| commit | 19bf55da8052c835fde635d3fa1a5abce1a7500e | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Thu Aug 08 18:55:20 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Thu Aug 08 18:55:20 2024 +0000 |
| tree | 10eb4f8edf6c5ef8e67f2801730b8cf41dda62ed | |
| parent | c7734201b4c4ed136636acd8f319d0ac189f22b2 [diff] |
roll: third_party/pigweed/src 49 commits eea6ca0838babaf targets/rp2040: Get Pico SDK and Picotool from BCR 146fd4b5c55fb45 pw_channel: Ensure that stream_channel_test resour 95395dad3ef8a4b pw_bluetooth: Make SupportedCommands emboss struct a861301071402fa *: Add support for RP2350 074be2078ffb0f6 docs: Launch Sense 04109d522e8b54b pw_toolchain: Clang support for Arm Cortex-M33 1d487225d2e5fc6 pw_ide: VSC extension 1.3.2 release 10d538fee6ed808 docs: Start Sense tutorial 28d16ef6f95b032 pw_ide: Show progress bar on manual refreshes fcb5ead44b10d2c pw_ide: Detect manual target change in settings a5271e92732267f third_party/icu: Remove ICU 2dd66edd629aee6 pw_web: Add resize handler to message col e004f5f292dd9d6 pw_allocator: Fix bucketed block corruption e6af48396fd8c94 pw_bluetooth_sapphire: Handle switch warning with 17a6be9e3c21fcb pw_bluetooth_sapphire: Handle switch warning with 9e1ed90cd304c1b pw_bluetooth_sapphire: Handle switch warning with d3dbe8c29f5acf9 pw_bluetooth_sapphire: Write Variable PIN Type for 5142577e6a89912 pw_bluetooth_sapphire: Add LegacyPairingState to B 4034273a4c9ddf0 pw_ide: Much faster VSC config parsing 371a125afe2dc53 pw_bluetooth_sapphire: Create and implement Legacy 5ca0a3f3a693b30 pw_bluetooth_sapphire: Handle switch warning with 21f40da8f7fe589 pw_bluetooth_sapphire: Handle switch warning with a17ba9be3dd7e58 pw_bluetooth_sapphire: Translate information & add 928309502f9c164 pw_bluetooth_sapphire: Return registered services 7f18f4dd14532a9 pw_bluetooth_sapphire: Handle switch enum warning 80c3d59adc51dbd pw_bluetooth_sapphire: Handle switch warning with 6f38831725f063e pw_bluetooth_sapphire: Fix shadow variable warning 038f1d423f7ed15 pw_bluetooth_sapphire: Add panic to EventTypeToStr c8044357419a608 bazel: Get picotool from the BCR b83d27482bb6ccf pw_bluetooth_sapphire: Switch over to pw::utf8 0fe4fa324363134 pw_bluetooth_sapphire: Remove unnecessary cast qua 700cfaf609aa933 pw_bluetooth_sapphire: Fix statement expression ex 59eb77108667b32 pw_bluetooth_sapphire: Fix variadic macro warnings c5a66b2e447524f pw_bluetooth: Improve ergonomics of emboss Support 37c87bbae3753e7 pw_digital_io: Add Mock 8436580deec2312 pw_bluetooth: Add more emboss definitions c35cab2ac55f837 pw_status: In Bazel, make Status nodiscard 45d1e293f8db895 pw_bluetooth_sapphire: Add SetupDataPath FIDL hand aa2426da2f136c1 pw_bluetooth_sapphire: Create abstract base for Is bdf853eca30b118 pw_bluetooth_sapphire: Remove CommandPacketVariant ce0eb6a18507ec7 pw_bluetooth_sapphire: Use emboss for setting ACL 07bd91b3e78758c pw_bluetooth_sapphire: Add test for A2DP offloadin 07b19f4910c83a0 pw_bluetooth_sapphire: Explicitly move WeakRef in f0f84d71007b792 pw_bluetooth_sapphire: Clean up some type sizes 8aa67d2d1c0c82b pw_bluetooth_sapphire: Use emboss for LELongTermKe d75af95f4e045d8 pw_digital_io_rp2040: Don't discard status returns 6cd58e15a9a5c86 pw_system: Separate host and device console log le 38133403fcbccb0 pw_hex_dump: Add rule for pw_hex_dump/log_bytes.h b780dd700cfaf17 pw_toolchain: Register Cortex-M7 toolchain https://pigweed.googlesource.com/pigweed/pigweed third_party/pigweed/src Rolled-Commits: 71c4c844f102502..eea6ca0838babaf Roller-URL: https://ci.chromium.org/b/8740147357107892177 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I48e71dd7dcdad13309d2cbb605bf78e92abc210f Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/228366 Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com> Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.