| commit | 3d10c035c237214d64436ce7b4287bd074a9c57e | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Dec 18 00:43:50 2023 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Dec 18 00:43:50 2023 +0000 |
| tree | 1bb25a9195bfcf9c23afa4da6d2c54622d99e746 | |
| parent | b746182df5d0f94b6e77f78c22ea76c894210b57 [diff] |
[third_party/pigweed/src] Roll 56 commits afcd5733cf2bed9 roll: gn f8c71146b855fd8 docs: Update changelog 5b32d8dc55c9ac1 pw_async2: Fix documentation style 2a2b4ff0002535d pw_transfer: Minor python improvements 78a0fc76e94c7db pw_web: Add tests for Log Source and log handling 50a77aa8bbe1c8e pw_bluetooth_sapphire: Read ISO data buffer info o e45a2d61b86b95a pw_bluetooth_sapphire: LE Read Buffer Size [v2] 19d61d6b37f7ca2 pw_status: Docs tweak cecf66620285a5f pw_env_setup: Run npm install on bootstrap c1906b0d297e337 docs: Remove inaccurate #include statements 00877a4d68cd500 SEED-0001: Add section about SEEDs & code changes 2e5c85c3f8a88ea pw_perf_test: Refactor event handler types 9ea4f88a8b21a90 pw_allocator: Fix metric disabling 752d18a519176d4 pw_bluetooth: Add LE Read Buffer Size [v2] command f47652dfb78c0ad pw_unit_test: Add compatibility in bazel 16e1f60ff2f550f pw_bluetooth_sapphire: Add LE Set Host Feature 6c988bbe3f90a70 pw_rust: Remove excess newline in doc command line 60c1173f7440dff pw_env_setup: Remove "untested" warning f0c03bbd9de36f5 pw_emu: Better handling for startup errors 82c82d97bc6d0e9 pw_ide: Add command to build VSC extension 8ffa93fc685c320 pw_ide: Remove VSIX installation stuff 7c4f734ccdd67ed pw_containers: Fix missing include 00f0e4bc993699d pw_docgen: Update Pigweed Live schedule 05e3cde43ccd253 pw_emu: qemu: Improve the QMP handshake handling 2ebb7e812dbed38 pw_cli: Allow banner to be suppressed b67f836deb188a8 pw_env_setup: Use ARM protoc version on ARM Macs b622405a1fd0ff2 pw_ide: Don't warn on missing extensions.json bf540cfa0a2b886 pw_ide: Alpha-sort the list of targets in VSC 5ae525ae027f91c pw_ide: Auto-run build system command 44b249bd4db94c6 pw_ide: Update VSC Python config 4fe32ffea03645a pw_format: Allow format strings to be composed at 2a615fa34dea3f8 pw_env_setup: Fix typo in error message f4abfe27a93e7c7 pw_async2: Implement initial async API 4070e04116fd0cb pw_system: Support extra logging channel abfc5e9cc407331 SEED-0117: Open for comments c39935d7885b2c5 pw_env_setup: Add flag to disable Rosetta a9d7847a6fa2b77 pw_presubmit: Add LUCI_CONTEXT to ctx a651ad42aaccc40 pw_env_setup: Retrieve armgcc for ARM Macs 67a1b8d9405dd8f pw_env_setup: Change case of armgcc version b1f00967b0ae131 pw_presubmit: Merge some of the "misc" checks 27d106436209174 pw_toolchain_bazel: Fix naming in docs 0abcebab4ca0a87 *: Fix formatting after clang roll b6fd39ebe9191bd pw_ide: Fix condition for Windows platform b7393c0bb202d59 pw_containers: Fix IntrusiveList::Item move assign 8616c571bcec99c pw_ide: Fix for clang installed to project dir 3c8f177961affcb pw_toolchain_bazel: Add misc_files group 765f5ffc6791996 pw_toolchain_bazel: Add automagic toolchain file c 9f11ae9e29963bc pw_console: Disable private attr auto-completion ece72da0c2594b4 roll: clang ed6838928252163 pw_unit_test: Use googletest backend as a dep 869da39148d3373 pw_toolchain_bazel: Add getting started guide 6f73d7b7d9a6716 pw_web: Handle unrequested responses after call_id 48a065102867d7d pw_transfer: Remove small hardcoded timeout in pro f3899e6bb5318a2 docs: Add Bazel code coverage TODO c8c31a063f54a11 python: Remove references to non-existing setup.py aaf149d9e874535 roll: go https://pigweed.googlesource.com/pigweed/pigweed third_party/pigweed/src Rolled-Commits: d365083b1f6176f..afcd5733cf2bed9 Roller-URL: https://ci.chromium.org/b/8761415644820975633 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: Iadd937592ca8f7c3f9b3276ccf23a7f5ff80ae9a Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/185371 Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.