| commit | 653599315d36d2cf5e11d17aaefc9fef2d574071 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Nov 04 00:46:13 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Nov 04 00:46:13 2024 +0000 |
| tree | ec7866c1347c0193963e9d64a87da2a8f1f0420b | |
| parent | 15fd3e59ada5314832276c72b062186428c365d8 [diff] |
roll: third_party/pigweed/src 6d68ac5..5421a43 (70 commits) 5421a43:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246241 Revert "pw_bluetooth: Delete AttNotifyOverAcl" fe878dc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237259 pw_bluetooth: Delete AttNotifyOverAcl 8fc6081:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244952 pw_bluetooth: Introduce L2CAP signaling packets 5b2c426:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243982 pw_bluetooth_proxy: Add pw_bluetooth_proxy/internal fc6bb14:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246235 docs: Update changelog ef86a47:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246312 pw_bluetooth_sapphire: Remove uses of EventCallbackVariant 19e98dd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246272 pw_rpc: Move proto library targets into root directory 05b1466:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246192 pw_bluetooth_sapphire: Handle ISO Disconnect Events 1dbe221:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246214 Revert "pw_unit_test: Temporarily restore deprecated EXPECT_OK macros" d17b5ac:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246053 pw_spi_linux: Fix read/write-only transfers a751fa9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246112 pw_metric: Add metrics_service.pwpb_options to BUILD.gn 2ef6415:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/246052 pw_spi_linux: Improve tests bd17ed6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245932 pw_channel: Remove WriteToken 5e44b4e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/239214 pw_bluetooth: Add AclDataFrame c3c6188:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/232213 pw_allocator: Streamline Block API a146d41:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245416 pw_unit_test: Temporarily restore deprecated EXPECT_OK macros 4b7733f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242715 pw_tokenizer: Create generic macro for tokenizing enums 6fd4792:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245254 pw_allocator: Make pw::Allocator::as_pmr optional e7623c7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245116 pw_bluetooth_sapphire: Remove assert message in DynamicPacket f6da760:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245753 pw_bytes: Revert moving to whole_static_libs in Android.bp cc438c5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244794 pw_bluetooth_sapphire: Fix errors when targeting 32-bit C++20 368cf8b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236816 pw_protobuf: Fail when a max count is set with an unsupported type 68ae066:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245752 pw_multibuf: Fixup Android.bp f5e8c5f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245472 pw_bluetooth_sapphire: Replace uses of CommandCompleteEventParams 1f2341c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245192 pw_system: Make console support extra hdlc frame handlers cec451d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244612 pw_async2: Add Join combinator 5f2649a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245539 pw_channel: Rename {Write->StageWrite, PendFlush->PendWrite} 9528eac:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245068 pw_async2: Move to macro-based Waker API 7bb3542:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245632 android: Run bpfmt on the tree to fix formatting 9ab6e74:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245132 pw_multibuf: Add FromSpan 9ee6af1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245448 pw_bluetooth_hci: Add Android.bp 3824b3a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245115 docs: Configure docs toolchain to have large flash & ram ff34b8b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244534 docs: Use pw_assert_tokenized in docs toolchain 482df43:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242473 pw_protobuf_compiler: Make oneof callbacks default in Bazel b22815d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243882 pw_*: Use updated pw_protobuf_compiler Bazel rules 9b2dd9c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244557 pw_system: Ensure latest logs are captured in crash snapshot 773331a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244556 pw_multisink: Add UnsafeForEachEntryFromEnd() 0081c28:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245243 pw_tokenizer: Add database py binary 661bf47:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/239035 pw_log: Explicitly pass verbosity to PW_LOG 0dff116:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/241712 pw_bluetooth_sapphire: Implement PrivilegedPeripheral API b901805:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244555 pw_ring_buffer: Add a decrement operator 9e54847:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245253 pw_bluetooth_sapphire: Embossify another packed struct definition 3a9886b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245335 pw_bluetooth_sapphire: Remove ReadLocalExtendedFeaturesReturnParams ceaee67:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245334 pw_bluetooth: Add ReadLocalExtendedFeaturesCommandCompleteEvent 2051716:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245272 pw_protobuf_compiler: GN no oneof callbacks 33cc5e1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245333 pw_bluetooth_sapphire: Remove ReadLocalSupportedFeaturesReturnParams aedeb73:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245332 pw_bluetooth: Add ReadLocalSupportedFeaturesCommandCompleteEvent c11ee6d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/241172 pw_bluetooth_sapphire: Add rx data path from transport => fidl e0be8b2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244992 pw_build: Fix warning message typo afb18a6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/240053 pw_containers: Add IntrusiveSet and IntrusiveMultiSet bde3f80:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243257 pw_containers: Add methods to erase by item 03eff3c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245133 pw_assert: Verify PW_CHECK message arguments in PW_CRASH and comparisons 752146e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244877 pw_async2: Add task implementation section d3e10fa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243892 pw_polyfill: Make PW_CONSTINIT support mandatory b49cd0a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244743 pw_channel: Test stream_channel_test.cc in GN; fix clang-tidy issues 2c0208d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244772 pw_allocator: Properly default initialize arrays b01f05a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244792 pw_assert_tokenized: Rename token variable to avoid shadowing c1c5bda:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245092 third_party/fuchsia: Copybara import bbb4d52:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/245052 pw_async2: Show DoPend() in API reference 59e05fa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/231331 pw_allocator: Add a benchmark test harness ef5f6bf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244793 pw_assert_tokenized: Support pw_assert_HandleFailure 099eb1c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243256 pw_containers: Test more duplicates for multimap 673e56a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244744 pw_assert: Verify PW_CHECK message arguments in the API 8153a8a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244533 pw_bluetooth_sapphire: Use PW_CHECK directly for most asserts 7ddb65a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242640 docs: Fix broken links 93656ec:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243032 pw_env_setup: Remove print_function imports 06d86b5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244932 pw_thread: Export thread_native.h 01d4453:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/240703 docs: Build pw_boot docs with Bazel b40ecc9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244672 pw_toolchain: Add ARM Cortex-M55F GCC toolchain 63ebec1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243999 pw_async2: Update docs Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: 6d68ac5934e136..5421a431f4bdd4 Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8732243404879962321 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I5271251a2d6a4590646b52c14f308ea4f44cc569 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/246532 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.