roll: third_party/pigweed/src 86f3575..5a9a718 (52 commits) 5a9a718:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/411212 roll: luci 401a14a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/411172 roll: fuchsia-infra-bazel-rules 0d4e8c2..fc3b673 (45 commits) 9346cba:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410697 various: Fix implicit conversion warnings e786646:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410632 pw_crypto: fix gn tests 603d02a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/405193 pw_kernel: Unify process and thread join/terminate syscalls 0d1276b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410393 pw_bluetooth_sapphire: Suppress LE auto-connect when peer is connected 9744b0a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410695 pw_bluetooth_hci,pw_bluetooth_proxy: Fix implicit conversion warnings 79c7210:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410693 various: Fix implicit conversion warnings 81bfe9c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/406812 pw_rpc: Use local encoding buffers when dynamic allocation is enabled b564425:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410112 pw_{bytes, protobuf} add `constexpr` to `if (endian::native == endian::little)`. e44a48b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410733 roll: toolchain-integration 4d82da1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/408234 pw_rust: Add rustdoc landing page 7e5c080:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409632 pw_rpc: Fix data race on test fixture clear 4ac30eb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/397613 pw_ide: Batch bazel info calls in merger.py 9892727:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/396335 pw_ide: Optimize compile commands generation performance c94f98f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410453 pw_function: Align FunctionRef constructors with C++26 standard a65bdfb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/406992 pw_presubmit: Relax check for detecting Gerrit-generated revert 0e4c8ad:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410452 pw_function: Make members private; style changes 3e66663:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409273 pw_kernel: Add runner for adventure example 1083d62:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410292 pw_clock_tree_mcuxpresso: Add elements for FRO oscillator and dividers 7e3539c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410672 pw_kernel: Remove obsolete adventure design and plan docs 7882c53:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410313 pw_bluetooth_sapphire: Expand Apple no resources workaround to RFCOMM 33023c2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410592 pw_log_fuchsia: Fix file name formatting in logs 0296dea:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/407332 pw_spi: Make Device constructor constexpr 4afa2bf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/410372 pw_protobuf: Check writer limit in nested two pass encoder case 754c304:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/408316 pw_bluetooth_sapphire: Fix duplicate disable in Android LE Advertiser ed49291:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409792 pw_hdlc: Fix implicit conversion warnings bda3b5b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/371292 pw_ide: Docs updates and reorganizations 0b3ba38:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/372356 pw_async2: Add notification channels 788e5b7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/394892 pw_ide: Add tests for Clangd configuration fixes e817185:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/408073 pw_bluetooth_sapphire: Read TX power dynamically in Android LE Advertiser 46acee7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409853 bazel: Roll to Bazel 8.7.0 (LTS) b3e752f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409773 pw_status: Fix implicit conversion warnings 91de9c3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409772 pw_bluetooth: Fix implicit conversion warnings 17680c8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/407992 pw_function: Add lifetime bound attribute to FunctionRef 4a8aa71:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/408212 pw_stream: Delete MpscStream 0429d55:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/404777 pw_bluetooth_sapphire: Check interval and window values are within range 261ab0c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/406353 pw_presubmit: Skill for running pw_presubmit on a commit stack cfa4669:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/408514 pw_presubmit: Support applying fixes for keep_sorted in presubmit 3b767a1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409212 pw_kernel: Ensure stable codegen of interrupt table afaee06:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/373361 pw_console: Open file support df050c5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/407872 pw_tokenizer: Rename ADDR to PW_TOKENIZER_ADDR in Zephyr linker script 25fc6b3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409372 pw_kernel: Remove remaining .into()'s on Err 7b9f344:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409253 pw_bluetooth_sapphire: Fix unaligned uint16_t read on OTA AD bytes a1f16b3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409285 pw_bluetooth_sapphire: Fix undef behavior in DiscoveryFilter::Matches 258b54e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409252 pw_bluetooth_sapphire: Fix UAF in A2dpOffloadManager 7a6032a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/407772 pw_presubmit: --list-steps option for pw_presubmit.v2 f403f99:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/408315 pw_build: Handle gn not being found by error.py 1f2b414:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/407492 pw_presubmit: Enable mypy/pylint in most of Bazel build 03b76a7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/406821 pw_kernel: Add adventure example c9d3bd3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/395452 pw_module: Enable module creation in downstream projects 41c0d6e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/409052 roll: go Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: 86f3575467c77d..5a9a71861c3126 Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8681509119354401505 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: Ifb35123c6403dcc32470243bc7b0faf6f3bc6109 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/411414
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init --recursive $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.