{"id":3436,"url":"https://patchwork.libcamera.org/api/1.1/patches/3436/?format=json","web_url":"https://patchwork.libcamera.org/patch/3436/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/1.1/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20200413133047.11913-3-laurent.pinchart@ideasonboard.com>","date":"2020-04-13T13:30:38","name":"[libcamera-devel,v2,02/11] libcamera: Add IPA module signing infrastructure","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"87ae0b991d022ea784ed44468cd3187649efd082","submitter":{"id":2,"url":"https://patchwork.libcamera.org/api/1.1/people/2/?format=json","name":"Laurent Pinchart","email":"laurent.pinchart@ideasonboard.com"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/3436/mbox/","series":[{"id":804,"url":"https://patchwork.libcamera.org/api/1.1/series/804/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=804","date":"2020-04-13T13:30:37","name":"Sign IPA modules instead of checking their advertised license","version":2,"mbox":"https://patchwork.libcamera.org/series/804/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/3436/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/3436/checks/","tags":{},"headers":{"Return-Path":"","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 6215F6279B\n\tfor ;\n\tMon, 13 Apr 2020 15:31:05 +0200 (CEST)","from pendragon.bb.dnainternet.fi (81-175-216-236.bb.dnainternet.fi\n\t[81.175.216.236])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id D20DF1227\n\tfor ;\n\tMon, 13 Apr 2020 15:31:04 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"MJTytnih\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1586784665;\n\tbh=S59zomYLDzVk6EOXCg9yZaC0oaITFCIPd+Whg3BWzVE=;\n\th=From:To:Subject:Date:In-Reply-To:References:From;\n\tb=MJTytnihhNQynjW127fCb/19VTwnjrM7v+twypxQnSV8jAB6JvxMGv09/cTRbmOb8\n\tVwovTftPkdzfIDcvoSBQ50KgjxWnv6neWba0mQzqmFtf4P1hKc/ENSfDDUmQuuHYqM\n\tL3Z6W0Z4wJvYDRyEHTvteyVMa510u5uwrWHUG2yw=","From":"Laurent Pinchart ","To":"libcamera-devel@lists.libcamera.org","Date":"Mon, 13 Apr 2020 16:30:38 +0300","Message-Id":"<20200413133047.11913-3-laurent.pinchart@ideasonboard.com>","X-Mailer":"git-send-email 2.24.1","In-Reply-To":"<20200413133047.11913-1-laurent.pinchart@ideasonboard.com>","References":"<20200413133047.11913-1-laurent.pinchart@ideasonboard.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [PATCH v2 02/11] libcamera: Add IPA module\n\tsigning infrastructure","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","X-List-Received-Date":"Mon, 13 Apr 2020 13:31:05 -0000"},"content":"Add infrastructure to generate an RSA private key and sign IPA modules.\nThe signatures are stored in separate files with a .sign suffix.\n\nSigned-off-by: Laurent Pinchart \n---\nChanges since v1:\n\n- Use named variable to store $1 in gen-ipa-priv-key.sh\n- Add copyright notice to ipa-sign.h\n---\n src/ipa/gen-ipa-priv-key.sh | 11 +++++++++++\n src/ipa/ipa-sign.sh | 13 +++++++++++++\n src/ipa/meson.build | 2 ++\n src/ipa/rkisp1/meson.build | 25 +++++++++++++++++--------\n src/ipa/vimc/meson.build | 12 +++++++++++-\n src/meson.build | 5 +++++\n 6 files changed, 59 insertions(+), 9 deletions(-)\n create mode 100755 src/ipa/gen-ipa-priv-key.sh\n create mode 100755 src/ipa/ipa-sign.sh","diff":"diff --git a/src/ipa/gen-ipa-priv-key.sh b/src/ipa/gen-ipa-priv-key.sh\nnew file mode 100755\nindex 000000000000..919751f25b71\n--- /dev/null\n+++ b/src/ipa/gen-ipa-priv-key.sh\n@@ -0,0 +1,11 @@\n+#!/bin/sh\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Copyright (C) 2020, Google Inc.\n+#\n+# Author: Laurent Pinchart \n+#\n+# gen-ipa-priv-key.sh - Generate an RSA private key to sign IPA modules\n+\n+key=\"$1\"\n+\n+openssl genpkey -algorithm RSA -out \"${key}\" -pkeyopt rsa_keygen_bits:2048\ndiff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh\nnew file mode 100755\nindex 000000000000..8673dad18751\n--- /dev/null\n+++ b/src/ipa/ipa-sign.sh\n@@ -0,0 +1,13 @@\n+#!/bin/sh\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+# Copyright (C) 2020, Google Inc.\n+#\n+# Author: Laurent Pinchart \n+#\n+# ipa-sign.sh - Generate a signature for an IPA module\n+\n+key=\"$1\"\n+input=\"$2\"\n+output=\"$3\"\n+\n+openssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\ndiff --git a/src/ipa/meson.build b/src/ipa/meson.build\nindex 73278a60a99f..cb4e3ab3388f 100644\n--- a/src/ipa/meson.build\n+++ b/src/ipa/meson.build\n@@ -10,6 +10,8 @@ config_h.set('IPA_MODULE_DIR',\n \n subdir('libipa')\n \n+ipa_sign = find_program('ipa-sign.sh')\n+\n ipas = ['rkisp1', 'vimc']\n \n foreach pipeline : get_option('pipelines')\ndiff --git a/src/ipa/rkisp1/meson.build b/src/ipa/rkisp1/meson.build\nindex 521518bd1237..6ccadcfbbe64 100644\n--- a/src/ipa/rkisp1/meson.build\n+++ b/src/ipa/rkisp1/meson.build\n@@ -1,8 +1,17 @@\n-rkisp1_ipa = shared_module('ipa_rkisp1',\n- 'rkisp1.cpp',\n- name_prefix : '',\n- include_directories : [ipa_includes, libipa_includes],\n- dependencies : libcamera_dep,\n- link_with : libipa,\n- install : true,\n- install_dir : ipa_install_dir)\n+ipa_name = 'ipa_rkisp1'\n+\n+mod = shared_module(ipa_name,\n+ 'rkisp1.cpp',\n+ name_prefix : '',\n+ include_directories : [ipa_includes, libipa_includes],\n+ dependencies : libcamera_dep,\n+ link_with : libipa,\n+ install : true,\n+ install_dir : ipa_install_dir)\n+\n+custom_target(ipa_name + '.so.sign',\n+ input : mod,\n+ output : ipa_name + '.so.sign',\n+ command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n+ install : true,\n+ install_dir : ipa_install_dir)\ndiff --git a/src/ipa/vimc/meson.build b/src/ipa/vimc/meson.build\nindex e827e75f9f91..3097a12f964a 100644\n--- a/src/ipa/vimc/meson.build\n+++ b/src/ipa/vimc/meson.build\n@@ -1,4 +1,7 @@\n-ipa = shared_module('ipa_vimc', 'vimc.cpp',\n+ipa_name = 'ipa_vimc'\n+\n+mod = shared_module(ipa_name,\n+ 'vimc.cpp',\n name_prefix : '',\n include_directories : [ipa_includes, libipa_includes],\n dependencies : libcamera_dep,\n@@ -6,3 +9,10 @@ ipa = shared_module('ipa_vimc', 'vimc.cpp',\n install : true,\n install_dir : ipa_install_dir,\n cpp_args : '-DLICENSE=\"LGPL-2.1-or-later\"')\n+\n+custom_target(ipa_name + '.so.sign',\n+ input : mod,\n+ output : ipa_name + '.so.sign',\n+ command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n+ install : true,\n+ install_dir : ipa_install_dir)\ndiff --git a/src/meson.build b/src/meson.build\nindex d818d8b86d93..dc0e0c82b900 100644\n--- a/src/meson.build\n+++ b/src/meson.build\n@@ -2,6 +2,11 @@ if get_option('android')\n subdir('android')\n endif\n \n+ipa_gen_priv_key = find_program('ipa/gen-ipa-priv-key.sh')\n+ipa_priv_key = custom_target('ipa-priv-key',\n+ output : [ 'ipa-priv-key.pem' ],\n+ command : [ ipa_gen_priv_key, '@OUTPUT@' ])\n+\n subdir('libcamera')\n subdir('ipa')\n subdir('cam')\n","prefixes":["libcamera-devel","v2","02/11"]}