| commit | 88e376e59f67f2af88edeebd8944926c420e85d9 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Sun Mar 23 17:48:01 2025 -0700 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Sun Mar 23 17:48:01 2025 -0700 |
| tree | 89a56c4cbbbc0b8cd989b25fd397a7a1b0ade4f7 | |
| parent | a2feeb7a1f6aa4bf6c790c527388463ca443332e [diff] |
roll: third_party/pigweed/src a02d053..aa22856 (96 commits) aa22856:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/278096 roll: luci d6d2201:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/278112 roll: python-wheel 36064b3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277932 sense: Add missing rp2350 instructions 7da28ca:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277955 pw_bluetooth: Fix bits order in avdtp b47d1ac:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/278034 pw_protobuf_compiler: Nanopb + descriptor.proto 5bd503e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277956 pw_ide: Remove settings file trigger for refresh bfcbc2f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277895 pw_bluetooth_sapphire: Disable advertising via Android vendor extensions b598c98:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277232 pw_intrusive_ptr: Export the recyclable.h header 52c9c54:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277896 pw_bluetooth_sapphire: Fix gap ubsan failures db2c1d7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277592 pw_ide: Unprocessed compDB management c0b3d6a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276072 pw_libc: Provide errno and stdio libc backends d01ddf0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277853 pw_bluetooth_proxy: Test channel not having recombine space bab3948:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277553 pw_bluetooth_proxy: Handle recombine of new channel with old id f9f93dd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/275913 docs: Clarify extern "C" and (void) parameter lists 4207345:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277616 pw_i2c_mcuxpresso: Add ResetAddressing() that executes the i3c RSTDAA 1ea604f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277615 pw_i2c_mcuxpresso: Add Get/SetMaxReadLength i3c common command codes 820c417:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277614 pw_i2c_mcuxpresso: Add static addressing option, dynamic optional 32e290b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277613 pw_i2c_mcuxpresso: Fix mutex and repeated start condition for CCC reads 2d204c8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276794 pw_async2: Add size reports for async2 primitives e6f2293:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277855 pw_ide: Expect bazel projects to also have a BUILD.bazel in root 6a36094:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277854 pw_bloat: Add enable_if argument to GN template 0822879:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277532 pw_ide: Distinguish duplicate targets 1af8e0f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276476 pw_bluetooth_proxy: Handle channel dtor during recombination 0f62a5e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/275693 pw_ide: Use clangd rule from @pigweed directly d932875:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277552 docs: Explain Label in style guide a7a3cbe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/272594 pw_ide: Replace compile command refresh with custom implementation 8e2ae80:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277852 pw_bluetooth_sapphire: Fix l2cap_fuzzer timeout with 1MB input data 24596e9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276935 bazel: Switch to Python 3.12 9b00f1a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/275714 pw_kernel: Add colors and visual cleanups to console output 69aedd9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277792 pw_env_setup: Update watchdog 7fbccd0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277753 pw_toolchain: Provide pw_InfiniteLoop in C++ 62025f5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277493 pw_bluetooth_proxy: Remove connection reuse log 322d5ee:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277354 pw_allocator: Fix implicit conversions 8317acb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277514 pw_kernel: Rename qemu-virt directory to qemu_virt 2eda860:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277355 pw_bloat: Wrap macro label paths with Label() c9a75e8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277012 pw_async2: Avoid transitive includes; remove unused code c14573c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276615 pw_bluetooth_proxy: Clarify and check usage of recombine pdu variables a839dfe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276894 pw_async2: Restructure as typical facade f4acd96:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277352 pw_kernel: Remove use of chipset constraint 99169d1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276614 pw_bluetooth_proxy: Correct label to connection in logs b2745aa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276613 pw_bluetooth_proxy: Move locked l2cap channel to its own file 099968f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276612 pw_bluetooth_proxy: Fix ordering of deps in targets 37f59a3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276593 pw_bluetooth_proxy: Fix extra/missing header includes 29acdc3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276475 pw_bluetooth_proxy: Move Direction enum to common header 8d5564b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276899 pw_bluetooth_proxy: Remove MultiBufWriter 560ea15:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276898 pw_bluetooth_proxy: Update Recombiner to not use MultiBufWriter ad02ea3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276933 pw_bluetooth_proxy: Add tests for recombiner 1090603:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276934 pw_bluetooth_proxy: Correct IFTTT in CmakeLists.txt 24094e8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276574 pw_bluetooth_proxy: Move Recombiner class to its own file 8bc1db5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276474 pw_bluetooth_proxy: Track progress inside Recombiner 6c0f81a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276473 pw_bluetooth_proxy: Separate recombine IsComplete from multibuf read 8f74673:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276573 pw_bluetooth_proxy: Move recombine tracking to its own class b0aecdb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277013 pw_bluetooth_sapphire: Fix PeerFuzzer e68cccd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276994 pw_kernel: Combine cortex-m and riscv unittest_runner 50b3024:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276592 pw_bluetooth_proxy: Add more checks in recombination 8fee4cf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276895 pw_toolchain: Add example of clang-tidy setup 399d669:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276832 pw_{rpc, protobuf}: Fix bash script error b8d0c77:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276893 pw_async2: Move dispatcher_lock() to pw::async2::impl namespace 4e25af0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276753 bazel: Shorten nanopb repo name 382464c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/277132 pw_tokenizer: Enable conversion warnings in Bazel a3d0ae7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276572 pw_bluetooth_proxy: Moved GetLockedChannel to subroutine ac2c854:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276393 pw_bluetooth_proxy: Add TODO to handle not having space for recombine 1bfa6aa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276993 pw_kernel: Combine cortex-m and riscv entry points 775445d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276992 pw_kernel: Refactor targets for consistency 29e6e1e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276494 pw_kernel: Don't tick scheduler before there are tasks to run 64d117c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276493 pw_kernel: Add preempt disabling/rescheduling on WakeQueue::wake_one 7c91661:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276492 pw_kernel: Add current_thread accessors 0f7fc56:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/274972 pw_tokenizer: Correctly detect target os for Rust linker section 43f76d0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276896 bazel: Remove remote caching workaround 1486c7c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/275178 pw_tokenizer: Enable conversion warning as error 53668ea:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276032 pw_kernel: Add RISC-V scaffolding f0e1180:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276932 pw_toolchain: Remove llvm_toolchain_device 99d7c40:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/275177 pw_tokenizer: Fix conversion warnings 82b6374:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276754 bazel: Enable -Wconversion by default 85faf90:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276892 pw_toolchain: Document conversion_warnings feature 0f049d6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276793 pw_toolchain: Add conversion_warnings feature b466e7c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276752 pw_kernel: Allow trailing commas in log_if! API 4c4249c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/275175 pw_elf: Enable conversion warning as error 466384b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276792 pw_toolchain: Remove llvm_toolchain_macos c64aca0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/275174 pw_elf: Fix conversion warnings in reader_impl 1ee626d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276732 build: Add .vscode/ to .bazelignore 892b65c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276453 pw_rpc_transport: Remove unused header 2dba9b7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276733 MODULE.bazel: Tweak qemu reference 5a5a2d7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/270212 pw_bluetooth_sapphire: Set ISO packet sequence number 7bcb789:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276552 pw_bluetooth: Add IsEnabled() API c550290:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/257914 pw_rpc: Add benchmark tools, echo service, and a sim instance 2e233e7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/274914 pw_kernel: Use pw_assert instead of core macros 99a318c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/274913 pw_kernel: Add initial assert API 6f10067:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276472 build: Upgrade bazel qemu prebuilt 3aba99c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276452 docs: Add missing RP2350 tab to Sense factory tutorial 3a2d151:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276374 pw_bluetooth_sapphire: Fix fuzzer timeouts ef8dad6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276392 pw_bluetooth_sapphire: Change MemoryAvailable to MemoryAvailableForSlots 834a3d8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/273813 pw_fuzzer: Fix googletest bazel config 1fbd499:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/274072 pw_bluetooth_sapphire: Handle invalid RSSI in inquiry event 0e3733b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265639 pw_bluetooth_sapphire: Support Controller packet filter offloading 40459ab:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/276372 pw_result: Fix typo in docs Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: a02d053a6f7326..aa2285683111b0 Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8719559839620414049 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I7898dca4918a0360273005990d55511291da2c08 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/278099 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init --recursive $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.