| commit | 3774590ea99488f6b3b5a49ce289cb1f5c84753e | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Fri Sep 15 21:57:33 2023 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri Sep 15 21:57:33 2023 +0000 |
| tree | 0c2d5a086d59762e7dc59ecf28e80109b79fa7b5 | |
| parent | 3af860f127cdfc069609e2a18c3dc6e51e73e70b [diff] |
[third_party/pigweed/src] Roll 55 commits
2f69ffa69701701 pw_env_setup: Add relative_pigweed_root to pigweed
4b9353ebb5ee7ad pw_chre: Write our own version.cc
ac288ee6cc1b9f7 docs: Add link to in-progress hardware targets
76a563af60437cc pw_async_basic: `release` outside of lock context
4c94ea527a86966 pw_async_basic: Remove unnecessary 5-second wakeup
0a517b7bbfd7cfe pw_toolchain: Add cortex-m33 support to arm_gcc
745aeaf178edc5a third_party/fuchsia: Copybara import
60d698af2232148 pw_polyfill: Increase __GNUC__ for __constinit
eea581a4e8bc4d6 Bazel: Remove bazelembedded dependency
a3d2e831199a6ea Bazel: Move cxxopts out of bazelrc
cbf4b34fe631834 pw_function: Add configurable Allocator default
c13af959bab5cf8 pw_ide: Move VSC extension into npm package dir
9b67bfe7a517681 pw_web: Fix leading white spaces, scrollbar size,
91502177dbf1286 pw_async: Return bool from FakeDispatcher Run*() m
866b77d5f9f2c37 pw_protobuf: Fix "Casting..." heading level
b3aeab8644a7071 third_party/fuchsia: Update patch script and patch
ab45b0af879939b pw_function: Update example to match guidelines fo
fe6f6848f02f4f3 pw_package: Use mirror for zephyrproject-rtos/zeph
058edafab8ef8b4 Bazel: Use the same clang version as in GN
4d5ba83beb9c15b bazel: Add platform-printing aspect
21b27512aa72b95 third_party/fuchsia: Update patch
7ef95e5adb78594 pw_system: Add arm_none_eabi_gcc_support
eb6d39c3e24cfc0 docs: Fix link title for pw_log
31df7bd5cc7955d targets: Fix pico_sdk elf2uf2 on Windows
d2fc5bdf6c65b61 pw_package: Use Pigweed mirror for google/emboss
05acd6452b65a63 pw_rpc: Support custom response messages in Synchr
eb7ded3f1a7c957 SEED-0104: Display Support
ded929be2ec1b5b pw_web: NPM version bump to 0.0.12
de3b1ca6a8cae37 pw_presubmit: Additional functions for handling gn
e0b85213d6493b7 pw_web: Fix column sizing & toggling, update UI
93a418acb4fa8c0 pw_fuzzer: Refactor conditional GN targets
df46ed322724b8a pw_web: Replace Map() with object in proto collect
f210a064bf6d67f pw_chre: Add barebones CHRE
ef447ae6f95cab0 pw_log: Update Android.bp to generate RPC header f
f9b10568994c147 pw_analog: Migrate AnalogInput to Doxygen
0ed9506ccce7c3b pw_presubmit: Include bazel_build in full program
24a9c040ed2218d pw_rpc: Add fuzz tests
177cb2c8c209eeb pw_function: Add Allocator injection
941166245f0def6 pw_env_setup: Roll cipd to 0f08b927516
757048d2f8f3218 pw_{base64,tokenizer}: Add base64 detokenizer hand
8a4325d08343115 pw_bluetooth: Add ReadLocalSupportedCommandsComman
b9c896e42d2b7bb pw_bluetooth: Add LEReadLocalSupportedFeaturesComm
5a0cb51b0ae5236 SEED: Update process document
6dc019b67e3e099 SEED-0109: Make link externally accessible
6815514b563270b pw_bluetooth: Add ReadBufferSizeCommandComplete Em
328d99d5847cb38 Bazel: Arm gcc configuration
a78feb65e112f12 pw_bluetooth: Add ReadBdAddrCommandCompleteEvent E
31939eacd1819de docs: Update changelog
c3e6813bf92479b pw_bluetooth: Add ReadLocalVersionInfoCommandCompl
c8044b9f8bdb045 SEED-0110: Claim SEED number
f9b95a0050cb99c pw_package: Use mirror for raspberrypi/picotool
d17d40c437940d7 pw_work_queue: Migrate API reference to Doxygen
17663e0b05afc4c third_party/fuchsia: Support specifying the Fuchsi
62fe4122773880e third_party/pico_sdk: Fix multicore source filenam
417964a45e2b15a roll: go
https://pigweed.googlesource.com/pigweed/pigweed
third_party/pigweed/src Rolled-Commits: add86809e72c1c6..2f69ffa69701701
Roller-URL: https://ci.chromium.org/b/8769851759608727505
GitWatcher: ignore
CQ-Do-Not-Cancel-Tryjobs: true
Change-Id: I3142ef903231ea9128595097d632a7a4aa530fd4
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/171450
Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.