| commit | 1f87c95a432a30716d0db4c8c6a2da27e5151968 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Apr 01 00:44:21 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Apr 01 00:44:21 2024 +0000 |
| tree | 27dc369fe6196a2974f8b15b4a594974d6fc949d | |
| parent | 60e56ac1f3becc5bb8bbeb924fab7ea46f949885 [diff] |
[third_party/pigweed/src] Roll 88 commits
a16cc4c5e5368f0 roll: gn
d7c9aedb4ba94e1 roll: cmake
a63e2f7eb487832 pw_bluetooth: Add more opcodes
314a6228d8b6aa8 pw_bluetooth_sapphire: Fuchsia testing support
16c27d8785cb548 pw_bluetooth_proxy: Move to cpp23::to_underlying
7c532c9bbd08f7d pw_presubmit: Include doxygen html in docs_build
0052b9e092a8ca7 pw_web: NPM version bump to 0.0.17
35632f3b4d7c6f0 pw_build: Add alwayslink option to pw_cc_blob_libr
ce97896f2d3cabe pw_python: Update setup.sh requirements
a2f414de101195b pw_channel: Rename methods to Pend prefix
afef6c3c7de6f5a pw_i2c: Revamp docs
6990ddbb08fdda2 docs: Update references to quickstart/bazel
7f4b2bf4dc94e42 pw_async2_epoll: Epoll-backed async2 dispatcher
006ab828252ebef pw_ide: Support including and/or excluding targets
54365f77ab968de pw_presubmit: Refactor Python Black formatter supp
f3efc84d58d607a pw_presubmit: Refactor Bazel formatter support
7ad13e08167f560 pw_bluetooth: Add example of using to_underlying
d05115caa2f47db pw_build: ProjectBuilder documentation
0ee6ca26f6a11aa pw_presubmit: Refactor GN formatting support
ff16d3745ee4b50 pw_presubmit: Make ToolRunner capture stdout/stder
8531e52bc0e149d pw_emu: Fix a TypeError in TemporaryEmulator
6d2f01d2acec72e pw_module: Add OWNERS file during module creation
f05a8afb95aafdf SEED-0117: Update status to Last Call
a0fec21f46ee751 third_party/fuchsia: Copybara import
3e8bef930da69af nanopb: Fix nanopb_pb2.py generation
6d7b236a2fe4be1 pw_web: Fix logs not appearing in pw_console serve
273fa7962c10e83 pw_bluetooth: Emboss formatting tweak
b8c700540dbb7c0 pw_bluetooth: Add cmake to usage guide
16ca90925a98bdc pw_uart: Create OWNERS
15303ba92faa0dd pw_presubmit: Update buildifier invocation
917b5b7db5b6bba pw_cli: Add pw ffx alias
c00280eb8a57494 pw_minimal_cpp_stdlib: Clarify purpose
539d58908e3f09e *: Delete move constructors of buffer wrappers
6b5626d96ac20ef pw_presubmit: Switch format test data to importlib
c7637f55d0eb00a pw_env_setup: Run npm log viewer setup script afte
bd4160ce44435e4 pw_build: BuildRecipe auto_create_build_dir option
8818da6f3542896 docs: Simplify module creation docs using script
f52852da66260fe pw_build: Defer build directory existence check
80b4c3b3a15729d pw_{digital_io,i2c,spi}_rp2040: Update OWNERS
da90e892074c6b0 pw_{chrono,i2c,spi,sys_io}_rp2040: Update OWNERS
130b688924ea31a pw_bluetooth_proxy: Use emboss OpCode enum
82c19ed1527c398 pw_bluetooth: Add opcode_full field to emboss HCI
b548637dd52cd3c pw_bluetooth: Add enum for opcodes
69d666a1346461d pw_transfer: Make numerous logging adjustments
7fb4c2175d65dfe pw_build_android: Define rule with static libs
12c8670b26f1ec1 pw_bluetooth: Update cmake targets to be consisten
479644ebbce49bf pw_bluetooth: Update build files to be consistent
93558a01ab8e995 pw_uart: Added UART interface
d595cc8bc24ce2e pw_hdlc: Add async router
9bbfe80a2ffff7c pw_{log_basic,sys_io}: Fix Soong definitions
9c33f41cda92196 pw_trace_tokenized: Fix static initialization
3473c9118a43845 pw_log_tokenized: Define as cc_static_library
e0888f672378e3e pw_router: Define as cc_static_library
68e898711ea85b8 pw_toolchain: Define as cc_static_library
df4efa0243b5dba pw_result: Define as cc_static_library
595fd9562a8d905 pw_build_info: Add log function of GNU build ID
6ebdfaf68c2e080 pw_span: Define as cc_static_library
d99ef2cf38ae998 pw_preprocessor: Define as cc_static_library
04fbfa382513335 pw_bluetooth_sapphire: Add emulator start workflow
e9441715b774fc7 pw_polyfill: Define as cc_static_library
5c53b840a4ecd3f pw_rpc_transport: Define as cc_static_library
d6d27ec27a71859 pw_function: Define as cc_static_library
e0abef00c07545a pw_multibuf: Define as cc_static_library
cb32298c56d1b71 pw_log_null: Define as cc_static_library
7cffdd83bfd413c pw_thread: Follow Soong guidance
7682e4abe456481 pw_allocator: Add allocation detail storage to Tra
ebcc8c717f3980d pw_channel: Add loopback channel
72a1d6f484ecbd1 pw_toolchain: Remove unusued source set
16d3c47ab5a6d45 pw_status: Add StatusWithSize::size_or
55b88ef80fc2403 pw_channel: Split open bits for read and write
be2ee681c2c0176 pw_async2: Add PendFuncTask
a9d379800be4ccd pw_allocator: Distinguish between requested, usabl
c59bb69e5e17000 pigweed_bluetooth: protocol.h comments tweak
460176817477441 bazel: Add missing Python deps
6b60968e9f25d23 pw_bluetooth: Add emboss ReadBufferSize v1 event
726eba580483b31 pw_channel: Seek is not async
46d35e297c33fdc pw_hdlc: Fix sitenav
a3591c5b35b18cd pw_toolchain: LLVM compiler-rt builtins
64ac90b74d9e8c7 docs: Generate doxygen html output locally
03aef93f460f15c pw_libc: Include strncpy
fe3fd13e05aaec2 pw_bluetooth: Add emboss contributing section to d
f55c3650f6b2cca pw_presubmit: Skip gn_teensy_build on mac-arm64
59c46d828848519 pw_channel: Set closed bit on FAILED_PRECONDITION
1a0707ec7f1aaf7 pw_channel: Respect sibling closure
ff2cbf8c82c8a69 bazel: Localize remaining backend label flags
8ac329d75f93ded pw_rpc: List dependencies directly
1800d2b0c585e66 pw_allocator: Add Capabilities
952697359bd0857 pw_build_info: Fix Bazel baremetal compatibility
https://pigweed.googlesource.com/pigweed/pigweed
third_party/pigweed/src Rolled-Commits: c6c4a5bbeef2f11..a16cc4c5e5368f0
Roller-URL: https://ci.chromium.org/b/8751902962789829713
GitWatcher: ignore
CQ-Do-Not-Cancel-Tryjobs: true
Change-Id: I565f43487a093a54c19110d17d28beeb357ed01c
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/201270
Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.