| commit | 8fe67067d9f62c06076eee0481735c3eb8a47e7e | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Sun Feb 16 16:48:09 2025 -0800 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Sun Feb 16 16:48:09 2025 -0800 |
| tree | bbb022e14d1162e26e22374b0ff83d00e502e785 | |
| parent | 93cb55b1d6efda68b31981802dffe452fffc7d46 [diff] |
roll: third_party/pigweed/src a9df994..2c9dee1 (87 commits) 2c9dee1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267845 roll: luci f8d76c2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/268295 roll: python-wheel 2dc03a3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/268294 roll: ninja 4500636:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265628 bazel: Remove obsolete noclangtidy tags d29ece7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263512 pw_span: Add span_cast<T> 264303d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/268153 pw_env_setup: Remove gsutil from PATH 416b03b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267933 pw_kernel: Add utility library for declaring registers a4e659b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265252 roll: bazel 8.1.0 92d6b23:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/268052 pw_build: Enable policy if CMP0174 if available 4167b59:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/268132 pw_containers: Add missing include ef8c646:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267872 pw_bluetooth_sapphire: Remove packed definitions 7ee5190:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264638 pw_allocator: Add bucket size reports bfc7d9e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267936 pw_protobuf_compiler: Symlink options to proto root f27dd15:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267972 pw_toolchain: Make NoDestructor trivially destructible when possible 1650a4b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267813 pw_containers: Make size_reports more reusable 7ab1856:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267292 pw_interrupt_freertos: Add pw_interrupt backend for FreeRTOS 0481c3f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267215 pw_ide: Natively process compDBs in VS Code 4b8b525:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267572 pw_bluetooth_sapphire: Wait for LE Pairing in SSP 3fc29bc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264637 pw_allocator: Add size reports for blocks 4fc31df:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266040 pw_bluetooth_sapphire: Handle BR/EDR CTKD in SM after connection 2e41749:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267932 pw_kernel: Make optimized build the default 335316a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267335 pw_build: Add pw_py_importable_runfile d1c3488:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267793 CMake: Set policy to silence warnings; make minimum versions consistent 04fb4db:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262853 pw_log_null: Prevent asserts being routed to pw_log_null e1d73a0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267812 pw_sync: Remove chrono dependency from borrow.h 5f8f25b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264636 pw_allocator: Refactor size reports fb3288a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267033 pw_ide: Detect & configure build system support 4bfb4e5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267514 pw_kernel: Add unittests for new list routines 8335a60:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267513 pw_kernel: Add assert_ne to unittests 9808716:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267336 pw_kernel: Basic context switch for cortex-m and scheduler a8a94ac:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/259657 pw_ide: Read legacy settings files 7cee22f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267792 pw_toolchain: Add linker options for the Cortex-A35 toolchain 057c218:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267772 pw_tokenizer: Remove invalid argument from CMake custom command b568955:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260218 pw_bluetooth_sapphire: Support solicitation uuids in scan filters eec66b2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267614 docs: Add guidance for extending Python imports fe7961c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267512 pw_toolchain: Infinite loop function 551ff04:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267515 pw_bluetooth_proxy: Remove unused includes 32bbaba:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267518 pw_bluetooth_proxy: Test close and reset across all channel types 318a909:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264640 pw_containers: Add size reports 4474c41:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267517 pw_bluetooth_proxy: Support event_fn in GATT channels 8237d75:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267516 pw_bluetooth_proxy: Allow designated init of rfcomm config fields e1e82ce:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267272 pw_bluetooth_sapphire: Fix incoming BR/EDR connection stats 34fafbc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267312 pw_span: Add dependency on pw_assert 0fbebfb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267652 pw_bloat: Provide macros to prevent unwanted optimization 02bf6f4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267613 docs: Break out Python style guide 0da60b1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266593 pw_bluetooth_proxy: Improve multibuf_writer_test naming 544d741:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266993 pw_bluetooth_sapphire: Create StartingEncryption phase in SM d8e5ff1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266592 pw_bluetooth_proxy: Clarify MultiBufWriter::IsComplete() behavior d5e8ce4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265393 pw_bluetooth_proxy: Erase AclConnections on disconnection 9a89696:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267532 Revert "pw_bluetooth_proxy: Create ClientChannel base class" a761cf1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266996 pw_bluetooth_proxy: Create ClientChannel base class c5edf98:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267233 pw_stream_uart_mcuxpresso: Use module constraint 4da3dda:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267216 Revert "pw_bluetooth: Fix rssi values to be signed integers" df4de4b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267333 pw_toolchain: Allow core_intrinsics in stable Rust toolchain b393232:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267332 pw_env_setup: Include hidden packages in check 63fde05:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267232 pw_kernel: Add cheat sheet docs 6aeb739:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266272 pw_bluetooth_sapphire: Wait for BR/EDR pairing to complete in SM 0a223d3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266912 pw_bloat: Add Bazel size report rule for single binary f85f008:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267015 pw_rust: Add --config support to gen_rust_project f5ee80b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267014 pw_toolchain: Adjust stable Rust toolchain to work with gen_rust_project 7892387:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267192 pw_build: Clean up docs headings a3ebd8f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267193 pw_stream_uart_mcuxpresso: Intro module constraint 85ff31d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266973 pw_kernel: Remove strict kernel target compatibility e1e39f1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267034 pw_bluetooth: Add A2DP AAC codec parser d51bce4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266974 pw_bluetooth: Add A2DP SBC parser 9ea3210:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260973 pw_ide: Add VSC end-to-end extension testing cb8a650:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267032 pw_docgen: Fix links to published SEEDs e5ae6ad:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266914 bazel: Run sanitizers with googletest config too f8ca28d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266039 pw_thread_stl: CMake build for thread creation backend 08bb4c4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266992 pw_presubmit: Add cpp formatting support for Bazel 18479f6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266994 pw_rpc: Remove misplaced comment bb018f0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/267012 pw_thread: Handle div by zero in thread analyzer f9a09e0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266894 pw_rpc: Formatting fix 7af59d4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261395 pw_unit_test: Standardize Bazel interface 17a5e76:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260220 pw_bluetooth_sapphire: Move scan_id into LowEnergyDiscoverySession 5b8a5c5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260219 pw_bluetooth_sapphire: Pass offloaded packet filter support down stack a76d73e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/259934 pw_ide: Enable most VSC commands for bootstrap 2368964:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266972 .*: Replace spurious gtest.h includes f27457d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266893 pw_bluetooth_sapphire: clang-tidy fix 72b0188:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264517 pw_log: Switch to PW_CONSTEXPR_TEST to improve coverage c4e6e1f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266133 roll: Clang ce36b90:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266135 pw_bluetooth_sapphire: Remove SecurityManager::AssignLongTermKey 5f5ef63:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/239732 pw_build_mcuxpresso: Generate Bazel/GN rules from github SDK f8b2c52:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266032 pw_bluetooth_sapphire: Fix clang-tidy warning 7ece4db:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266753 roll: cipd ea358b7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266752 roll: go 05e746f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266433 roll: buildifier Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: a9df994246205c..2c9dee1dd3a940 Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8722730740428781281 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I3b1d7d46a07a85a55b64ded4883611df50eb16ec Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/268492 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init --recursive $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.