| commit | 46fc4acb829c41439e2df8cb45ac2fdba54b1578 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Mon Oct 28 00:44:50 2024 +0000 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Oct 28 00:44:50 2024 +0000 |
| tree | b34850145f3b102be57494ec6f38da4fc05f2545 | |
| parent | 31a5bd188a7195c5de6907d3593798978a79ec7f [diff] |
roll: third_party/pigweed/src 5eec847..6d68ac5 (67 commits) 6d68ac5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244816 roll: bazelisk-as-bazel f743c3e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244873 roll: fuchsia-infra-bazel-rules 8c99ec2..986ed50 (45 commits) d15334b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244652 pw_build: Disable global_link_deps for rust libs a8c7568:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243874 pw_bluetooth_proxy: Add bazel build support 542ffaa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243992 pw_result: Demonstrate that moves are avoidable in PW_TRY_ASSIGN beafe5d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243392 pw_bluetooth_sapphire: Default no build Fuchsia 16224ca:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244735 pw_env_setup: Multiple Python 3 changes ec72e3d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244515 pw_status: Share PW_TRY and PW_CO_TRY implementations 252b43c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244693 pw_bluetooth_sapphire: Enable all flags in gatt 886cebe:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244512 pw_system: Use a lambda instead of ThreadCore c3338f9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244433 pw_bluetooth_sapphire: Enable all flags in sdp 58175ab:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244532 pw_bluetooth_sapphire: Enable all build flags in l2cap 2853967:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244514 pw_channel: Unblock StreamChannel readers when there is a read error 8428e3f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243953 pw_bluetooth_sapphire: Enable all build flags in sm testing target fed7295:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243885 third_party/freertos: Add missing timed_mutex_backend 87face4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243886 third_party/freertos: Remove IfChange / ThenChange(//bazelrc) 0945ffb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243993 pw_async2: Add TimerFuture::Reset cd81997:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243716 pw_grpc: Fix missing status check in test server c7905bf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243700 pw_bluetooth_sapphire: Enable all build flags in iso 8c7cdbf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243733 pw_bluetooth_sapphire: Enable all build flags in sco bca1443:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243697 pw_bluetooth_sapphire: Enable all build flags in transport 618eaa4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243889 pw_unit_test: Use a function for RUN_ALL_TESTS() a60cc7f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243717 pw_bluetooth_sapphire: Enable all build flags in hci-spec 884a156:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244132 pw_bluetooth_sapphire: Enable all build flags in gap 7fe8191:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/241893 pw_build_info: Add missing linker search directory in Bazel a538988:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244252 pw_cli_analytics: Force "utf-8" 1668d6c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244254 pw_build: Fix default build targets for watch and project_builder ae42651:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244173 pw_build: pw_python_distribution input fix 5dd309e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243715 pw_grpc: Add module owners 1edfda4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244253 .bazelrc: Build with --strip=never fb74d9b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243883 rp2350: Add rp2350 bazel flashing targets d52c558:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244272 pw_rpc: Add --pwpb-no-oneof-callbacks to protobuf compiler options 4cc5370:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/241273 *: Fix ruff-detected lambda-should-be-a-def ade685e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/244172 pw_docgen: Ensure UTF-8 parsing of SEED metadata file efda99e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243723 pw_channel: Remove redundant closed state in ForwardingChannelPair d8bc075:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243879 pw_protobuf_compiler: Expose PWPB no oneof callbacks arg in wrapper 544bc2f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243876 pw_web: Fix lint errors in device class 5adbfb6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243713 pw_bluetooth_sapphire: Document how to build with GN 30a9a9d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243880 pw_build_android: Update docs to use 'androidbp' code formatter 5e55f79:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243152 SEED-0132: Claim SEED number ec55b9c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242932 pw_metric: Specify language on code blocks 07d1278:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243997 docs: Shorten Sense link to just "Tour" c5e6cab:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242735 docs: Add crash handler section to sense tutorial 0cd9c0b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243819 pw_channel: Fix formatting for pw_channel descriptor 0aa57ce:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242337 pw_system: Add main stack thread backtrace capture to crash dump 9e869b4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/241138 pw_protobuf_compiler: Disable generic .options files upstream 892394f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242336 targets/rp2040: Add MemManage, BusFault & UsageFault exception handler ed55dbc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/234155 pw_system: Add freertos thread backtrace capture to crash dump 741b773:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243975 pw_system: DEBUG log stmts not in crash snapshot c7d816e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243952 pw_bluetooth_sapphire: Enable all build flags in sm bbc9456:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243913 pw_bluetooth_sapphire: Enable all build flags in att 3ff91ec:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/241892 pw_build_info: Use pw_linker_script rule in Bazel 9525d75:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/241137 pw_protobuf: Allow .pwpb_options as an options file extension 19ba505:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243912 pw_bluetooth_sapphire: Enable all build flags in common 20f956e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243877 pw_{async2,channel}: Split up docs ce2aaba:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243875 pw_unit_test: Remove redundant result check aa62658:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243872 bazel: Update for changes to stm32 packages ce0e3e2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243615 pw_unit_test: Define pw::Status matchers a4636bc:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243133 pw_unit_test: Fix -Waddress warning when verifying RUN_ALL_TESTS 29c5be4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243718 pw_channel: Add more "Why channels" high-level docs 37eca3f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243061 pw_async2: Add RunPendable methods with outputs 2ddac84:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243772 pw_cli_analytics: Subprocess stderr handling fc2fd80:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242792 pw_bluetooth_sapphire: Create inbound LE COCs in l2cap dff6511:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243732 pw_log_tokenized: Only rely on headers for tokenized_args_test 5e7d1a0:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/242094 pw_watch: Bazel run support e9391cf:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243265 pw_bluetooth_sapphire: Fix disabled flags in HCI layer e4d8db4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/243612 pw_tokenizer: Add prefix to AutoUpdatingDetokenizer Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: 5eec847de00e03..6d68ac5934e136 Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8732877597657504593 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I7c32f427b5431e13b19e06fd42028afd34b12e64 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/244819 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.