oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard

Published 20 hours ago verified publisher icon google

projects/caliptra-sw: Initial integration

Open benjamindoron opened this issue 2 years ago • 11 comments

Add support for running Caliptra's fuzzer targets.

benjamindoron avatar Sep 22 '23 16:09 benjamindoron

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Sep 22 '23 16:09 google-cla[bot]

benjamindoron is integrating a new project:
- Main repo: https://github.com/chipsalliance/caliptra-sw
- Criticality score: 0.45962

github-actions[bot] avatar Sep 22 '23 16:09 github-actions[bot]

Unblocked.

benjamindoron avatar Sep 22 '23 17:09 benjamindoron

TODO: Discovered on https://github.com/chipsalliance/caliptra-sw/pull/879: Add export CARGO_TARGET_DIR=$(mktemp -d) as performance optimisation

benjamindoron avatar Sep 27 '23 20:09 benjamindoron

Thanks, @benjamindoron! Are you a maintainer of the project?

DonggeLiu avatar Oct 06 '23 00:10 DonggeLiu

Thanks, @benjamindoron! Are you a maintainer of the project?

Hi there, @Alan32Liu! No, I only worked on the fuzzing, @korran and @jhand2 are among some of the project's maintainers whom I worked with. I've been told that Kor will take the primary contact role, so, we'll probably wait for him to confirm.

benjamindoron avatar Oct 06 '23 04:10 benjamindoron

@benjamindoron can you change the main point of contact to be me? ([email protected]).

@Alan32Liu I'm a Caliptra maintainer. Let me know what we need to do to unblock this. Thanks!

jhand2 avatar Oct 18 '23 23:10 jhand2

@benjamindoron can you change the main point of contact to be me? ([email protected]).

@Alan32Liu I'm a Caliptra maintainer. Let me know what we need to do to unblock this. Thanks!

Hi @jhand2, I just wanted to confirm that you approve this PR : )

Could you please also elaborate a bit more about the importance and users of the project, if that's not too much trouble? That will be very helpful for the OSS-Fuzz team to decide whether to merge this PR.

Thanks!

DonggeLiu avatar Oct 19 '23 03:10 DonggeLiu

@benjamindoron can you change the main point of contact to be me? ([email protected]). @Alan32Liu I'm a Caliptra maintainer. Let me know what we need to do to unblock this. Thanks!

Hi @jhand2, I just wanted to confirm that you approve this PR : )

Could you please also elaborate a bit more about the importance and users of the project, if that's not too much trouble? That will be very helpful for the OSS-Fuzz team to decide whether to merge this PR.

Thanks!

Ah yes, approved :)

Caliptra is a hardware root of trust which several hardware companies will be including in upcoming products. We want to ensure we have good fuzz coverage of ROM before Caliptra ROM tapeout (since ROM is non-updatable once these products are manufactured).

Caliptra is used to provide cryptographic services and a cryptographic identity to chips, so the security of products which integrate Caliptra depends strongly on Caliptra's own security.

jhand2 avatar Oct 20 '23 17:10 jhand2

We approve of adding this project. Can you please fix the build failures.

jonathanmetzman avatar Oct 23 '23 19:10 jonathanmetzman

I think they're fixed now, but we might have a new issue with one of the targets. Until we have upstream CI for it, they might keep breaking, so I'm now working on getting that merged.

Edit: I reverted some changes by force-pushing, will look again tomorrow. Done.

benjamindoron avatar Nov 09 '23 16:11 benjamindoron