| commit | 4da1a4c3c225196a7861b7331b312025cf7386bc | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Sep 30 00:44:48 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Sep 30 00:44:48 2024 +0000 |
| tree | e37e71d69425a4d945f5b4d57f393913f0f4a0e6 | |
| parent | 4af0512ae99e061ab8319487fa3f70a01114b47b [diff] |
roll: third_party/pigweed/src a5a1995..6ad0bec (72 commits) 6ad0bec:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238772 roll: gn 80ed6d9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238625 roll: ninja 04de174:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238626 roll: 310, 311 d7d1066:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238622 roll: cmake 1acb4f5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238619 roll: host, aarch64-unknown-linux-gnu, x86_64-unknown-linux-gnu, aarch64-apple-darwin, x86_64-apple-darwin, thumbv7m-none-eabi 5d9a1e8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238554 pw_log: Remove unused macro PW_MODULE_LOG_NAME_DEFINED 77f7b45:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238318 bazel: Register C++ toolchains for root only 300cd1c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238513 Revert "pw_log_fuchsia: Add syslog dep to pw_log_fuchsia" 8f18755:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/234312 docs: Add fixed point blog 801fb32:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237972 pw_async2: Refactor Dispatcher to raise top-level API out of CRTP 90d0137:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/216272 bazel: Clean up for-migration-only alias adbc840:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237913 bazel: Update rules_python to v0.36.0 42cff57:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238552 pw_log_fuchsia: Add syslog dep to pw_log_fuchsia d31705b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238533 pw_uart: Move non-blocking methods from Uart to UartBase 14204b5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238532 pw_uart: Add uart_non_blocking_test to GN build 2a0f0df:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236723 pw_thread: Migrate from pw::thread::Thread to pw::Thread a9f2d91:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237915 pw_toolchain: Move fuchsia_clang toolchains to pw_toolchain 6422c9a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238189 pw_presubmit: Have docs_build check rust docs e26be58:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238272 pw_tokenizer: Expose API to define new token entry 30dcf2b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237933 pw_metric: Emit valid JSON from Metric::Dump 9243851:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237993 pw_preprocessor: Expand PW_MACRO_ARG_COUNT to 256 arguments 24e98d0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238291 bazel: Replace remote_default_platform_properties d3b17f3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237414 pw_bluetooth_sapphire: Add TODO for ScopedGlobalLogger 953f4f9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238132 pw_async2: Fix coroutine CMake compilation e81cd5e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237934 docs: Auto-link to Rust API references d124a14:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238171 pw_build: Fix bazel based presubmit running 88e2a70:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237935 pw_presubmit: Download intermediate Rust docs 0ca1822:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238273 pw_bluetooth_sapphire: Fix bt_hci_virtual bind file name 5d7b3d1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238292 pw_containers: Fix Android.bp 7dc3b1b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238092 pw_uart: Add UartBase class b4e7539:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236268 pw_uart: Add ReadAtLeast and ReadExactly methods f946f6a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/210371 pw_uart: Add uart_non_blocking.h API bbd82e3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238252 pw_rpc: Add --no-experimental-editions to protobuf compiler options 1dc9a78:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237953 pw_uart: Add method to set flow control 0e5c336:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237808 bazel: Upgrade bazel clang version to match the GN version f107048:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236796 pw_thread: Introduce pw::Thread and pw::Thread::id 3451332:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238176 bazel: Retry build on remote cache evictions ce337e5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237612 pw_containers: Fix intrusive map docs d647f5e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/238175 bazel: Sort the remote cache flags alphabetically 5c21dc8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237992 pw_bluetooth_sapphire: Document how to run Bazel Fuchsia tests 07636c2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236392 pw_build: Add -O and -g flags to rustflags 1f2a0fe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/234671 pw_build: Add pw_rust_bindgen 819dd2c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237472 pw_containers: Multiple container example cfa4da0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237932 pw_async2: Fix coroutine CMake+Windows compilation bcda51c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237258 pw_bluetooth_proxy: Prevent flakes by zeroing arrays 8c7b094:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237954 roll: bazel a78ddd0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237914 pw_bluetooth_sapphire: Use shared variable for fuchsia_api_level d5e8fff:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237952 pw_toolchain: Fix sysroot data arg for clang-tidy 8b3ecac:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236794 bazel: Specify a cache silo key 340d624:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/230831 pw_bluetooth: New Emboss L2CAP scheme 24baa12:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237712 pw_bluetooth_sapphire: Specify bt-host.cm moniker 783b29c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236233 pw_spi_rp2040: Minor cleanup 846bb7d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/234095 pw_async2: Expand docs with examples 94d2c39:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237394 pw_uart_mcuxpresso: Fix disable bug 5bf0e36:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237412 pw_bluetooth_sapphire: Document clangd configuration ca679a2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236919 pw_uart_mcuxpresso: Simplify configuration struct a4dab0b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/230894 pw_allocator: Store TestHarness::Allocation inline e81f65b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237513 pw_thread_freertos: Fix typo in tags aaa6103:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237592 pw_containers: Fix OOB array access in wrapped_iterator example 49c68b8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237512 pw_async2: Use Waker from Context in OnceSender d95038e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237335 pw_rust: Add rust_tools for static_analysis 751a5ae:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237334 pw_docgen: Include required Python packages 85469bd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/236612 pw_containers: Add examples 1ad38f0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237312 pw_build_info: Fix constant name in documentation 92ab032:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237415 pw_containers: Fix tree rebalancing 4c5e994:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237432 pw_containers: Fix Android.bp for intrusive_list d0e975b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237413 pw_env_setup: Update Windows Python constraints 1f2e4ef:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/235872 pw_presubmit: Add steps to upload Pigweed Python to pypi.org fba0833:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237333 pw_boot: Move main forward declaration out of extern "C" block 736eb4a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237132 bazel: Update Fuchsia SDK to 24.20240923.3.1 f848024:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237332 pw_build: Move constraint/cortex-m to constraints/cortex_m 34ca6b7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/237152 pw_bluetooth_sapphire: Upload bt-hci-virtual CIPD Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: a5a199593f1375..6ad0bec6ba3e92 Roller-URL: https://ci.chromium.org/b/8735414316053816513 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: Ibd5edf5272e24c51d984918d4c75306e92c50a23 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/238695 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.