems' nix-installer
curl --proto '=https' --tlsv1.2 -sSf -L | sh -s -- install
For more indepth instructions, follow the guide on the zero to nix site.
If you've downloaded nix through another method, make sure the experimental features "flakes" and "nix-command" are enabled.
To use Nix from the terminal you'll need to open up a new terminal for it to be added to your path.
Setup Cache
To make use of the lowRISC cache so you don't have to rebuild binaries yourself, you'll need to make sure you're a trusted user.
To do this, you will need to add your user to the trusted users in /etc/nix/nix.conf
, e.g. trusted-users = root username
. You can also add all users from a certain group instead of a single user by using an @
symbol before the group name, e.g. @sudo
or @wheel
ℹ️ For Ubuntu users (including WSL users), this means adding this line to the
:trusted-users = root @sudo
You'll need to restart the nix-daemon afterwards for the change to be picked up.
sudo systemctl restart nix-daemon
ℹ️ For OSX users, this means adding this line to the
:trusted-users = root @admin
You then need to restart your Mac for the changes to take effect.
Enter the CHERIoT development environment
Running the following will put you in a shell environment with all the applications needed to build the CHERIoT RTOS.
# Enter the shell with
nix develop github:lowRISC/sonata-software
# Exit the shell with
These applications are layered on top of your usual environment. You can see what was added with echo $PATH
do you want to allow configuration setting 'extra-substituters' to be set to '' (y/N)? y
do you want to permanently mark this value as trusted (y/N)? y
do you want to allow configuration setting 'extra-trusted-public-keys' to be set to '' (y/N)? y
do you want to permanently mark this value as trusted (y/N)? y
warning: ignoring untrusted substituter '', you are not a trusted user.
If you see the warning that substituter is ignored, cancel the process with Ctrl+C and check to see that trusted-users is setup properly. Nix can and will build everything from source if it can't find a cached version, so letting it continue will cause LLVM-Cheriot to be built from scratch on your machine.
Your first build
Clone the sonata software repository, making sure to recursively clone submodules as well, then navigate into it.
git clone --recurse-submodule \
cd sonata-software
Enter the nix development development environment if you haven't already.
Note that because we are in the repository we don't need to provide any arguments to nix develop
nix develop
Then build the examples with the following command.
xmake -P examples
After running this you should see the build run to completion and report success, the critical lines indicating a successful build are:
Converted to uf2, output size: 74752, start address: 0x2000
Wrote 74752 bytes to build/cheriot/cheriot/release/sonata_simple_demo.uf2
[100%]: build ok, spent 6.827s
(Note output size may differ)
If you have got a successful build, congratulations! Your environment is ready to go for Sonata software development.
For reference the full output (from a build run on a Linux machine) looks like:
$ xmake build -P examples
generating /home/hugom/r/lr/sonata-software/cheriot-rtos/sdk/ ... cache
generating /home/hugom/r/lr/sonata-software/cheriot-rtos/sdk/ ... cache
generating /home/hugom/r/lr/sonata-software/cheriot-rtos/sdk/ ... cache
generating /home/hugom/r/lr/sonata-software/cheriot-rtos/sdk/ ... cache
generating /home/hugom/r/lr/sonata-software/cheriot-rtos/sdk/ ... cache
[ 40%]: compiling.release ../cheriot-rtos/sdk/core/token_library/token_unseal.S
[ 40%]: cache compiling.release ../cheriot-rtos/sdk/core/scheduler/
[ 41%]: compiling.release ../cheriot-rtos/sdk/core/loader/boot.S
[ 42%]: cache compiling.release ../cheriot-rtos/sdk/core/loader/
[ 42%]: cache compiling.release snake/
[ 42%]: cache compiling.release ../cheriot-rtos/sdk/core/scheduler/
[ 42%]: cache compiling.release all/
[ 42%]: cache compiling.release ../cheriot-rtos/sdk/core/scheduler/
[ 42%]: cache compiling.release ../cheriot-rtos/sdk/core/scheduler/
[ 42%]: cache compiling.release all/
[ 42%]: cache compiling.release all/
[ 42%]: cache compiling.release ../libraries/
[ 42%]: compiling.release ../cheriot-rtos/sdk/core/switcher/entry.S
[ 42%]: cache compiling.release all/
[ 42%]: cache compiling.release ../cheriot-rtos/sdk/lib/freestanding/memcpy.c
[ 42%]: cache compiling.release ../cheriot-rtos/sdk/core/allocator/
[ 43%]: cache compiling.release ../cheriot-rtos/sdk/lib/debug/
[ 43%]: cache compiling.release ../cheriot-rtos/sdk/lib/freestanding/memset.c
[ 43%]: cache compiling.release ../third_party/display_drivers/core/lcd_base.c
[ 43%]: cache compiling.release ../third_party/display_drivers/core/m3x6_16pt.c
[ 43%]: cache compiling.release ../third_party/display_drivers/st7735/lcd_st7735.c
[ 43%]: cache compiling.release ../cheriot-rtos/sdk/lib/freestanding/memcmp.c
[ 44%]: cache compiling.release all/
[ 45%]: cache compiling.release ../cheriot-rtos/sdk/core/scheduler/
[ 46%]: cache compiling.release ../cheriot-rtos/sdk/lib/compartment_helpers/
[ 47%]: cache compiling.release ../cheriot-rtos/sdk/lib/compartment_helpers/
[ 48%]: cache compiling.release ../cheriot-rtos/sdk/lib/locks/
[ 49%]: cache compiling.release ../cheriot-rtos/sdk/lib/locks/
[ 50%]: cache compiling.release ../cheriot-rtos/sdk/lib/atomic/
[ 50%]: cache compiling.release ../cheriot-rtos/sdk/lib/crt/cz.c
[ 51%]: cache compiling.release ../cheriot-rtos/sdk/lib/crt/arith64.c
[ 52%]: cache compiling.release ../cheriot-rtos/sdk/lib/atomic/
[ 53%]: linking privileged library cheriot.token_library.library
[ 56%]: linking library lcd.library
[ 57%]: linking library debug.library
[ 57%]: linking library crt.library
[ 61%]: linking compartment lcd_test.compartment
[ 62%]: linking compartment proximity_sensor_example.compartment
[ 63%]: linking compartment led_walk_raw.compartment
[ 67%]: linking compartment i2c_example.compartment
[ 69%]: linking compartment echo.compartment
[ 55%]: linking library freestanding.library
[ 71%]: linking library compartment_helpers.library
[ 73%]: linking compartment snake.compartment
[ 76%]: linking library atomic1.library
[ 78%]: linking library atomic4.library
[ 79%]: linking library locks.library
[ 81%]: linking privileged compartment proximity_test.scheduler.compartment
[ 82%]: linking privileged compartment cheriot.allocator.compartment
[ 83%]: linking privileged compartment sonata_simple_demo.scheduler.compartment
[ 84%]: linking privileged compartment sonata_proximity_demo.scheduler.compartment
[ 85%]: linking privileged compartment sonata_demo_everything.scheduler.compartment
[ 85%]: linking privileged compartment snake_demo.scheduler.compartment
[ 91%]: linking firmware ../build/cheriot/cheriot/release/proximity_test
[ 91%]: Creating firmware report ../build/cheriot/cheriot/release/proximity_test.json
[ 91%]: Creating firmware dump ../build/cheriot/cheriot/release/proximity_test.dump
Converted to uf2, output size: 89088, start address: 0x2000
Wrote 89088 bytes to ../build/cheriot/cheriot/release/proximity_test.uf2
[ 92%]: linking firmware ../build/cheriot/cheriot/release/sonata_simple_demo
[ 92%]: linking firmware ../build/cheriot/cheriot/release/sonata_proximity_demo
[ 93%]: linking firmware ../build/cheriot/cheriot/release/sonata_demo_everything
[ 95%]: linking firmware ../build/cheriot/cheriot/release/snake_demo
[ 92%]: Creating firmware report ../build/cheriot/cheriot/release/sonata_simple_demo.json
[ 92%]: Creating firmware dump ../build/cheriot/cheriot/release/sonata_simple_demo.dump
[ 92%]: Creating firmware report ../build/cheriot/cheriot/release/sonata_proximity_demo.json
[ 92%]: Creating firmware dump ../build/cheriot/cheriot/release/sonata_proximity_demo.dump
[ 95%]: Creating firmware report ../build/cheriot/cheriot/release/snake_demo.json
[ 95%]: Creating firmware dump ../build/cheriot/cheriot/release/snake_demo.dump
[ 93%]: Creating firmware report ../build/cheriot/cheriot/release/sonata_demo_everything.json
[ 93%]: Creating firmware dump ../build/cheriot/cheriot/release/sonata_demo_everything.dump
Converted to uf2, output size: 147968, start address: 0x2000
Wrote 147968 bytes to ../build/cheriot/cheriot/release/sonata_simple_demo.uf2
Converted to uf2, output size: 152576, start address: 0x2000
Wrote 152576 bytes to ../build/cheriot/cheriot/release/sonata_proximity_demo.uf2
Converted to uf2, output size: 152576, start address: 0x2000
Wrote 152576 bytes to ../build/cheriot/cheriot/release/sonata_demo_everything.uf2
Converted to uf2, output size: 112128, start address: 0x2000
Wrote 112128 bytes to ../build/cheriot/cheriot/release/snake_demo.uf2
[100%]: build ok, spent 9.802s
warning: ./cheriot-rtos/sdk/xmake.lua:116: unknown language value 'c2x', it may be 'c90'
warning: add -v for getting more warnings ..
Debug logs
If you want debug logs from the RTOS, configure your build with the following additional options.
rm -rf build .xmake
xmake config -P examples
--debug-scheduler=y --debug-locks=y \
--debug-cxxrt=y --debug-loader=y \
--debug-token_library=y --debug-allocator=y
xmake -P examples
Reconfiguring doesn't always work reliably, so often you will want to delete the build
and .xmake
directories when changing the configuration.