{"id":19443,"url":"https://patchwork.libcamera.org/api/covers/19443/?format=json","web_url":"https://patchwork.libcamera.org/cover/19443/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20240122114040.275771-1-libcamera@bzzt.net>","date":"2024-01-22T11:40:39","name":"[0/1] libcamera: ipa: allow trusting modules by checksum","submitter":{"id":182,"url":"https://patchwork.libcamera.org/api/people/182/?format=json","name":"Arnout Engelen","email":"libcamera@bzzt.net"},"mbox":"https://patchwork.libcamera.org/cover/19443/mbox/","series":[{"id":4153,"url":"https://patchwork.libcamera.org/api/series/4153/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=4153","date":"2024-01-22T11:40:39","name":"libcamera: ipa: allow trusting modules by checksum","version":1,"mbox":"https://patchwork.libcamera.org/series/4153/mbox/"}],"comments":"https://patchwork.libcamera.org/api/covers/19443/comments/","headers":{"Return-Path":"<libcamera-devel-bounces@lists.libcamera.org>","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id AE0AFC323E\n\tfor <parsemail@patchwork.libcamera.org>;\n\tMon, 22 Jan 2024 11:41:03 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 4932862936;\n\tMon, 22 Jan 2024 12:41:03 +0100 (CET)","from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com\n\t[66.111.4.26])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 4B42A61D30\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tMon, 22 Jan 2024 12:41:00 +0100 (CET)","from compute7.internal (compute7.nyi.internal [10.202.2.48])\n\tby mailout.nyi.internal (Postfix) with ESMTP id 888F85C00EA;\n\tMon, 22 Jan 2024 06:40:56 -0500 (EST)","from mailfrontend1 ([10.202.2.162])\n\tby compute7.internal (MEProxy); Mon, 22 Jan 2024 06:40:56 -0500","by mail.messagingengine.com (Postfix) with ESMTPA; Mon,\n\t22 Jan 2024 06:40:55 -0500 (EST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (2048-bit key;\n\tunprotected) header.d=bzzt.net header.i=@bzzt.net header.b=\"n5tsi8el\";\n\tdkim=pass (2048-bit key;\n\tunprotected) header.d=messagingengine.com\n\theader.i=@messagingengine.com header.b=\"fuzaXxwn\"; \n\tdkim-atps=neutral","DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=bzzt.net; h=cc\n\t:cc:content-transfer-encoding:content-type:date:date:from:from\n\t:in-reply-to:message-id:mime-version:reply-to:subject:subject:to\n\t:to; s=fm1; t=1705923656; x=1706010056; bh=UrjGqEKy9/kotn8nB2vie\n\t1hONZL9qqH4548yYxjONhE=; b=n5tsi8el6y1sMMUv/1C4woivF6Q1ahoI9S2xK\n\tTGvNoyln+5nYCGxcRjGyU64bT4FQpxB1wLIjSB4Q6fEv+1mfTDc9oBVorxXzW4y5\n\tBqp//0kPnrVmc+kb05ysizJBlGtmSMo0YB26tGCi+OGnkrbo2tomj3JmuUrJSICQ\n\tleSareC7DzwABzkKpGin4fNhpWN9joQSG9la7H/i70SEWtbz/sxIINp3RDrZXxgw\n\tXZ/o9WyyJtyC2hJgpGzil0RVvOLpB2ozIflmjLEHnL0/uGxPPsH/uh2sXf4X5wxj\n\tdtUbiatp4YZ+EkrkeuKr+UNhmlhGRGYg68XW1moN6cxpki2zg==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=\n\tmessagingengine.com; h=cc:cc:content-transfer-encoding\n\t:content-type:date:date:feedback-id:feedback-id:from:from\n\t:in-reply-to:message-id:mime-version:reply-to:subject:subject:to\n\t:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=\n\tfm3; t=1705923656; x=1706010056; bh=UrjGqEKy9/kotn8nB2vie1hONZL9\n\tqqH4548yYxjONhE=; b=fuzaXxwnoKXoN/TPNKvR96yXvLbdvy9Pad5IEt+GSF2z\n\tXlciMj/21gPTHEXUvND9dXsdPpwzGjvBTKB9gPVRzMuiUNX6Mff8fqQ9t1VzQKEZ\n\tEqEarfdK0fEKX6iAuJV28zyNscbvwiWVuYW1MfpjvuKi1Dc4C+bVy1RXeL+B/NAT\n\tAnCN4HgR9jyaPYXA17joU+R8eX7OxThJ5HGCwmWLicGG9Slt3LVdHm8U5hdoY6Sa\n\tsYJRqLG1f93IkXqlQCCXFH1W41WoxvJOSuq13soUXRE4orhH10TzfwZCxl3Dgk2U\n\tH92I+dj2G5SXfgcMB5+yexMIUodt5AtnF27jop+A6g=="],"X-ME-Sender":"<xms:SFSuZVUlzOjTrTX7XVlfbXiqFEg4NjtECCM-odeGDmI0igzNmMwBfQ>\n\t<xme:SFSuZVlfyPAKhG3Nu4lGZwxhLzjZ52oPJM3YvVSse9KZx6Mq-sf-5-PV5KkP5Tz4B\n\tRGHlE5X1tp0h17amEU>","X-ME-Received":"<xmr:SFSuZRbnZpZ2CGcb5hEaeqtjx_KCoWsRzo-9dn44YqUHQ1yQpGiwlv2oltX5NvNhLMV1Ker8f9o84FH2ia1P5KUlwQbiF3c>","X-ME-Proxy-Cause":"gggruggvucftvghtrhhoucdtuddrgedvkedrvdekiedgvdelucetufdoteggodetrfdotf\n\tfvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen\n\tuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne\n\tcujfgurhephffvvefufffkofgggfestdekredtredttdenucfhrhhomheplhhisggtrghm\n\tvghrrgessgiiiihtrdhnvghtnecuggftrfgrthhtvghrnhepuedvudejkeeujeevveefke\n\tfgueffheevueeukeffudfhhedugeetudelueffkeeunecuffhomhgrihhnpehlihgstggr\n\tmhgvrhgrrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh\n\thfrhhomheplhhisggtrghmvghrrgessgiiiihtrdhnvght","X-ME-Proxy":"<xmx:SFSuZYWUmd5xEO9JuNyDeyXpGtMg4jscJJrFcBUaB2bMtJLXGy98eg>\n\t<xmx:SFSuZfl-sz-IxZirh_x8XmdLZOwTEgfQZIoJiiHd4rDfQd7K0EpdiA>\n\t<xmx:SFSuZVdi898EDsbtixdBIcrAAZrWt7HaDgMo6miuM45DJpsgaE9TNg>\n\t<xmx:SFSuZeuQRYWIhREhcBHNsuTEgbEC2v-t3atbCWG9lgHzNsvLOWsFGg>","Feedback-ID":"i7559471f:Fastmail","From":"libcamera@bzzt.net","To":"libcamera-devel@lists.libcamera.org","Subject":"[PATCH 0/1] libcamera: ipa: allow trusting modules by checksum","Date":"Mon, 22 Jan 2024 12:40:39 +0100","Message-ID":"<20240122114040.275771-1-libcamera@bzzt.net>","X-Mailer":"git-send-email 2.43.0","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","Cc":"Arnout Engelen <arnout@bzzt.net>","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"},"content":"From: Arnout Engelen <arnout@bzzt.net>\n\nThis is a variation on\nhttps://lists.libcamera.org/pipermail/libcamera-devel/2024-January/040186.html\nthat embeds the checksums in the installed binary instead of\nloading a configuration file. Post-processing the library like\nthis is of course rather icky, but testing with `ipa_verify` it\ndoes appear to work. I have not tested this in a 'real' application\nyet, and have not tested yet with more than a single module available,\nas I wanted to collect feedback on the approach first.\n\nArnout Engelen (1):\n  libcamera: ipa: allow trusting modules by checksum\n\n include/libcamera/internal/ipa_manager.h |  9 ++-\n include/libcamera/internal/ipa_module.h  |  2 +\n meson_options.txt                        |  8 +++\n src/apps/ipa-verify/main.cpp             | 43 +++++++++++-\n src/apps/ipa-verify/meson.build          |  2 +-\n src/ipa/ipa-checksum-install.sh          | 24 +++++++\n src/ipa/meson.build                      |  7 ++\n src/libcamera/ipa_manager.cpp            | 88 +++++++++++++++++++++---\n src/libcamera/ipa_module.cpp             | 30 ++++++++\n src/meson.build                          | 18 ++++-\n 10 files changed, 215 insertions(+), 16 deletions(-)\n create mode 100644 src/ipa/ipa-checksum-install.sh"}