Google Git
Sign in
pigweed / open-dice / HEAD
commite590a7356592d5eac14f3cc22290b78364576cb7[log] [tgz]
authorpigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>Sun Oct 26 17:48:29 2025 -0700
committerCQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>Sun Oct 26 17:48:29 2025 -0700
tree6eae6f992b3189e18a08071038eebb20592ff950
parent592c37e1aa33211c8bfa180ba2f2a5307734acf3 [diff]
roll: third_party/pigweed/src dfefd0c..449c1c7 (65 commits)

449c1c7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/338192 roll: luci
64584b9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/338112 roll: fuchsia-infra-bazel-rules fd27f0a..b0cec91 (56 commits)
8649b39:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/337612 pw_build: Fix ZEPHYR_BASE environment variable lookup
49c68f6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336236 bazel: Tag deprecated targets with "manual"
77ed97d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/337193 pw_bluetooth_proxy: Remove AclDataChannel dep on L2capChannelManager
69c0870:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/337156 pw_kernel: Codegen the interrupt table
5fe2a04:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336932 pw_bluetooth_proxy: Read BR/EDR ACL data packet length
be1fb75:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336972 pw_clock_tree: Add underflow check to Element::DecRef()
971b2e4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336352 pw_bluetooth_proxy: Squash SingleChannelProxy into ChannelProxy
70010fe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335694 pw_bluetooth_proxy: Move Recombiner to L2capLogicalLink
747b50b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/328192 pw_async2: Build a cc_blob_library for the webui resources
e769abd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336179 docs: Be clearer that //targets/rp2040 is also for the rp2350
fd70946:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/332512 pw_bluetooth_proxy: Create L2capLogicalLink
a29a8cf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/333294 pw_async2: Initial futures documentation
472c7f7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335555 pw_system: Make blatant that SystemStart() clobbers the stack
994ebf4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336159 pw_grpc: Add send error callback to SendQueue
e146bd7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336913 pw_package: Add tags around where Zephyr rolls
91e32b4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336177 pw_kernel: Add userspace uart driver and test
f72d5f3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336354 pw_kernel: Fix warnings on apps with no kernel objects
50afacb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336353 targets/host_device_simulator: Declare platform
5e4acbe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/333054 pw_build: Purge artifact globs before running
545f1fe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336176 pw_kernel: Add memory mapping support to system manifests
585fa2c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336175 pw_kernel: Add error if app is not decalred in system manifest
fec845f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336155 pw_kernel: Move 16550 uart registers into a separate crate
51706e4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/333692 pw_trace_tokenized: Add protos_raw_rpc
3d67e5c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/334734 pw_metric: Add metrics_to_dict()
a2d4a31:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/334733 pw_metric: Allow ParsedMetric to be frozen
f48c0bb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/334732 pw_metric: Improve dict normalization in metric_parser
cd88097:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/334432 pw_snapshot: Add metrics field to Snapshot message
5095057:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/334492 pw_bluetooth_sapphire: Add batch scanning support to FakeController
0175d49:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336160 pw_thread: Synchronize LazyInitThreadChecker with atomic
78692a0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336178 pw_grpc: Refactor data frame handling into own class
2a4c5a6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336233 pw_grpc: Remove deprecated multibuf constructor
d7751d2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336192 pw_grpc: Allow running test against existing server
9ed4d38:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336133 pw_grpc: Allow sending reponses with empty payload
acf4824:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336153 pw_grpc: Remove use of multibuf v1
ea111b6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336053 pw_grpc: Require send allocator for Connection
940b063:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/333172 pw_grpc: Add pw::Allocator to connection and send queue
541d04e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336033 pw_async2: Future void specializations
69cd4bc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336174 bazel: Enable --check_direct_dependencies
df64964:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336052 pw_grpc: Remove Connection constructor that takes unused SendQueue
a7ba8c3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/332857 pw_containers: Queue class that wraps Deque
2571dbd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/330075 pw_kernel: Switch to a priority scheduler
95d9c7e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336173 targets/lm3s6965evb_qemu: Add test timeout
baea39d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336232 pw_bluetooth_proxy: Remove warning log on full queue
19cc0d4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/333713 pw_containers: Size reports for Deque / FixedDeque
6a93fbd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/332856 pw_containers: New Deque and FixedDeque classes
3784afc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/332513 pw_transfer: Wait for handler registration to complete
781bb0d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335693 pw_ide: Add nop performance regression test
783059f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336172 bazel: Roll Pico SDK
8e1d5fd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336134 pw_ide: Increase VSCode test timeout to 6 minutes
43b338d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336132 pw_kernel: Use u64 to represent addresses in system_generator
8de330f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/332412 pw_build: Export artifacts
d62d9a0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/336032 pw_grpc: Move SendQueue to be owned by Connection
113773d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/330274 pw_build: Remove '--dump-build-requests'
8d47bd6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/316736 pw_trace_tokenized: Use InlineVarLenEntryQueue for trace buffer
1ed659f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335554 pw_containers: Make lib vendor_available
c224be2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/327252 pw_async2: Experimental asynchronous channel
0bdcab6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335692 pw_ide: Fix performance regression in aspect
2c341db:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335553 pw_ide: Release v1.9.12
68b1211:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/334413 pw_bytes: Use pw_containers_headers lib in Android.bp
8ded951:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/333552 pw_presubmit: Expose default pigweed formatters
45cdb0e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/334412 pw_containers: Update Android.bp
c19046b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335412 roll: go
8023bf9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/335334 roll: zephyr

Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed
Rolled-Commits: dfefd0c6cbae90..449c1c74950083
Roll-Count: 1
Roller-URL: https://cr-buildbucket.appspot.com/build/8699900305147404769
GitWatcher: ignore
CQ-Do-Not-Cancel-Tryjobs: true
Change-Id: I8e67e75c94dd2b783046b0dbade86dfa167da3ed
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/338392
Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
1 file changed
tree: 6eae6f992b3189e18a08071038eebb20592ff950
  1. build_overrides/
  2. docs/
  3. dpe-rs/
  4. images/
  5. include/
  6. src/
  7. third_party/
  8. toolchains/
  9. tools/
  10. activate.shbootstrap.sh
  11. .clang-format
  12. .gitignore
  13. .gitmodules
  14. .gn
  15. banner.txt
  16. bootstrap.sh
  17. BUILD.gn
  18. BUILDCONFIG.gn
  19. generate_test_values.py
  20. LICENSE
  21. navbar.md
  22. OWNERS
  23. pigweed.json
  24. pyproject.toml
  25. README.md
  26. run_fuzzer.sh
  27. rustfmt.toml
README.md

Open Profile for DICE

This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:

  • Separate CDIs for attestation and sealing use cases
  • Categorized inputs, including values related to verified boot
  • Certified UDS values
  • X.509 or CBOR certificates

Mailing List

You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.

Specification

The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.

Code

Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.

Tests are included for all code and the build files in this repository can be used to build and run these tests.

Disclaimer: This is not an officially supported Google product.

Thirdparty Dependencies

Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.

Building and Running Tests

Quick setup

To setup the build environment the first time:

$ git submodule update --init --recursive
$ source bootstrap.sh
$ gn gen out

To build and run tests:

$ ninja -C out

More details

The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.

There are two scripts to help set this up:

  • bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.

  • activate.sh quickly reactivates an environment that has been previously bootstrapped.

These scripts must be sourced into the current session: source activate.sh.

In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.

This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.

Porting

The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.

Style

The Google C++ Style Guide is used. A .clang-format file is provided for convenience.

Incorporating

To incorporate the code into another project, there are a few options:

  • Copy only the necessary code. For example:

    1. Take the main code as is: include/dice/dice.h, src/dice.c

    2. Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.

  • Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.

  • Integrate into a project already using Pigweed using the gn build files provided.

Size Reports

The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:

  • Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.

  • Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.

The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.

Thread Safety

This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.

Clearing Sensitive Data

This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.

  • The caller of this code is responsible for buffers they own (of course).
  • The ops implementations need to clear any copies they make of sensitive data. Both boringssl and mbedtls attempt to zeroize but this may need additional care to integrate correctly. For example, boringssl skips optimization prevention when OPENSSL_NO_ASM is defined (and it is currently defined).
  • Sensitive data may remain in cache.
  • Sensitive data may have been swapped out.
  • Sensitive data may be included in a crash dump.