| commit | 9f28de3c1e6533aa32bca493192863c6bf124391 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Jul 01 00:44:16 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Jul 01 00:44:16 2024 +0000 |
| tree | fbeef835c0c716bd41b6ea6be58d93ab2357b66b | |
| parent | 3b32e8df77ce27c47e4927b094bcc91c8a45ea4e [diff] |
roll: third_party/pigweed/src 83 commits 0bff625d0768fe8 roll: 310, 311 432cd65dfc1d812 docs: Update changelog 4200619994a4a8d pw_transfer: Don't assert on resource status respo 62da50a4f4cb9b5 pw_async2_epoll: Use unordered_map; silence persis 8b8ad3820dff2e6 pw_sys_io: Remove multiplexer, constraints f588ba91c9de167 pw_unit_test: Fix CMake test runner argument forwa cbd621a85af48c3 pw_digital_io_rp2040: Remove manual tags 93f268c644dd869 pw_system: RunOnce function for work queue functio 11aebdc3411c93b pw_thread: Remove backend multiplexers e12c9358911b3b2 bazel: Add back to CI some building targets d36dcb9fedb7b88 pw_system: Remove IPython from pw_system console d6d285ab73303e4 pw_sys_io_baremetal_stm32f429: Add constraint 544489798d89ed0 pw_bluetooth_proxy: Adjust const for pw::span 5de4f11311a459e pw_system: Organize pw_system:async build targets e6e4e3072a200da third_party/icu: Add Bazel build rules 9dffd008a348f4f pw_bluetooth_proxy: Remove use of <mutex> 7b6c0f6c01c7584 pw_bluetooth_sapphire: Remove unused include 0d8e8401d47fe12 pw_bluetooth_sapphire: Add infrastructure for SCA 14b2e4c65d8b10d pw_bluetooth_sapphire: Use Write instead of Unchec 4c71a9ac34f0607 pw_bluetooth_proxy: Prevent crash in GattNotifyTes bd7063ab2ecc84a pw_bluetooth_sapphire: Remove now unnecessary use 305dfea3e54f7cf pw_bluetooth_sapphire: Expose connection role to l dbf80df17b1f1a5 pw_bluetooth_sapphire: Disambiguate comment a75e7f2f295b7c6 pw_sys_io_stm32cube: Remove target_compatible_with 77630d60f4d98ff pw_bluetooth_sapphire: Fix typo in comment 1a6e58dd3709e38 pw_bluetooth_sapphire: Move LegacyLowEnergyScanner 2dd1d3048799f2f pw_bluetooth_sapphire: Revert "remove now unnecess 07994af5927683a pw_bluetooth_sapphire: Revert "use Write instead o 0db899d70ac249e pw_bluetooth_sapphire: Add spec reference to comme fdaad73494abbb9 pw_ide: Point to compile commands extractor fork 6cac32bea3a284b pw_rust: Static Library Linking f24d35840b04d28 pw_build_mcuxpresso: Fix bug in create_project() e948e9628ef9649 rp2040: Add pw_system_async example 2ef2dcfbc773b8a targets: Remove configGENERATE_RUN_TIME_STATS func 4079fdc8644837e pw_bluetooth_proxy: Process Disconnection_Complete e8d6172f4a0a8e0 pw_bluetooth_proxy: Implement basic ACL credit tra 10c7ed0e358e526 pw_bluetooth: Add NumberOfCompletedPacketsEvent 6cdc8b45342c1d5 pw_bluetooth_proxy: Implement sendGattNotify b71d14d3879a2c3 pw_bluetooth: Add AttNotifyOverAcl to att.emb befcb91b39880a5 pw_system: pw_system:async edf7501f5d03e8f pw_channel: Add Rp2StdioChannel dc6f26bcbd2bda3 freertos: Add failed malloc hook to support lib a8bf99f2bf19e83 pw_hex_dump: Remove pw prefix from log_bytes 2e092bc815ef30c BUILD.bazel: Remove unnecessary @pigweed reference ae4cc140ba3da39 pw_i2c: Handle unaligned buffer reads in register_ 5a8f064e15304d6 pw_channel: Cleanup redundant checks in epoll_chan 1d074293f52947e rp2040: Mark rp2040_binary as a non-executable tar 5dd7c05d4169558 rp2040: Add IFTT to keep the rp2040 transition and 1dbd4a434d58ba8 pw_presubmit: Add check for rp2040_binary transiti 0ea6a01ffea423f rp2040: Add missing backends 73b4c41acc7e8b5 pw_system: Async packet processing component 64f458827b65993 pw_ide: Add option to process comp DBs by path 51ed6ec5209e23c pw_build_android: Enable function dynamic alloc e6cbfd477a8a6b6 third_party/freertos: Fix Bazel build 9090c9b934df87c pw_ide: Add Bazel dependencies wrapper 1b36b649dc618d4 pw_ide: Bazelify e9f11670ffae078 pw_assert: Remove backend multiplexer ef4e6e150fae762 pw_web: Add optional parameters to createLogViewer e3e1a1f8748362e pw_hex_dump: Add LogBytes helper 3d3846b9188822b pw_boot: Remove backend multiplexer 60532cd8bdd59fe pw_sync: Remove multiplexers 630750e177353d5 pw_cpu_exception_cortex_m: rm backend multiplexer f437033232f7e9b bazel: Add clippy to CI d1caa98c216d9f4 pw_build: Add optional working directory arg to Bu 74612309f33820a pw_log: Remove backend multiplexer 5880c31b48ea299 bazel: Encapsulate rp2040 WORKSPACE deps into deps fbb072a3e3d0a9b pw_build_mcuxpresso: Add extra_args to bazel.bazel ba53737947da18f pw_target_runner: Add suggested server command 1ca76fae9309425 rp2040: Unify board selection cmdline args e6665db1a2f466e pw_cli: Add missing modules to Bazel build 1aa0264cdafa992 roll: cipd 8e09a4c6339490c pw_chrono: Add docs metadata 519f0b724d9394c pw_toolchain: Color diagnostics in Bazel 3bf60a7ec0808b4 pw_preprocessor: Add docs metadata 942045675a03c39 pw_malloc: Add docs metadata 853213c54c4eeac pw_watch: Do not watch bazel-* symlinks 91a2499caca5df9 pw_bluetooth: Add PinCodeRequestEvent 24ba5be366a13fe pw_env_setup: Update cffi 2b940fce2f86437 pw_toolchain: Closer align the bazel arm-gcc flags 2e873820d53b814 pw_bluetooth: Add IoCapability enum field 3376fa7390a6906 pw_web: Add Shoelace component flag ca95ef3b6b576da pw_bluetooth: Add ACL & L2CAP B-frame Emboss defin c510c7e8e49153d pw_bluetooth: Add att.emb https://pigweed.googlesource.com/pigweed/pigweed third_party/pigweed/src Rolled-Commits: 7ad2bee3e541072..0bff625d0768fe8 Roller-URL: https://ci.chromium.org/b/8743658639525930433 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I24c503105217104a41e8853438d991c70b36100e Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/219271 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.