| commit | 6c7e48edc60e5b720c7a8ff81c10eb8c2037ef67 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Sun Aug 10 17:47:48 2025 -0700 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Sun Aug 10 17:47:48 2025 -0700 |
| tree | 55901b22e3cfa8c47d54fa2a8962b234b21439b7 | |
| parent | a7893ac9827b419075b810956a19b2fa37aee2e3 [diff] |
roll: third_party/pigweed/src b9f1c4d..ee0df99 (69 commits) ee0df99:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311852 roll: luci 5d40066:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311544 roll: fuchsia-infra-bazel-rules 975a6fb..cec8688 (39 commits) 18c001d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311543 roll: python-wheel 3165828:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311542 roll: ninja ff39394:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311313 pw_ide: Experimental aspect to generate compile commands 4753acd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311615 pw_string: Move include out of namespace in example 5204bc6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311613 pw_change: Add annotations and other cleanups c5e5fb4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311612 pw_change: Move 'push' from pw_cli bf38099:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/301460 pw_kernel: Object Wait 20baa69:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/308574 pw_uart_mcuxpresso: Deprecate ctor with ClockTree 609e834:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311261 pw_kernel: Add more Send/Sync bounds and safety justifications 4c8f349:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/306495 pw_kernel: Move preempt_disable_count outside the sched lock 9bdf2dc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/306496 pw_kernel: Add AtomicStore and AtomicZero traits 5e37d17:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/301458 pw_kernel: Add Rc types to ForeignBox 4105979:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311534 clang-tidy: Add modernize-use-emplace 2629037:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/308572 pw_stream_uart_mcuxpresso: Deprecate ctor with ClockTree 1223184:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/301457 pw_kernel: Add RandomAccessForeignList 551dcc3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311533 pw_change: Create module and move review tool 8f5ed53:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/308573 pw_i2c_mcuxpresso: Deprecate ctor with ClockTree 0976926:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/309273 pw_clock_tree: Stop using ClockTree in docs, tests, and examples 45b98f0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/308592 pw_clock_tree: Add OptionalElement 1f2575e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/308372 pw_clock_tree: Allow Elements to be Acquired/Released directly dd3c041:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310634 pw_bluetooth: Improve Periodic Advertising emboss definitions bc9c98a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311317 pw_bluetooth_sapphire: Update Fuchsia SDK 878a955:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311472 doxygen: Alphabetically sort the modules index be45472:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/309912 pw_clock_tree: Update Element classes to communicate traits effa0d0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311435 doxygen: Add module alias 4214225:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311393 doxygen: Fix global nav styles e5dffd7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/309152 pw_clock_tree: Remove unused DependentElement::UpdateSource() 0bca04c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311107 docs: Document how to use mypy from Bazel 91cfc6e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311322 doxygen: Link to main site 2b23689:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311320 doxygen: Show only the home and modules tabs 9b9b629:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310072 pw_multibuf: Fix implementation of TruncateTopLayer 6732af3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/309441 pw_multibuf: Add SetTopLayer to v2 969464c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311257 pw_ide: Fix race condition in VS Code test setup f601d65:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311252 doxygen: Update layout 13d5a24:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/247052 pw_allocator: Add GuardedAllocator cd819dd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311256 bazel: Remove direct Abseil dependency 01ab9f9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/309473 bazel: Add mypy support 7fb3720:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311133 .gemini: Clarify boolean request in review prompt d7f3cf4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310993 pw_review: Add --json-path argument e58c82c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311132 python: Update upstream requirements lock fb851fc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/307911 pw_bluetooth_sapphire: Create PeriodicAdvertisingSynchronizer 53b9115:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/311112 pw_review: Add suggested gemini executable a4aea60:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310995 pw_ide: npm audit fix vulnerable packages aeb50b7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310994 doxygen: Align title with main site 5e8f857:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310896 .gemini: Ask for boolean in review prompt 1043464:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/309474 python: mypy fixes fdb4334:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310992 pw_review: Harden JSON parsing e1d3a5e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310895 doxygen: Enable light theme 1bd21aa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310893 pw_review: Add a test for review.py baac171:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310856 pw_review: Add debug output when parsing fails 0bc94e4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310892 pw_review: Extract from pw_cli 23ff7b9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310633 docs: Remove Sense doc redundancy cdb89fa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/308412 pw_bluetooth_sapphire: Support LeSubEventCode in AddLEMetaEventHandler 74a4003:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310292 pw_build: Correct Bazel pylint edge cases 9d0328b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310576 pw_presubmit: Allow any GH issues in TODO check b5497ad:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310252 pw_protobuf: Generate a constexpr array of all enum values d604224:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310580 doxygen: Fix CSS code style inconsistencies 5b53ba8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310772 pw_log_android: Update PW_HANDLE_LOG macro b98a81a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310658 pw_cli: Rename g-review to review 635be30:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310575 pw_cli: Add g-review command for AI code reviews 66bc0bd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310574 doxygen: Update colors 6bac1de:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310656 doxygen: Add Pigweed logo 1269fef:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310573 doxygen: Update fonts 62e93c5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310393 pw_bluetooth_sapphire: Update ISO initialization 494717f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/309434 Reland "docs: Enable Doxylink" 4bdcd99:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310672 doxygen: Prepare for tab style customizations ab6bcf5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/310612 pw_software_update: Correct type annotation Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: b9f1c4d1d046ea..ee0df9974ad347 Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8706876269102481345 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: Idba17eae8b757a41dfedbe8033cac22bd0e4f9bc Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/312032 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init --recursive $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.