| commit | 48940873dc6638f63d8d3c52fe72de5370f13eff | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Sun May 18 17:47:29 2025 -0700 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Sun May 18 17:47:29 2025 -0700 |
| tree | f107d16c14f1f6d498284b3affe4bf0df52c59cf | |
| parent | 8b5894f14fd77885f2901c6f4b81b7e4fe47863a [diff] |
roll: third_party/pigweed/src 4c234ae..43202d4 (84 commits) 43202d4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292622 roll: gn 7e16839:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292619 pw_uart_mcuxpresso: Cancel outstanding requests on deinit e3571f9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292614 roll: luci d62d593:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292470 roll: ninja f6d65f5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292469 roll: fuchsia-infra-bazel-rules 98449cb..4ae41fe (59 commits) 4a2a80f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/270093 pw_package: Add cargo_gnaw package d1a83ab:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260533 pw_rust: Group rust build targets cc499e7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261793 pw_rust: Disable link for rust_bin static_analysis 279e9b6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292259 pw_preprocessor: Do not use gnu_printf for format verification on clang c26e388:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289533 pw_tokenizer: Remove deprecated detokenization functions 40c3432:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/255066 pw_system: Migrate pw_system:async to generic thread creation 6e9873f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291681 pw_kernel: Add PMP support to RISC-V b0417af:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291680 pw_kernel: Add doc target for kernel crate fc68344:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292372 docs: Update changelog note 9e16047:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292256 pw_async2: Enable implicit CTAD warnings 38bf4de:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291257 pw_bluetooth_sapphire: Only create IsoStreamManager if supported e0318cb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292043 pw_unit_test: If SetUp fails skip test body a1e03da:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242152 pw_uuid: Add new UUID module 54b73a2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291973 pw_kernel: Add putc syscall 88088b1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291972 pw_tokenizer: Encode char as varint in rust 7e25bc1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263373 pw_build: Optional Bazel-style sandboxing for CMake 866cbb9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/292037 docs: Update the default_bazel target 440bcbf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289984 third_party/fuchsia: Copybara import 675208e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289193 pw_build: Add runner for Zephyr's twister f9ef56a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291876 pw_kernel: Improve unit test terminal UI 91988cd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289292 pw_kernel: Cortex-M Userspace 6e6b505:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291932 pw_kernel: Clean up unittest crates a41a6ff:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291933 pw_ide: Handle targets that start with @ ebcf95b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291053 pw_kernel: Add privileged thread support 0c7bb7f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291052 pw_kernel: Add enum field support to register macros 199d14d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/286472 pw_bluetooth: Migrate size reports to Bazel c1970dc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/288833 pw_containers: Introduce DynamicQueue, which wraps DynamicDeque 9650a20:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291792 pw_allocator: Fix -Wctad-maybe-unsupported warnings 24f8780:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287715 pw_containers: Introduce DynamicDeque 79ed265:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291358 bazel: Enforce CTAD warning across Pigweed 44fb3b2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287714 pw_containers: Move generic InlineDeque logic to GenericDeque 526fbc8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287393 pw_ide: Revise docs 05f0749:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287295 pw_async2: Add WakerQueue 5ffef4d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290772 pw_ide: Continue even if aquery/cquery fail for some targets 1093edd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291533 pw_ide: Bundle sidebar icon 875cdae:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290886 pw_bluetooth_proxy: Move Write to be a NVI function 599d50f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291072 pw_bluetooth_proxy: Rename send_queue_mutex_ to tx_mutex_ d65cfb7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/255135 pw_i2c_linux: Convert to new i2c initiator message interface 6a34b9b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/286637 pw_i2c_linux: Add pw_i2c_linux_cli command line test client 4a743e6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291355 docs: Skip docs in wildcard builds 0171dbf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290891 pw_bluetooth_sapphire: Calculate Peer::identity_known() e0b9afb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/286636 pw_i2c_linux: Add Android.bp and pw_i2c_linux target a59058e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/286635 pw_i2c: Add pw_i2c target to Android.bp 95e5829:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/284232 pw_i2c: Rework backward compatibility for message interface 8611aa3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291357 pw_toolchain: Add new CTAD warning ba3e462:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291274 pw_build: Update all Pigweed Android.bp to support cmake snapshots 3df6583:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291019 pw_ide: Update .gitignore for files generated by pw_ide extension 1d18412:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291112 pw_ide: Only clean old compile_commands if new ones were generated 4300a84:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290889 pw_ide: Continue with bazel command if compile commands generator fails f9cb673:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291113 pw_env_setup: Remove clang-next package references f50a66c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290887 pw_ide: Parse jsonc vscode settings.json in compile commands generator ef1aaf2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/291054 pw_ide: Sidebar UI text when clangd is working fine f01e6d7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289534 pw_kernel: Refactor target 7392869:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290582 pw_bluetooth_proxy: Remove ProxyHost::SendGattNotify 9852071:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290581 pw_bluetooth_proxy: Subsume WriteToPayloadQueue into WriteLocked c88b795:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290580 pw_bluetooth_proxy: Remove UsesPayloadQueue fa9344b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290579 pw_bluetooth_proxy: Remove l2cap send queue eb2e86f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289518 pw_build: Pass --no-banner on to --watch bd71cff:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289817 pw_bluetooth_proxy: Move gatt channel to using payload queue 0a0649f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290953 pw_containers: Mark test_helpers as testonly d5c8140:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289974 pw_bluetooth_sapphire: Use async::Dispatcher for clock in ISO b8c2438:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289874 pw_bluetooth_sapphire: Add wake leases to IsoStream b092974:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289816 pw_bluetooth_sapphire: Add wake leases to IsoDataChannel 8621a1f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289535 pw_bluetooth_sapphire: ClearControllerPacketCount in IsoStream b571533:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287974 pw_thread_zephyr: Implement thread names 1063c6f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290753 docs: Show all Sense tutorial pages in ToC babe98e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287298 docs: Add info on rerunning and bisection 285091b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/286592 pw_tokenizer: Forbid %.*s in format strings bb8ce61:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287132 pw_minimal_cpp_stdlib: Implement string_view::find() 3fe6ddb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290712 pw_system: Add missing GN dep for pw_log_tokenizer/handler.h c804735:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290632 pw_string: Move hex.h from pw_bluetooth/internal to pw_string 935fd39:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290553 zephyr: Fix redundant kconfig dependencies for sync 88ceddf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/287975 pw_containers: Make InlineDeque tests shareable with other containers 1adb3ee:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289986 pw_log: C++ aliases for PW_LOG_TOKEN_TYPE and its default value a69ca53:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289987 pw_tokenizer: Optional domain arg in tokenization macros 9faf3ae:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289985 pw_allocator: Wrap all non-test assertions in hardening conditions d99edbe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289872 pw_protobuf: Fix undefined behavior from pw::Function cast ae4e9e6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/289992 pw_transfer: Add tests for verifying stream shutdown 9d91673:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/290392 roll: go Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: 4c234aea10192a..43202d41d49cdb Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8714486416649641121 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: Ib9b0d5c7e34af03d52ed2af2c55c307e4e3a316a Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/292658 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init --recursive $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.