| commit | 93cb55b1d6efda68b31981802dffe452fffc7d46 | [log] [tgz] |
|---|---|---|
| author | pigweed-roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> | Sun Feb 09 16:47:16 2025 -0800 |
| committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | Sun Feb 09 16:47:16 2025 -0800 |
| tree | 3c60df44f0ade01106b179daa6baf1a983fb3a59 | |
| parent | 099a7eab0e517e7d804d64e51a5677e88e94161a [diff] |
roll: third_party/pigweed/src 854f542..a9df994 (99 commits) a9df994:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266452 roll: luci 0c62aa4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266338 roll: ninja 410186b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266337 roll: fuchsia-infra-bazel-rules 56f08fc..041c2c3 (44 commits) 0c4197b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266038 pw_toolchain: Remove unused glob pattern df6b243:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266037 pw_toolchain: Fix action:objdump to objdump_disassemble a22e4fb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266036 pw_toolchain: Add the common link flags last 6bfc7bd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266035 pw_toolchain: Remove invalid glob from Zephyr 1cfec72:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266136 *: Remove accidental "public/" includes 4d6191a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/256087 pw_thread_freertos: Thread creation backend 4223869:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266033 pw_kernel: Remove kernel tag on presubmit alias 654d7ad:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265452 CMake: Add more missing headers and deps e7c7ee6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266152 pw_kernel: Add experimental prototype cbc2c8a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265992 pw_toolchain: Document pw::ConstexprTag 0093c1c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266132 docs: Update changelog 101907b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265616 docs: Update Bazel docgen guide e450027:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263872 pw_presubmit: Add rp2350 to presubmit 0ccbac3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265876 pw_toolchain: Move pw::ConstexprTag to pw_toolchain 82c223e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265873 pw_hex_dump: Enable layering check 42dcfa3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266113 pw_bluetooth_proxy: Add missing `parameter_total_size` to test helper ec7307e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266092 bazel: Add stub kernel bazel_presubmit program 4103b07:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/266112 docs: Update bazel_integration.rst 3c04c1c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265630 pw_uart: Enable layering check a50bb66:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265893 pw_digital_io: Enable layering check 80bffba:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265892 pw_checksum: Enable layering check d3bbb01:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265872 pw_log: Enable layering check fb39b72:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265894 pw_function: Enable layering check 6681e2e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264772 pw_containers: Refactor docs c48adeb:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264698 pw_allocator: Remove SynchronizedAllocatorForTest 063865c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261975 pw_bloat: Add size diff rule to Bazel build b1cf87c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265773 pw_bluetooth: Fix clang-tidy warnings 91408a4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265627 pw_bluetooth_sapphire: Add docs for debug symbols 15611b6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265774 *: Add missing `inline` specifiers 16ddae8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263692 pw_containers: Add explicit constexpr constructor for Vector 2971654:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264635 pw_allocator: Satisfy layering check f1c7e6d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264516 pw_unit_test: Add #includes and namespace to PW_CONSTEXPR_TEST example 5ca7ab7:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265772 pw_build_info: Fix building from CoG 7c348ce:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265732 pw_string: Fix clang-tidy finding 33f736d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265394 pw_containers: Return iterator after last erased element in pw::Vector c6f84aa:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263812 pw_bluetooth_sapphire: Document how to use the Zxdb Debugger 72685e5:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265621 pw_tokenizer: Fix csv Android build break df57d60:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265272 pw_bluetooth_sapphire: Fix crash related to legacy pairing 6c6ca80:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265632 pw_bluetooth: Fix rssi values to be signed integers 0f94af2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265672 pw_bluetooth_proxy: Remove overly verbose log 23e713a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265140 pw_bluetooth_proxy: Separate out gatt notify tests c8f50f8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265453 roll: luci 3f18003:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265213 pw_bluetooth_proxy: Add test util for creating GattNotifyChannels d92e9dd:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265137 pw_containers: Refer to iterators as "position" instead of "index" 852571b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/252452 pw_containers: Do not move assign to destroyed objects in Vector::insert 5f9420a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263875 pw_toolchain: Introduce RuntimeInitGlobal 46c628b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265392 pw_env_setup: Drop support for luci-cv on Windows 1807643:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263838 docs: Add index page to Rust API docs fac44b1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264912 build: Propagate Rust channel to proc macros (exec cfg) 89a3c9c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264954 pw_bluetooth_proxy: Support acquire of gatt notify channels 6e18552:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265212 pw_bluetooth_proxy: Use explicit constructor for std::atomic d95bb92:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265253 pw_transfer: Ignore 0 retry values from config proto 55b363b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263513 docs: Present banner on staged docs d9dc917:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264894 docs: Send in-site search queries to Google Analytics 149789e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264892 pw_toolchain: ARM Cortex-M55 configs 160b5df:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263452 pw_checksum: Update docs for CRC32 to match implementation f1a7a87:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/265132 pw_unit_test: Remove pw_unit_test_GOOGLETEST_BACKEND a20e18d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263912 SEED-0133: Claim SEED number cf0119c:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263712 docs: Improve load performance by loading scripts later c91e542:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264992 bazel: Make fuchsia_sdk_toolchain a dev_dependency 832ab7f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264955 pw_bluetooth_sapphire: Fix clang-format findings da0e536:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/258175 pw_bluetooth_proxy: Handle ACL recombination 384f8c9:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264972 pw_ring_buffer: Enable Bazel layering check c91ab43:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264775 pw_presubmit: Fix bazel 'includes' check bcb3812:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264952 build: Add testing with Rust nightly toolchain 8320b51:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263653 roll: Clang 2724690:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264872 pw_toolchain: Silence sh_binary warning 8e7ab88:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/259434 pw_bluetooth_proxy: Deregister & Close channels on proxy reset/dtor 23d2030:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263952 docs: Restore Doxygen subsite 8291a3d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264893 Revert "roll: rules_python" 304e574:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263896 roll: rules_python 5d81c0e:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264600 build: Add @qemu// prebuilt Bazel repo c6ee2e4:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264832 pw_bluetooth_sapphire: Remove unused inspect nodes 1cd0c57:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264774 docs: Fix bypass-cq link 36dd7ef:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264752 docs: Describe Pigweed's Python version support 809d32b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264515 docs: Add Bazel migration blog post 3587a70:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/260972 pw_ide: Fix exported methods collision 9b46aef:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/256653 pw_tokenizer: Add support for CSV parsing in C++ 8fe4260:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/255173 pw_tokenizer: Add support for domains in C++ 76ebbc3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264520 pw_i2c: Enable Bazel layering check 2d78bf1:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264518 pw_log_string: Remove includes 23c3432:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263516 CMake: Add missing headers and deps 814ad3d:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264634 pw_toolchain: Fix Zephyr build file (in more places) edb7cd6:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264513 Bazel: Apply buildifier fixes 31494ac:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263098 build: Switch default Rust crates.io deps be non-vendored 37b3dd8:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263372 pw_build: Remove internal CMake _config and _public_config libraries 10c1a14:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263517 pw_bluetooth_sapphire: Remove sm::Delegate::OnNewPairingData 8ee5e98:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263492 pw_bluetooth_sapphire: Handle BREDR pairing collision in SM as Central 3381769:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263841 pw_tokenizer: Update test for nested tokens c1467e3:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/262877 pw_bluetooth_sapphire: Reject pairing request in SM during BREDR pairing cee2e7b:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264532 pw_toolchain: Fix Zephyr build file 458a7c2:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263837 roll: Bazel 8.0.1 0dbfe4a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264132 pw_crypto: Add missing deps on pw_assert 25aa204:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/263894 pw_env_setup: Switch to new bazelisk CIPD path 23f0e1f:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264452 roll: go 686d52a:https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/264394 roll: buildifier Rolled-Repo: https://pigweed.googlesource.com/pigweed/pigweed Rolled-Commits: 854f542a59c1c6..a9df994246205c Roll-Count: 1 Roller-URL: https://cr-buildbucket.appspot.com/build/8723364918952523009 GitWatcher: ignore CQ-Do-Not-Cancel-Tryjobs: true Change-Id: I183b2fe02772f57f759cc75337d0cf61c21939c9 Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/266552 Bot-Commit: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Commit-Queue: Pigweed Roller <pigweed-roller@pigweed-service-accounts.iam.gserviceaccount.com> Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
This repository contains the specification for the Open Profile for DICE along with production-quality code. This profile is a specialization of the Hardware Requirements for a Device Identifier Composition Engine and DICE Layering Architecture specifications published by the Trusted Computing Group (TCG). For readers already familiar with those specs, notable distinctives of this profile include:
You can find us (and join us!) at https://groups.google.com/g/open-profile-for-dice. We're happy to answer questions and discuss proposed changes or features.
The specification can be found here. It is versioned using a major.minor scheme. Compatibility is maintained across minor versions but not necessarily across major versions.
Production quality, portable C code is included. The main code is in dice.h and dice.c. Cryptographic and certificate generation operations are injected via a set of callbacks. Multiple implementations of these operations are provided, all equally acceptable. Integrators should choose just one of these, or write their own.
Tests are included for all code and the build files in this repository can be used to build and run these tests.
Disclaimer: This is not an officially supported Google product.
Different implementations use different third party libraries. The third_party directory contains build files and git submodules for each of these. The submodules must be initialized once after cloning the repo, using git submodule update --init, and updated after pulling commits that roll the submodules using git submodule update.
To setup the build environment the first time:
$ git submodule update --init --recursive $ source bootstrap.sh $ gn gen out
To build and run tests:
$ ninja -C out
The easiest way, and currently the only supported way, to build and run tests is from a Pigweed environment on Linux. Pigweed does support other host platforms so it shouldn't be too hard to get this running on Windows for example, but we use Linux.
There are two scripts to help set this up:
bootstrap.sh will initialize submodules, bootstrap a Pigweed environment, and generate build files. This can take some time and may download on the order of 1GB of dependencies so the normal workflow is to just do this once.
activate.sh quickly reactivates an environment that has been previously bootstrapped.
These scripts must be sourced into the current session: source activate.sh.
In the environment, from the base directory of the dice-profile checkout, run ninja -C out to build everything and run all tests. You can also run pw watch which will build, run tests, and continue to watch for changes.
This will build and run tests on the host using the clang toolchain. Pigweed makes it easy to configure other targets and toolchains. See toolchains/BUILD.gn and the Pigweed documentation.
The code is designed to be portable and should work with a variety of modern toolchains and in a variety of environments. The main code in dice.h and dice.c is C99; it uses uint8_t, size_t, and memcpy from the C standard library. The various ops implementations are as portable as their dependencies (often not C99 but still very portable). Notably, this code uses designated initializers for readability. This is a feature available in C since C99 but missing from C++ until C++20 where it appears in a stricter form.
The Google C++ Style Guide is used. A .clang-format file is provided for convenience.
To incorporate the code into another project, there are a few options:
Copy only the necessary code. For example:
Take the main code as is: include/dice/dice.h, src/dice.c
Choose an implementation for crypto and certificate generation or choose to write your own. If you choose the boringssl implementation, for example, take include/dice/utils.h, include/dice/boringssl_ops.h, src/utils.c, and src/boringssl_ops.c. Taking a look at the library targets in BUILD.gn may be helpful.
Add this repository as a git submodule and integrate into the project build, optionally using the gn library targets provided.
Integrate into a project already using Pigweed using the gn build files provided.
The build reports code size using Bloaty McBloatface via the pw_bloat Pigweed module. There are two reports generated:
Library sizes - This report includes just the library code in this repository. It shows the baseline DICE code with no ops selected, and it shows the delta introduced by choosing various ops implementations. This report does not include the size of the third party dependencies.
Executable sizes - This report includes sizes for the library code in this repository plus all dependencies linked into a simple main function which makes a single DICE call with all-zero input. It shows the baseline DICE code with no ops (and therefore no dependencies other than libc), and it shows the delta introduced by choosing various ops implementations. This report does include the size of the third party dependencies. Note that rows specialized from ‘Boringssl Ops’ use that as a baseline for sizing.
The reports will be in the build output, but you can also find the reports in .txt files in the build output. For example, cat out/host_optimized/gen/*.txt | less will display all reports.
This code does not itself use mutable global variables, or any other type of shared data structure so there is no thread-safety concerns. However, additional care is needed to ensure dependencies are configured to be thread-safe. For example, the current boringssl configuration defines OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED, and that would need to be changed before running in a threaded environment.
This code makes a reasonable effort to clear memory holding sensitive data. This may help with a broader strategy to clear sensitive data but it is not sufficient on its own. Here are a few things to consider.