Cover Letter Detail
Show a cover letter.
GET /api/covers/3390/?format=api
{ "id": 3390, "url": "https://patchwork.libcamera.org/api/covers/3390/?format=api", "web_url": "https://patchwork.libcamera.org/cover/3390/", "project": { "id": 1, "url": "https://patchwork.libcamera.org/api/projects/1/?format=api", "name": "libcamera", "link_name": "libcamera", "list_id": "libcamera_core", "list_email": "libcamera-devel@lists.libcamera.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>", "date": "2020-04-04T01:56:13", "name": "[libcamera-devel,00/11] Sign IPA modules instead of checking their advertised license", "submitter": { "id": 2, "url": "https://patchwork.libcamera.org/api/people/2/?format=api", "name": "Laurent Pinchart", "email": "laurent.pinchart@ideasonboard.com" }, "mbox": "https://patchwork.libcamera.org/cover/3390/mbox/", "series": [ { "id": 797, "url": "https://patchwork.libcamera.org/api/series/797/?format=api", "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=797", "date": "2020-04-04T01:56:13", "name": "Sign IPA modules instead of checking their advertised license", "version": 1, "mbox": "https://patchwork.libcamera.org/series/797/mbox/" } ], "comments": "https://patchwork.libcamera.org/api/covers/3390/comments/", "headers": { "Return-Path": "<laurent.pinchart@ideasonboard.com>", "Received": [ "from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 5150E60409\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSat, 4 Apr 2020 03:56:38 +0200 (CEST)", "from pendragon.bb.dnainternet.fi (81-175-216-236.bb.dnainternet.fi\n\t[81.175.216.236])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id C4642321\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSat, 4 Apr 2020 03:56:37 +0200 (CEST)" ], "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"wXEkIL9w\"; dkim-atps=neutral", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1585965397;\n\tbh=8c40Wbngd3R/nuIdmPSsC1F8Y9OHU1GX29ho15tVPVk=;\n\th=From:To:Subject:Date:From;\n\tb=wXEkIL9wAa42CwJvarwHxbfFG5RYG3fEwfLEQP/Sn8rz5LJWB65UrBm1Wqw7ovlmJ\n\tRLM7Tr8hDr6MP8cF+bsoD3bXvKBDAsL1ARhn+3hlepalaYbfH77ur+Ye523yPLrQ3F\n\tinVibg5LNnUdQQ55NGuePpqn9PeQIF/aJsLPE674=", "From": "Laurent Pinchart <laurent.pinchart@ideasonboard.com>", "To": "libcamera-devel@lists.libcamera.org", "Date": "Sat, 4 Apr 2020 04:56:13 +0300", "Message-Id": "<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>", "X-Mailer": "git-send-email 2.24.1", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[libcamera-devel] [PATCH 00/11] Sign IPA modules instead of\n\tchecking their advertised license", "X-BeenThere": "libcamera-devel@lists.libcamera.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "<libcamera-devel.lists.libcamera.org>", "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>", "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>", "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>", "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>", "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>", "X-List-Received-Date": "Sat, 04 Apr 2020 01:56:38 -0000" }, "content": "Hello,\n\nThis patch series is an attempt to fix an issue in the IPA module\nisolation policy that the license-based mechanism can't help with.\n\nFor security reasons, libcamera isolates IPA modules in a separate\nprocess when they are shipped as unreviable closed-source binaries. We\nonly want to allow loading the module in the libcamera process when its\nsources can be reviewed.\n\nThis policy is enformed by checking the license reported by the module\nagainst a list of open-source licenses. We are aware that vendors could\ncheat and advertise an open-source license, but we noticed another issue\nmore recently: An IPA module could be covered by an open-source license\nthat doesn't require shipping sources, and be shipped as a closed-source\nmodule only.\n\nThis really kills the idea of a license-based mechanism. This patch\nseries replaces that mechanism with a completely different approach,\nbased on cryptographic signatures. The libcamera build process generates\na public/private key pair, and the public key is embedded in libcamera.\nThe private key is used to sign the IPA modules that are part of\nlibcamera, and is then thrown away. At runtime, libcamera checks the\nsignature validity to decide whether to isolate the module or not.\n\nThe changes introduce a dependency on openssl at build time and on\ngnutls at runtime. gnutls was chosen for the simplicity of its API\ncompared to openssl. Other backends could also be implemented, with\nnettle, openssl and libgcrypt being candidates (in order of increasing\ncomplexity).\n\nWe will likely need ways to override this mechanism for development\npurpose, in both directions (forcing isolation of a signed module, and\nallowing unsigned modules to be loaded without isolation). This can be\nachieved through a combination of build time options and environment\nvariables, to give flexibility in policy decisions to system\nintegrators. We can start discussing such extensions, but I don't think\nthey need to block merging this series.\n\nLaurent Pinchart (11):\n ipa: vimc: Remove isolated VIMC IPA module\n libcamera: Add IPA module signing infrastructure\n libcamera: Add File helper class\n test: Add File class tests\n libcamera: ipa_module: Simplify error handling in loadIPAModuleInfo()\n libcamera: ipa_module: Use Span class to tie data and size\n libcamera: ipa_module: Load IPA module signature\n libcamera: Add PubKey class\n libcamera: ipa_manager: Embed IPA module signing public key\n libcamera: ipa_manager: Verify IPA module signature\n libcamera: ipa: Remove IPAModuleInfo license field\n\n include/ipa/ipa_module_info.h | 1 -\n src/ipa/gen-ipa-priv-key.sh | 9 +\n src/ipa/ipa-sign.sh | 10 +\n src/ipa/meson.build | 2 +\n src/ipa/rkisp1/meson.build | 25 +-\n src/ipa/rkisp1/rkisp1.cpp | 1 -\n src/ipa/vimc/meson.build | 30 +--\n src/ipa/vimc/vimc.cpp | 1 -\n src/libcamera/file.cpp | 338 ++++++++++++++++++++++++++++\n src/libcamera/gen-ipa-pub-key.py | 46 ++++\n src/libcamera/include/file.h | 69 ++++++\n src/libcamera/include/ipa_manager.h | 7 +\n src/libcamera/include/ipa_module.h | 6 +-\n src/libcamera/include/meson.build | 2 +\n src/libcamera/include/pub_key.h | 36 +++\n src/libcamera/ipa_manager.cpp | 22 +-\n src/libcamera/ipa_module.cpp | 204 +++++++----------\n src/libcamera/ipa_pub_key.cpp.in | 20 ++\n src/libcamera/meson.build | 16 ++\n src/libcamera/pub_key.cpp | 97 ++++++++\n src/meson.build | 5 +\n test/file.cpp | 285 +++++++++++++++++++++++\n test/ipa/ipa_module_test.cpp | 1 -\n test/meson.build | 1 +\n 24 files changed, 1083 insertions(+), 151 deletions(-)\n create mode 100755 src/ipa/gen-ipa-priv-key.sh\n create mode 100755 src/ipa/ipa-sign.sh\n create mode 100644 src/libcamera/file.cpp\n create mode 100755 src/libcamera/gen-ipa-pub-key.py\n create mode 100644 src/libcamera/include/file.h\n create mode 100644 src/libcamera/include/pub_key.h\n create mode 100644 src/libcamera/ipa_pub_key.cpp.in\n create mode 100644 src/libcamera/pub_key.cpp\n create mode 100644 test/file.cpp" }