1# Open Profile for DICE 2 3This repository contains the specification for the 4[Open Profile for DICE](docs/specification.md) along with production-quality 5code. This profile is a specialization of the 6[Hardware Requirements for a Device Identifier Composition Engine](https://trustedcomputinggroup.org/resource/hardware-requirements-for-a-device-identifier-composition-engine/) 7and 8[DICE Layering Architecture](https://trustedcomputinggroup.org/resource/dice-layering-architecture/) 9specifications published by the Trusted Computing Group (TCG). For readers 10already familiar with those specs, notable distinctives of this profile include: 11 12* Separate CDIs for attestation and sealing use cases 13* Categorized inputs, including values related to verified boot 14* Certified UDS values 15* X.509 or CBOR certificates 16 17## Mailing List 18 19You can find us (and join us!) at 20https://groups.google.com/g/open-profile-for-dice. We're happy to answer 21questions and discuss proposed changes or features. 22 23## Specification 24 25The specification can be found [here](docs/specification.md). It is versioned 26using a major.minor scheme. Compatibility is maintained across minor versions 27but not necessarily across major versions. 28 29## Code 30 31Production quality, portable C code is included. The main code is in 32[dice.h](include/dice/dice.h) and [dice.c](src/dice.c). Cryptographic and 33certificate generation operations are injected via a set of callbacks. Multiple 34implementations of these operations are provided, all equally acceptable. 35Integrators should choose just one of these, or write their own. 36 37Tests are included for all code and the build files in this repository can be 38used to build and run these tests. 39 40Disclaimer: This is not an officially supported Google product. 41 42### Thirdparty Dependencies 43 44Different implementations use different third party libraries. The third\_party 45directory contains build files and git submodules for each of these. The 46[bootstrap](bootstrap.sh) script will automatically initialize all submodules. 47 48### Building and Running Tests 49 50```bash 51$ source bootstrap.sh 52$ ninja -C out 53``` 54 55The easiest way, and currently the only supported way, to build and run tests is 56from a [Pigweed](https://pigweed.googlesource.com/pigweed/pigweed/) environment 57on Linux. Pigweed does support other host platforms so it shouldn't be too hard 58to get this running on Windows for example, but we use Linux. 59 60There are two scripts to help set this up: 61 62* [bootstrap.sh](bootstrap.sh) will initialize submodules, bootstrap a Pigweed 63 environment, and generate build files. This can take some time and may 64 download on the order of 1GB of dependencies so the normal workflow is to 65 just do this once. 66 67* [activate.sh](activate.sh) quickly reactivates an environment that has been 68 previously bootstrapped. 69 70These scripts must be sourced into the current session: `source activate.sh`. 71 72In the environment, from the base directory of the dice-profile checkout, run 73`ninja -C out` to build everything and run all tests. You can also run `pw 74watch` which will build, run tests, and continue to watch for changes. 75 76This will build and run tests on the host using the clang toolchain. Pigweed 77makes it easy to configure other targets and toolchains. See 78[toolchains/BUILD.gn](toolchains/BUILD.gn) and the Pigweed documentation. 79 80### Porting 81 82The code is designed to be portable and should work with a variety of modern 83toolchains and in a variety of environments. The main code in dice.h and dice.c 84is C99; it uses uint8\_t, size\_t, and memcpy from the C standard library. The 85various ops implementations are as portable as their dependencies (often not C99 86but still very portable). Notably, this code uses designated initializers for 87readability. This is a feature available in C since C99 but missing from C++ 88until C++20 where it appears in a stricter form. 89 90### Style 91 92The [Google C++ Style Guide](https://google.github.io/styleguide/cppguide.html) 93is used. A `.clang-format` file is provided for convenience. 94 95### Incorporating 96 97To incorporate the code into another project, there are a few options: 98 99* Copy only the necessary code. For example: 100 101 1. Take the main code as is: [include/dice/dice.h](include/dice/dice.h), 102 [src/dice.c](src/dice.c) 103 104 1. Choose an implementation for crypto and certificate generation or choose 105 to write your own. If you choose the boringssl implementation, for 106 example, take [include/dice/utils.h](include/dice/utils.h), 107 [include/dice/boringssl_ops.h](include/dice/boringssl_ops.h), 108 [src/utils.c](src/utils.c), and 109 [src/boringssl_ops.c](src/boringssl_ops.c). Taking a look at the library 110 targets in BUILD.gn may be helpful. 111 112* Add this repository as a git submodule and integrate into the project build, 113 optionally using the gn library targets provided. 114 115* Integrate into a project already using Pigweed using the gn build files 116 provided. 117 118### Size Reports 119 120The build reports code size using 121[Bloaty McBloatface](https://github.com/google/bloaty) via the pw\_bloat Pigweed 122module. There are two reports generated: 123 124* Library sizes - This report includes just the library code in this 125 repository. It shows the baseline DICE code with no ops selected, and it 126 shows the delta introduced by choosing various ops implementations. This 127 report **does not** include the size of the third party dependencies. 128 129* Executable sizes - This report includes sizes for the library code in this 130 repository plus all dependencies linked into a simple main function which 131 makes a single DICE call with all-zero input. It shows the baseline DICE 132 code with no ops (and therefore no dependencies other than libc), and it 133 shows the delta introduced by choosing various ops implementations. This 134 report **does** include the size of the third party dependencies. Note that 135 rows specialized from 'Boringssl Ops' use that as a baseline for sizing. 136 137The reports will be in the build output, but you can also find the reports in 138`.txt` files in the build output. For example, `cat out/host_optimized/gen/*.txt 139| less` will display all reports. 140 141### Thread Safety 142 143This code does not itself use mutable global variables, or any other type of 144shared data structure so there is no thread-safety concerns. However, additional 145care is needed to ensure dependencies are configured to be thread-safe. For 146example, the current boringssl configuration defines 147OPENSSL\_NO\_THREADS\_CORRUPT\_MEMORY\_AND\_LEAK\_SECRETS\_IF\_THREADED, and 148that would need to be changed before running in a threaded environment. 149 150### Clearing Sensitive Data 151 152This code makes a reasonable effort to clear memory holding sensitive data. This 153may help with a broader strategy to clear sensitive data but it is not 154sufficient on its own. Here are a few things to consider. 155 156* The caller of this code is responsible for buffers they own (of course). 157* The ops implementations need to clear any copies they make of sensitive 158 data. Both boringssl and mbedtls attempt to zeroize but this may need 159 additional care to integrate correctly. For example, boringssl skips 160 optimization prevention when OPENSSL\_NO\_ASM is defined (and it is 161 currently defined). 162* Sensitive data may remain in cache. 163* Sensitive data may have been swapped out. 164* Sensitive data may be included in a crash dump. 165