| commit | b87ba8ff0aaf159968676560d4e95cd3711b9530 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Dec 04 00:43:43 2023 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Dec 04 00:43:43 2023 +0000 |
| tree | 9b45affaf7e99e1c4a110246e35e650ac4cc4497 | |
| parent | 11e2ffb04000b77904d540f903a09f2b2f12fffb [diff] |
[third_party/pigweed/src] Roll 86 commits e35aa3aecf78ae4 roll: host_tools 60da3b323e72963 roll: gn 800cdbd54315e7b roll: clang b45f5b2a1750304 roll: cmake 01ae77c8d7f83c9 docs: Update changelog 606dc2cbba077ca pw_bluetooth_sapphire: Fix BrEdrConnectionManager. 221dcf75c6bdc62 pw_toolchain_bazel: Remove deprecated API 19b92c9ee4d2e8d pw_toolchain: Move ARM toolchain to new API 3a6100c4adbd726 pw_toolchain: Use action configs from LLVM tool re cbf2cf4378b063b pw_string: Add missing include 09fa64e6948beb2 pw_presubmit: Automatically compute trim_prefix 581056821fdab2f pw_alignment: Follow the new docs guidelines 54f1045f7e197ac pw_toolchain_bazel: Rename build file templates pa 46b27ea29968182 pw_transfer: Update integration test documentation 410973b058ad4b9 pw_toolchain_bazel: Rename build file templates pa dd123c8a613483f pw_log: Add initial Rust API 0dadd2e68996d7a pw_tokenizer: Move entry header to a separate stru 2c0b7c88b3daa6d pw_tokenizer: Catch accidental use of test macro a071b2bf63eddec pw_bluetooth_sapphire: Use pw_test_group for fuzze a40f262a595caff bazel: Add simple module configuration mechanism 5e64e119af0a5d7 pw_toolchain: Add Bazel toolchain registration hel 6f8d8b1cedcd376 pw_bluetooth_sapphire: Use pw_fuzzer_group e002e507dd1b9d4 pw_multibuf: Remove unused GN dep 4d128fea5db2a9e bazel: Tidy up WORKSPACE c6a478ddc4d8374 pw_bluetooth_sapphire: Add sales pitch & roadmap d 583b47ec7ced635 pw_presubmit: Allow full issues.pigweed.dev urls i 4dc48c800711258 pw_multibuf: Remove dep on external gtest b7dfabebf739ad3 pw_transfer: Set clients to transfer_v2 c943a7e9789d83f pw_bluetooth: Add LE Set Host Feature command b4e82abda1f7785 pw_multibuf: Make HeaderChunkRegionTracket public a5da9446fb2c7f6 pw_unit_test: Skip googletest tests if not set 5a521cb4f24cfd6 docs: Gerrit code coverage documentation db39d89da115738 docs: Move copyright header info to style guide 7afbb205c205659 pw_allocator: Fix use-after-free in ~AllocatorForT 8750debc3c31d37 pw_presubmit: Fix TestTodoCheck.test_one_bug_legac b8323b6b9334bd4 pw_presubmit: No coverage upload for shadow builds 58cbff1b65f10d7 pw_presubmit: Remove some unused constants f920a129cf3ed4f docs: Document the Test footer 826cb8013ecc41c pw_toolchain_bazel: Add LLVM clang tool template 0d40b578a642b05 pw_toolchain_bazel: Add ARM GCC toolchain template c5270f6aeecb805 pw_presubmit: Add is_shadow/is_prod members to con 7e4cbf3a3ef1f43 pw_presubmit: Refactor the coverage options 4209e8f954d189c pw_allocator: Add AllocationTestHarness e395d6a6991032f pw_toolchain_bazel: Support featureless sysroots b1818e9c2404c3e pw_multibuf: Fix cmake build file b7d686c7f47afe1 pw_presubmit: Show diffs when parser tests fail 559d3789342d9ff pw_format: Add core::fmt macro helper f2d2129612c13a9 pw_bluetooth_sapphire: Add testonly to testing tar 2a06e1549e6d7ea pw_presubmit: Trim paths in Bazel summaries 770c57d44c0ae84 pw_bluetooth_sapphire: Revert commits to get to a 7dde8e8f4926d8d pw_allocator: Add AllocationTestHarness 44287c6af439945 pw_containers: Warn about unsafe Vector usage d4ede194c4969ea Revert "pw_transfer: Set clients to transfer_v2" 77b826167ba5e92 SEED-0114: Update status; format header in table 8c730a90041c5d9 Revert "pw_bluetooth_sapphire: Refactor method and 7e380e8b3813bd1 Revert "pw_bluetooth_sapphire: Use size calculatio 58af550fab7870e pw_web: Install Web Test Runner and dependencies dcdb1295dd23813 pw_toolchain: Merge host toolchains 9f1bfcf4d6e7db3 pw_transfer: Set clients to transfer_v2 4bab5d3991938c0 pw_bluetooth_sapphire: Use size calculation for re 93f712b83d0f90a pw_rpc: Initialize serde_ members to nullptr 499a89d16b7c3f2 pw_sensor: Reserve SEED for configuring sensors 1302d46477fffc5 pw_presubmit: Correct the codesearch_host b9a51a377278508 pw_bluetooth_sapphire: Use Write instead of Unchec e91b4e2be600f81 pw_toolchain: Expose non-hermetic toolchain 26cd2f7147dacec pw_tokenizer: Fix NULL dereference in fuzz harness 6279dcff3ab3c1d pw_bluetooth_sapphire: Remove now unnecessary use afd316169759dd6 pw_bluetooth_sapphire: Move LegacyLowEnergyScanner 5c739bcdbbbfa7f SEED-0118: Claim SEED number 87c0c3bec90b694 pw_presubmit: Correct host in coverage presubmit d18befe5952f6fc pw_bluetooth_sapphire: Create new LowEnergyScanner a8eb8a3d5f2ebf6 pw_bluetooth_sapphire: Extended scanning support, 1dc5e7afd1aae8b pw_bluetooth_sapphire: Remove fidl fuzzer from bui c440120d8bfcd27 pw_build_info: Fix relative paths in Python tests 3527d9b676c386e pw_bluetooth_sapphire: Refactor method and variabl c0c533382b569ef pw_presubmit: Fix coverage options db11358897e2c3f pw_system: Load all domain tokens cf32519404ab824 pw_system: Style fixes to Python scripts d11691777400232 pw_transfer: Limit to sending a single chunk in te 89588329bfc42c9 docs: Add changelog update instructions and tool afac8b29114e86e pw_toolchain/arm_clang: Reduce binary size 9d2d05aa5bd9d36 pw_allocator: Refactor metric collection 2a854674b2c3707 pw_bluetooth: LE Request Peer SCA Complete event f2301a70207870e pw_tokenizer: Move ReadUint32 c821a51c8023c9a pw_sensor: Claim SEED number for high level view 2fda6c82d5b6004 pw_protobuf: Add common_py_pb2 target https://pigweed.googlesource.com/pigweed/pigweed third_party/pigweed/src Rolled-Commits: 8b5d45a34aa2d4b..e35aa3aecf78ae4 Roller-URL: https://ci.chromium.org/b/8762683999903204657 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: Ib4e4b0b8d5e59e9b5994db07edd9141635dc0117 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/183590 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.