| commit | a55f214d1b91a056af99cf62b0d6621a2c0e24ea | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Sep 02 00:44:47 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Sep 02 00:44:47 2024 +0000 |
| tree | 069c2e8f7b84325915f3207e4aeae1d289f1b0d8 | |
| parent | 4144e0cc9aa06795b6fd5ed0e1eddd023a33581f [diff] |
roll: third_party/pigweed/src 132 commits 8512b20c7f93492 roll: ninja 77d7e1bd03b006d roll: python-wheel 6d7e370608feb19 roll: fuchsia_infra 10 commits 15ebf243605e7ac roll: cmake a271a3881ffa966 roll: rust 60a6b4dfb9e60e0 pw_bluetooth_sapphire: Emboss LEReadSupportedState 4df6f289fe3c1a0 pw_bluetooth_sapphire: Embossify ReadPageScanActiv 7286a9d4c200a46 pw_bluetooth_sapphire: Embossify ReadSimplePairing 2a2c2ad3be8241c pw_bluetooth_sapphire: Embossify ReadPageScanTypeR aeecd225558b918 pw_bluetooth_sapphire: Remove ReadInquiryScanTypeR 904184e5b1590ca pw_bluetooth_sapphire: Embossify ReadLocalNameRetu 99acb268bf50ca0 bazel: Update to an unreleased version faa7a78eab6a6c8 pw_bluetooth_sapphire: Allow LE remote feature int 107eecb0b87c664 pw_bluetooth_sapphire: Add flag to enable/disable 8bb808922dc58b5 pw_sensor: Add supported bus 38c6f7ca2ecdb4c pw_bluetooth_sapphire: Move inspect_testing under 03ed76e33aa5c5b pw_bluetooth_sapphire: Add random & async tests to 8db14c55863eed5 bazel: Enable ResultStore 25bb1a383ded8da pw_bluetooth_sapphire: Use Fuchsia API level 23 f8775ef1491d4a2 pw_rpc: Provide examples of raw methods in docs 1d56596636fd46b pw_async2: Add TimeProvider f35a192883013ad pw_bluetooth_proxy: Log why GATT send is unavailab 6829156f7dcf15b pw_bluetooth_sapphire: Fuchsia test outputs in CQ 3e2889942fadf1c pw_rpc: Relocate RPC classes from pw_hdlc 4d14bbfc72409cb pw_bluetooth_sapphire: Add fuchsia/lib/fidl d5f2d5a71ed4d7b bazel: Update Fuchsia SDK to 23.20240829.4.1 fe1758863affc08 pw_bluetooth_sapphire: Reland "Integrate LegacyPai 7dabba55efacd17 SEED-0130: Claim SEED number 53ac368e11c184e roll: fuchsia_infra 11 commits c2e153b1545725d pw_bluetooth_sapphire: Embossify CreateConnectionC 8529eebd92048a9 pw_bluetooth_sapphire: Remove LEReadRemoteFeatures 8ddf630e9e13189 pw_bluetooth_sapphire: Set Pairing Delegate via Pa 6b75bf4fcca6768 pw_bluetooth_sapphire: Remove unused packed struct f81665632dda872 pw_bluetooth_sapphire: Use EmbossEventPackets when 38018b963926680 pw_bluetooth_sapphire: Clean up EmbossEventPacket: 43c30e75a143011 Revert "pw_containers: Warn about unsafe Vector us a3a5a3421efd155 pw_bluetooth_sapphire: Use select() for Fuchsia-on 102a0f6737990f7 pw_bluetooth_sapphire: Convert hci_spec opcode use 56257a2e0ec93ac pw_bluetooth_sapphire: Add emboss defs for more HC 95d9586026ee8f6 pw_bluetooth_sapphire: Migrate ReadLocalSupportedC 6338bfb4bdf1a3b pw_bluetooth_sapphire: Implement PIN Code Requests d0a90cd215d657f pw_bluetooth_sapphire: Add remaining host tests to a99f4b80ec6778d pw_bluetooth_sapphire: Apply common bt-host copts d62f6ce485bf527 bazel: Check in MODULE.bazel.lock 85510806f4e58b2 roll: fuchsia_infra 60 commits 575b81a55121d2e pw_build: Use textual_hdrs in pw_facade macro 1a353ae568b0e0d pw_bluetooth_sapphire: Define common bt-host copts e5058d9016b673e pw_bluetooth_proxy: De-shadow variable names f2e01c46adf2e2a probe_rs: Move to bzlmod dependency afe9da3bbe009cc pw_bluetooth_sapphire: Configure Fuchsia backends 50a2a2f6461cff7 pw_bluetooth_sapphire: Copy InspectTesting library b5abb1f916e26b2 pw_thread: Work around C++17 aggregate initializat 2a34a2865e92cf7 pw_sync: [[nodiscard]] for try_lock() and similar 8d8bb25577cd054 pw_thread: Move pw::thread::Options to its own hea 6a1e5d03f11770f pw_async_fuchsia: Create pw_async Fuchsia backend c5e79ca4d3a3991 pw_spi_mcuxpresso: Add check_fifo_error to respond 83af8ae71faec85 pw_random_fuchsia: Create Fuchsia backend for pw_r 9e609d2624fd778 rp2350: Fix architecture in crash snapshot 70bff1c70495048 pw_system: Support ARM Cortex M55 system 3dc3f1a30be774a pw_log_fuchsia: Create pw_log Fuchsia backend 871fd5feae66b1f pw_containers: Add missing dependency 8fa1385bbd2cacb pw_bluetooth_sapphire: --config=fuchsia backends fe1f42f752f6a84 pw_digital_io_mcuxpresso: Enable gpio clock even w b88316bf9c3b39d pw_ide: Remove some outdated VSC settings fdeee8ed967b5f1 pw_ide: Prioritize upstream settings 70e52aedd0f5e18 bazel: Update rules_go 2ceef954be948df bazel: Update Fuchsia SDK to 23.20240826.3.1 16e6c7a906f3d8d pw_build: Specify -Wshadow-all for Clang c6e858e6049da1f pw_bluetooth_sapphire: Disable -Wshadow-all a7e3e716c1bab31 pw_multibuf: Cast std::distance() to size_t to avo 005ddffe18732af pw_build: Introduce config for enabling -Wshadow-a dfc2231c5e45b09 docs: Add shortlink for Pigweed Live notes e41b65bb2813c26 pw_log_zephyr: Make shell printf macros safe for u aa6edfa23113a13 pw_toolchain: Add ARM Cortex-M55 toolchain 1f34bffa5c5c2b1 docs: Update changelog 679c11a0d545cd7 pw_bluetooth_sapphire: Convert advertising return 63ff91ddb27180e pw_bluetooth_sapphire: Migrate ReadBdAddr event to 4ca35072d847b34 pw_bluetooth_sapphire: Migrate ReadBufferSize even 5335b95f6876989 pw_bluetooth_sapphire: Migrate LEReadLocalSupporte 7176f39c2acab3f pw_bluetooth_sapphire: Use packet header definitio eb5d242d1f48c4a pw_bluetooth_sapphire: Migrate ReadLocalVersionInf 1428e788b1c741c docs: Update changelog c82a1f3f74f1ae2 fuchsia_sdk: Exclude targets from non-linux builds b0b9007d6792dae pw_bluetooth_sapphire: Remove CommandPacket defini e830f7dc8049c8e pw_bluetooth_sapphire: Migrate SimplePairingComple cdd0561a19e7839 pw_bluetooth_sapphire: Handle flexible array warni c8ee64266138999 pw_assert_fuchsia: Create pw_assert Fuchsia backen 386ab033ceacc43 pw_bluetooth_sapphire: Handle zero length warning c5e7f145a147f3a pw_bluetooth_sapphire: Handle C99 warning with pig db3e878470602e3 pw_bluetooth_sapphire: Handle C99 warning with pig 0e348aed80df0b0 pw_bluetooth_sapphire: Migrate UserPasskeyNotifica ad5c105616f9561 pw_bluetooth_sapphire: Migrate UserPasskeyRequestE 42d905b44b4b135 pw_bluetooth_sapphire: Migrate UserConfirmationReq 1d56224b392e716 pw_bluetooth_sapphire: Convert kNumberOfCompletedP 769ce8f0a929c13 pw_bluetooth_sapphire: Setup ISO Data Path 9a6adf1bd99e918 pw_bluetooth_sapphire: Handle C99 warning with pig 5152d11f2f034a6 pw_bluetooth_sapphire: Add a polyfill for PW_MODIF cdb7075fb6a3a2a pw_bluetooth_sapphire: Handle switch warning with 01ecbd2c1cd5344 rp2040: Reset tty flags after successful flash on 06e763c089d0171 pw_cpu_exception_cortex_m: Fix cpu exception handl 9175df7b56d3ca3 pw_rpc: Avoid recompiling protos for every test a75b71635be01bd pw_preprocessor: Test GCC/Clang diagnostic modific 80c7c7400725ca1 third_party/fuchsia: Update patch to ignore warnin 6a840f0854d5e26 third_party/fuchsia: Copybara import ea78a58ca4be0b7 pw_preprocessor: Introduce PW_MODIFY_DIAGNOSTIC_CL a759e7d95fdfbc9 pw_thread: Disable test_thread_context_facade_test b816ed566711b10 docs/style: Require unit tests to be in unnamed na 972e2d48d807a8e pw_stream: Disable mpsc_stream_test for Pi Pico 1706947f4ea6dda pw_allocator: Disable example spin_lock test on RP 13c51dabf7c511a pw_bluetooth: Create more emboss event definitions 674e839b7f0eda3 pw_grpc: Improve logging when receiving unknown RP 234632dd4e30bd4 pw_build: Add mod proc_macro to rust macro targets d0655bf838d543c pw_build: Remove output_name attr in rust_library e224cccef53d512 pw_ide: Fix .pw_ide.yaml paths 3c6179191f9d90d pw_rpc: Fix typing in unaryWait return value in TS 917de4a88da5427 pw_i2c_rp2040: Include label in clock_frequency 6b35efa2be88764 pw_transfer: Add return values to handler registra 821e313b4756e1d pw_grpc: Skip HTTP2 frame payload for frames that 7e7c141c8808200 pw_multibuf: Restructure ChunkIterable 03da4a376d12ab8 pw_multibuf: Comment updates for consistency e561764ec80e0aa docs: Add structured data to Kudzu blog post 284648a91114364 pw_env_setup: Get bazelisk instead of bazel f788ed49a5f897b pw_rpc: Create PacketByteFactory 306aa50b06a449e docs: Fix Pigweed Live CTA link 00582ec63415b4e pw_rpc: Add stop method to Watchdog fbf120d36a5b40e pw_rpc: Limit maximum stored responses in Typescri 0b21c84c3885132 pw_rpc: Add missing Bazel test rules 8b659f084332066 pw_trace_tokenized: Fix TokenizedTracer initializa 829519bf2ac05a2 pw_rpc: Restore RpcIds for testing; move packet en 269b6003b233ac0 roll: fuchsia_infra: [roll] Roll fuchsia-infra-baz 028223522a47b66 roll: fuchsia_infra 54 commits 64d649d769ff037 roll: go https://pigweed.googlesource.com/pigweed/pigweed third_party/pigweed/src Rolled-Commits: 75c1501bcf4bbb4..8512b20c7f93492 Roller-URL: https://ci.chromium.org/b/8737951028958606961 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: Iea6f7b3f5eb36a9dcd3539bc7597da789b9379c1 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/233064 Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com> Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.