The fact that this is even possible is interesting: indeed, not all ISAs are virtualizable, and the same applies for their firmware mode. It all boils down to the virtualization requirements [1], which is a great read if you haven't come across it yet. Arm's EL3 cannot be virtualized, for instance, because some instructions, such as `cpsid`, are sensitive but do not trap (`cpsid` is a nop in user-space).
If you have a VisionFive 2 or a HiFive Premier P550, you can try it out, the instructions are in the documentation [2, 3]. Of course, it runs on QEMU too.
As Miralis is a research project, we have also been using it as a vehicle to explore other research ideas, such as automated verification of hypervisors [4]. For instance, we verified instruction emulation by comparing Miralis' implementation with the reference RISC-V executable specification [5], which we translated to Rust.
It has been fun working on Miralis, I hope you'll find it interesting too!
[1]: https://dl.acm.org/doi/pdf/10.1145/361011.361073
[2]: https://miralis-firmware.github.io/docs/platforms/visionfive...
[3]: https://miralis-firmware.github.io/docs/platforms/premierp55...
[4]: https://charlycst.github.io/papers/lightweight-hypervisor-ve...