README.md
Rendering markdown...
#!/bin/bash
# Boot QEMUv8 and run the C-01 PoC to reproduce the PKCS#11 heap overflow.
set -e
ROOT="$(cd "$(dirname "$0")" && pwd)"
BINDIR="$ROOT/out/bin"
QEMU="$ROOT/qemu/build/qemu-system-aarch64"
# Verify required artifacts
for f in bl1.bin Image rootfs.cpio.gz c01_poc; do
[[ -f "$BINDIR/$f" ]] || { echo "[-] Missing: $BINDIR/$f"; exit 1; }
done
# Build QEMU args (matching qemu_v8.mk defaults + virtfs share)
QEMU_ARGS="\
-nographic \
-smp 2 \
-cpu max,sme=on,pauth-impdef=on \
-d unimp \
-semihosting-config enable=on,target=native \
-m 1057 \
-bios bl1.bin \
-initrd rootfs.cpio.gz \
-kernel Image \
-append 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2' \
-machine virt,acpi=off,secure=on,mte=off,gic-version=3,virtualization=false \
-object rng-random,filename=/dev/urandom,id=rng0 \
-device virtio-rng-pci,rng=rng0,max-bytes=1024,period=1000 \
-netdev user,id=vmnic \
-device virtio-net-device,netdev=vmnic \
-fsdev local,id=fsdev0,path=$BINDIR,security_model=none \
-device virtio-9p-pci,fsdev=fsdev0,mount_tag=host \
-serial mon:stdio \
-serial file:$BINDIR/c01_sw.log"
export QEMU
export QEMU_ARGS
export BINDIR
cd "$BINDIR"
rm -f c01_nw.log c01_sw.log
echo "[*] Starting QEMUv8 for C-01 reproduction..."
expect "$ROOT/c01_check.exp"
RC=$?
echo ""
echo "=== Secure World log (c01_sw.log) ==="
grep -E "Panic|panic|PANIC|assertion|overflow|ERROR|TEE_Panic|TA crashed|killed" \
"$BINDIR/c01_sw.log" 2>/dev/null || echo "(no panic keywords found — see full log)"
echo "=== End of SW log summary ==="
echo ""
echo "Full logs: $BINDIR/c01_nw.log $BINDIR/c01_sw.log"
exit $RC