| commit | 4bfd9d49c1c39e3417bb6934ae98c2031f7b05ae | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Sun Jan 26 16:47:52 2025 -0800 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Sun Jan 26 16:47:52 2025 -0800 |
| tree | cc20f3264bf38c4c88463592c3a5f37da2156e39 | |
| parent | a8865ef9d6ec80ea4560d79b29d4cad1864cdbf2 [diff] |
roll: third_party/pigweed/src ebd6ec4..94476c3 (100 commits) 94476c3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262832 third_party: Remove includes attribute 9f528bc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/211451 bazel: clang-tidy support 9a2b252:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262413 docs: Update changelog 6b0563a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262336 docs: Expand the contributor's guide for the Bazel docgen system 4a4f920:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262714 pw_presubmit: Bind mnemonic and file patterns to formatters 310f262:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/252294 pw_presubmit: Split out formatting summary logic d8a16b2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262192 pw_work_queue: clang-tidy fix 72e3c00:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262652 pw_bluetooth_proxy: Move rx multibuf allocator to L2capChannel 53e94c6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262337 pw_trace_tokenized: Do not depend on line numbers in test 574a7d8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260614 owners: Update several OWNERS files 149e8c7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262513 pw_bluetooth_proxy: Remove non-allocator version of L2capCoc create 14ec5af:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262414 pw_thread: Update Doxygen headers in Bazel build b2441ff:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261612 pw_digital_io_mcuxpresso: Use hardware level interrupts instead of edge 3d1d7ae:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262113 pw_spi: Enable Bazel layering check 1c682f1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262454 pw_bluetooth_proxy: Delete old basic l2cap channel create function a368701:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/252853 pw_cli: Move file finding args 0b17d0a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262112 pw_async: Enable Bazel layering check cf829cd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262073 pw_random: Enable Bazel layering check 90d7d79:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262072 pw_stream: Enable Bazel layering check 7145296:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262512 pw_toolchain_bazel: Finalize deletion 58c2593:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/259652 pw_channel: Remove deprecated Rpc2StdioChannelInit overload aa3dd95:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262432 pw_bluetooth_sapphire: Add LE L2CAP channel request metric 769e458:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261723 pw_{cli,presubmit}: Split out file discovery 1c6be85:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262352 docs: Fix warnings in the Bazel build 7dd135a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261974 pw_bluetooth_sapphire: Support CTKD in TestSecurityManager de6ed33:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261654 pw_tokenizer: Enable layering check f5c777f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262452 pw_thread: Add pw_numeric dependency adbb535:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261973 pw_bluetooth_sapphire: Use local_ltk for BR/EDR CTKD key in SM 405b87a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261737 pw_libc: Ensure host stdio has normal printf functionality 1b8d5de:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/253952 pw_tokenizer: Limit token domains to certain characters 83d2d65:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261722 pw_metric: Build RPC libraries in Soong bc608da:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261794 pw_protobuf: Do not generate SNAKE_CASE enum names in Bazel e9d4e4d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/255065 pw_thread: Generic thread creation 1a98c3d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261733 pw_toolchain: Add toolchain config for Cortex-A35 14cdb61:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260687 pw_tokenizer: Include ELF sections databases in docs f282c15:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260793 pw_digital_io_mcuxpresso: Emulate kBothEdges trigger via level interrupt 1e7179c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261972 pw_build: Upstream build script fix 57c1c31:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261792 pw_async_basic: Remove includes attribute 903fc53:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261719 docs: Update good first issue link c20f1e9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260553 pw_bluetooth_proxy: Add host to controller callback packet sniffing 74fb2fc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/258714 pw_presubmit: Set remote_download_outputs=minimal d702aa2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261718 pw_system: Remove unnecessary dependency b472874:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260832 pw_bluetooth_proxy: Zero h4 buffers before handing them out 1c1616b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261753 pw_async2_epoll: Remove includes, fix layering f1cb7ec:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261693 pw_system: Make config library public in Bazel c998f26:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261736 pw_async2_basic: Remove includes attribute 72565bb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261633 pw_assert_trap: Split assert and check backends af05593:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261653 pw_build: Layering check + pw_linker_script 9f12e8b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261735 pw_assert_tokenized: Split assert and check backends afeddbb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261738 bazel: Propagate pigweed_json flag to exec config 846fbf5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261734 pw_assert_log: Split assert and check backends c040ce6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261752 pw_assert_fuchsia: Split assert and check backends 9d052b2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261432 pw_assert_basic: Remove Bazel "includes" 6a3ae0f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261692 pw_system: Add missing config dependency in Bazel 022187c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261397 pw_assert: Replace "includes" with "strip_include_prefix" ac17ed0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245415 pw_web: Bazel target for bundling TypeScript 241cdba:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261732 pw_toolchain: Update layering check docs 537825f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261413 pw_env_setup: Pin all transitive Python package dependencies 23191f1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261533 pw_bluetooth_sapphire: Update docs to use --config googletest c079d32:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261293 bazel: Enable the layering check by default e61919c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261396 pw_interrupt_cortex_a: Add pw_interrupt backend for A-profile processors eb1926a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260872 pw_cli: Add make_pathspec_relative() 75ef591:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261252 pw_{assert, containers}: Layering check fixes bffbd10:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261394 pw_env_setup: Move general-use pip dependencies to constraint.list 03e6941:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261552 pw_toolchain: Document layering check d8a8942:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261532 pw_toolchain: Update actions for no_canonical_prefixes f44bb9a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261493 roll: fuchsia-infra-bazel-rules adf4938..8717179 (43 commits) 17f1b17:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261492 docs: Silence the Bazel build 4348d6f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261398 bazel: Use --config=googletest in pigweed.json 06aec9a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/259423 pw_bluetooth_sapphire: Support BR/EDR in sm::SecurityManager 8bc7c12:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261092 bazel: Layering check fixes a415024:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260414 docs: Continue GN/Bazel output parity work 1dfe8b7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/251512 SEED-0132: Set status to On Hold 607d153:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261392 pw_presubmit: Add remote_download_outputs kwarg cc3728b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260792 pw_bluetooth_sapphire: Implement completed packets event for ISO 3f7909d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260612 pw_bluetooth_sapphire: Support BR/EDR in SMP Phase1 1f72ae4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261212 pw_bluetooth_sapphire: Remove local assert.h c3d938b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261133 pw_bluetooth_sapphire: Replace BT_PANIC with PW_CRASH 332834f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261132 pw_bluetooth_sapphire: Replace BT_ASSERTs with PW_CHECKs b0ddea4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260753 pw_bluetooth_sapphire: Implement ISO SendData 120f202:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/239719 pw_atomic: Add module for atomic operations e23dc00:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260474 pw_toolchain: Implement layering check feature e54e607:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260262 pw_toolchain: Remove cortex-m33+nofp 2fa4c63:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260752 pw_bluetooth_sapphire: Implement ISO expectations in MockController 3505087:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/256575 pw_env_setup: IFTTT for protobuf versions 2570c9c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260516 pw_build: pw_facade: Don't use textual_hdrs 57dcbc2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260261 pw_libc: Add logf() tests 64aa968:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260833 pw_toolchain: Remove nofp Cortex-M toolchains 0afdf90:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260892 pw_rpc: Revert Java client call ID changes 35a7f79:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260685 pw_build: Add cortex-a35 to the list of arm processor constraints 5b8df66:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260296 pw_allocator: Make array-type UniquePtr default constructor constinit bd709f0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260617 pw_watch: Trigger initial run before attaching watcher 1c90ba1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260260 pw_bluetooth_proxy: Fix crash on rfcomm write due to reusing buffers b358f8e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260652 pw_toolchain: Remove _LIBCPP_HAS_NO_WIDE_CHARACTERS workaround 50b0c11:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260517 pw_numeric: Add Android.bp build file 69614fb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/254024 pw_cli: Add helper for efficiently finding git repo roots 16c4b63:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260532 pw_rpc: Update soong dependencies for java a10c881:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260159 pw_toolchain: Fix lib path f717149:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260616 pw_tokenizer: Apply clang-format findings 2697f22:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/259612 pw_sensor: Convert constant generation to jinja Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: ebd6ec45381c3e..94476c3105ee5a Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8724633273704349681 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I3689322fbb2f743b3548a7b3588ac37510c219b8 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/262892 Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init --recursive $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.