1# Open Profile for DICE 2 3This repository contains the specification for the 4[Open Profile for DICE](docs/specification.md) along with production-quality 5code. This profile is a specialization of the 6[Hardware Requirements for a Device Identifier Composition Engine](https://trustedcomputinggroup.org/resource/hardware-requirements-for-a-device-identifier-composition-engine/) 7and 8[DICE Layering Architecture](https://trustedcomputinggroup.org/resource/dice-layering-architecture/) 9specifications published by the Trusted Computing Group (TCG). For readers 10already familiar with those specs, notable distinctives of this profile include: 11 12* Separate CDIs for attestation and sealing use cases 13* Categorized inputs, including values related to verified boot 14* Certified UDS values 15* X.509 or CBOR certificates 16 17## Mailing List 18 19You can find us (and join us!) at 20https://groups.google.com/g/open-profile-for-dice. We're happy to answer 21questions and discuss proposed changes or features. 22 23## Specification 24 25The specification can be found [here](docs/specification.md). It is versioned 26using a major.minor scheme. Compatibility is maintained across minor versions 27but not necessarily across major versions. 28 29## Code 30 31Production quality, portable C code is included. The main code is in 32[dice.h](include/dice/dice.h) and [dice.c](src/dice.c). Cryptographic and 33certificate generation operations are injected via a set of callbacks. Multiple 34implementations of these operations are provided, all equally acceptable. 35Integrators should choose just one of these, or write their own. 36 37Tests are included for all code and the build files in this repository can be 38used to build and run these tests. 39 40Disclaimer: This is not an officially supported Google product. 41 42### Thirdparty Dependencies 43 44Different implementations use different third party libraries. The third\_party 45directory contains build files and git submodules for each of these. The 46submodules must be initialized once after cloning the repo, using `git submodule 47update --init`, and updated after pulling commits that roll the submodules using 48`git submodule update`. 49 50### Building and Running Tests 51 52#### Quick setup 53 54To setup the build environment the first time: 55 56```bash 57$ git submodule update --init 58$ source bootstrap.sh 59$ gn gen out 60``` 61 62To build and run tests: 63 64```bash 65$ ninja -C out 66``` 67 68#### More details 69 70The easiest way, and currently the only supported way, to build and run tests is 71from a [Pigweed](https://pigweed.googlesource.com/pigweed/pigweed/) environment 72on Linux. Pigweed does support other host platforms so it shouldn't be too hard 73to get this running on Windows for example, but we use Linux. 74 75There are two scripts to help set this up: 76 77* [bootstrap.sh](bootstrap.sh) will initialize submodules, bootstrap a Pigweed 78 environment, and generate build files. This can take some time and may 79 download on the order of 1GB of dependencies so the normal workflow is to 80 just do this once. 81 82* [activate.sh](activate.sh) quickly reactivates an environment that has been 83 previously bootstrapped. 84 85These scripts must be sourced into the current session: `source activate.sh`. 86 87In the environment, from the base directory of the dice-profile checkout, run 88`ninja -C out` to build everything and run all tests. You can also run `pw 89watch` which will build, run tests, and continue to watch for changes. 90 91This will build and run tests on the host using the clang toolchain. Pigweed 92makes it easy to configure other targets and toolchains. See 93[toolchains/BUILD.gn](toolchains/BUILD.gn) and the Pigweed documentation. 94 95### Porting 96 97The code is designed to be portable and should work with a variety of modern 98toolchains and in a variety of environments. The main code in dice.h and dice.c 99is C99; it uses uint8\_t, size\_t, and memcpy from the C standard library. The 100various ops implementations are as portable as their dependencies (often not C99 101but still very portable). Notably, this code uses designated initializers for 102readability. This is a feature available in C since C99 but missing from C++ 103until C++20 where it appears in a stricter form. 104 105### Style 106 107The [Google C++ Style Guide](https://google.github.io/styleguide/cppguide.html) 108is used. A `.clang-format` file is provided for convenience. 109 110### Incorporating 111 112To incorporate the code into another project, there are a few options: 113 114* Copy only the necessary code. For example: 115 116 1. Take the main code as is: [include/dice/dice.h](include/dice/dice.h), 117 [src/dice.c](src/dice.c) 118 119 1. Choose an implementation for crypto and certificate generation or choose 120 to write your own. If you choose the boringssl implementation, for 121 example, take [include/dice/utils.h](include/dice/utils.h), 122 [include/dice/boringssl_ops.h](include/dice/boringssl_ops.h), 123 [src/utils.c](src/utils.c), and 124 [src/boringssl_ops.c](src/boringssl_ops.c). Taking a look at the library 125 targets in BUILD.gn may be helpful. 126 127* Add this repository as a git submodule and integrate into the project build, 128 optionally using the gn library targets provided. 129 130* Integrate into a project already using Pigweed using the gn build files 131 provided. 132 133### Size Reports 134 135The build reports code size using 136[Bloaty McBloatface](https://github.com/google/bloaty) via the pw\_bloat Pigweed 137module. There are two reports generated: 138 139* Library sizes - This report includes just the library code in this 140 repository. It shows the baseline DICE code with no ops selected, and it 141 shows the delta introduced by choosing various ops implementations. This 142 report **does not** include the size of the third party dependencies. 143 144* Executable sizes - This report includes sizes for the library code in this 145 repository plus all dependencies linked into a simple main function which 146 makes a single DICE call with all-zero input. It shows the baseline DICE 147 code with no ops (and therefore no dependencies other than libc), and it 148 shows the delta introduced by choosing various ops implementations. This 149 report **does** include the size of the third party dependencies. Note that 150 rows specialized from 'Boringssl Ops' use that as a baseline for sizing. 151 152The reports will be in the build output, but you can also find the reports in 153`.txt` files in the build output. For example, `cat out/host_optimized/gen/*.txt 154| less` will display all reports. 155 156### Thread Safety 157 158This code does not itself use mutable global variables, or any other type of 159shared data structure so there is no thread-safety concerns. However, additional 160care is needed to ensure dependencies are configured to be thread-safe. For 161example, the current boringssl configuration defines 162OPENSSL\_NO\_THREADS\_CORRUPT\_MEMORY\_AND\_LEAK\_SECRETS\_IF\_THREADED, and 163that would need to be changed before running in a threaded environment. 164 165### Clearing Sensitive Data 166 167This code makes a reasonable effort to clear memory holding sensitive data. This 168may help with a broader strategy to clear sensitive data but it is not 169sufficient on its own. Here are a few things to consider. 170 171* The caller of this code is responsible for buffers they own (of course). 172* The ops implementations need to clear any copies they make of sensitive 173 data. Both boringssl and mbedtls attempt to zeroize but this may need 174 additional care to integrate correctly. For example, boringssl skips 175 optimization prevention when OPENSSL\_NO\_ASM is defined (and it is 176 currently defined). 177* Sensitive data may remain in cache. 178* Sensitive data may have been swapped out. 179* Sensitive data may be included in a crash dump. 180