ChebbiOS

QEMU Cortex-A7, Docker & Microsoft SEAL Cross-Compilation

#qemu#docker#arm#cortex-a7#microsoft-seal#cross-compilation#buildroot#embedded-systems

1. Objective

The goal of this work is to build a reproducible environment that allows:

  • Emulation of an ARM Cortex-A7 CPU using QEMU
  • Booting a Linux ARM system generated with Buildroot
  • Cross-compilation of Microsoft SEAL for ARM
  • Execution of ARM binaries inside the emulated Linux system

All of this is achieved using:

  • Docker for environment isolation
  • A persistent volume mounted on /mnt/data3
  • A setup that can be shared with other users

2. Global Architecture

2.1 Server directory structure

graph LR
    subgraph Host[Host Machine]
        DockerDisk[/"/mnt/data3/CAPH/CAPH522/qemu_cortex_a7"/]
        subgraph Docker[Docker Container]
            direction TB
            Workspace[/"/workspace"/]
            QEMU[QEMU Emulator]
            subgraph Emulated[Emulated Hardware Cortex-A7]
               Linux[Linux Kernel + RootFS]
               SEAL[Microsoft SEAL App]
            end
            Toolchain[ARM Cross-Toolchain]
        end
    end

    DockerDisk -.->|Volume Mount| Workspace
    Workspace -->|Contains| Linux
    Workspace -->|Contains| SEAL
    Toolchain -->|Compiles| SEAL
    QEMU -->|Runs| Linux
    Linux -->|Executes| SEAL
    
    style Docker fill:#e1f5fe,stroke:#01579b
    style Emulated fill:#fff3e0,stroke:#e65100
    style Host fill:#f3e5f5,stroke:#4a148c
/mnt/data3/CAPH/CAPH522/qemu_cortex_a7
├── Dockerfile
├── run_qemu.sh
├── buildroot/
│   └── output/images/
│       ├── zImage
│       └── rootfs.cpio
└── seal/
    └── SEAL/                 (Microsoft SEAL sources)
        └── build-arm/        (ARM cross-compiled build)

2.2 Component roles

  • Docker image: Provides QEMU, the ARM cross-toolchain, and build tools
  • Docker volume (/workspace): Stores source code, Buildroot images, and generated binaries
  • QEMU: Emulates a Cortex-A7 CPU using the virt machine model
  • Buildroot: Generates the Linux kernel (zImage) and root filesystem (rootfs.cpio)
  • Microsoft SEAL: Homomorphic encryption library, cross-compiled for ARM

3. Docker Environment

3.1 Dockerfile

The Docker image installs QEMU for ARM, ARM hard-float cross-compilers, and build tools.

FROM ubuntu:22.04

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
    qemu-system-arm \
    qemu-utils \
    gcc-arm-linux-gnueabihf \
    g++-arm-linux-gnueabihf \
    make \
    cmake \
    git \
    file \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /workspace
CMD ["bash"]

3.2 Building the Docker image

docker build -t qemu_cortex_a7 .

4. Docker Volume Usage

The project directory is mounted into the container as a volume:

docker run --rm -it \
  -v /mnt/data3/CAPH/CAPH522/qemu_cortex_a7:/workspace \
  qemu_cortex_a7

This ensures:

  • File persistence
  • IDE integration
  • Reproducibility across container runs

5. QEMU Cortex-A7 Emulation

5.1 QEMU launch script (run_qemu.sh)

#!/bin/bash

set -e

cd /workspace

KERNEL=buildroot/output/images/zImage
ROOTFS=buildroot/output/images/rootfs.cpio

if [ ! -f "$KERNEL" ] || [ ! -f "$ROOTFS" ]; then
  echo " Missing kernel or rootfs"
  echo "Expected:"
  echo "  $KERNEL"
  echo "  $ROOTFS"
  exit 1
fi

echo " Booting Linux ARM (Cortex-A7) with QEMU"
echo "Kernel : $KERNEL"
echo "Rootfs : $ROOTFS"
echo

exec qemu-system-arm \
  -M virt \
  -cpu cortex-a7 \
  -m 512M \
  -nographic \
  -kernel "$KERNEL" \
  -initrd "$ROOTFS" \
  -append "console=ttyAMA0 root=/dev/ram rw"

5.2 Booting the ARM Linux system

docker run --rm -it \
  -v /mnt/data3/CAPH/CAPH522/qemu_cortex_a7:/workspace \
  qemu_cortex_a7 \
  /workspace/run_qemu.sh

Result:

  • Linux ARM (Buildroot) boots successfully
  • Serial console (ttyAMA0)
  • Functional shell environment

6. Microsoft SEAL – ARM Cross-Compilation

6.1 Cloning the SEAL sources

cd /mnt/data3/CAPH/CAPH522/qemu_cortex_a7/seal
git clone https://github.com/microsoft/SEAL.git

6.2 ARM CMake toolchain file

Create a file named toolchain-arm.cmake:

set(CMAKE_SYSTEM_NAME Linux)
set(CMAKE_SYSTEM_PROCESSOR arm)

set(CMAKE_C_COMPILER   /usr/bin/arm-linux-gnueabihf-gcc)
set(CMAKE_CXX_COMPILER /usr/bin/arm-linux-gnueabihf-g++)

set(CMAKE_C_FLAGS   "-march=armv7-a -mfpu=neon -mfloat-abi=hard")
set(CMAKE_CXX_FLAGS "-march=armv7-a -mfpu=neon -mfloat-abi=hard")

set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)

6.3 Configuring and building SEAL

Run the following commands inside the Docker container:

cd /workspace/seal/SEAL
mkdir build-arm
cd build-arm

cmake .. \
  -DCMAKE_TOOLCHAIN_FILE=/workspace/seal/toolchain-arm.cmake \
  -DSEAL_BUILD_EXAMPLES=ON \
  -DSEAL_USE_ZLIB=OFF \
  -DCMAKE_BUILD_TYPE=Release

make -j$(nproc)

6.4 Build result

The ARM binary is generated at: /workspace/seal/SEAL/build-arm/bin/sealexamples

Verification:

file sealexamples

Expected output: ELF 32-bit LSB executable, ARM, EABI5

➡️ ARM cross-compilation successfully validated.

7. Current Project Status

At this stage:

  • ✅ Docker environment validated
  • ✅ Persistent volume validated
  • ✅ QEMU Cortex-A7 emulation working
  • ✅ Linux ARM (Buildroot) booting
  • ✅ Microsoft SEAL cross-compiled for ARM
  • ⏳ SEAL binary integration into the Buildroot rootfs (planned next)

8. Next Steps

  • Make sealexamples available inside the ARM Linux root filesystem
  • Run SEAL benchmarks on ARM
  • Performance comparison
  • Final documentation and automation
Next Part
Integration & Execution of Microsoft SEAL in Linux ARM