[{"id":4436,"web_url":"https://patchwork.libcamera.org/comment/4436/","msgid":"<20200413221142.GA89467@oden.dyn.berto.se>","date":"2020-04-13T22:11:42","subject":"Re: [libcamera-devel] [PATCH v2 02/11] libcamera: Add IPA module\n\tsigning infrastructure","submitter":{"id":5,"url":"https://patchwork.libcamera.org/api/people/5/","name":"Niklas Söderlund","email":"niklas.soderlund@ragnatech.se"},"content":"Hi Laurent,\n\nThanks for your work.\n\nOn 2020-04-13 16:30:38 +0300, Laurent Pinchart wrote:\n> Add infrastructure to generate an RSA private key and sign IPA modules.\n> The signatures are stored in separate files with a .sign suffix.\n> \n> Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n\nReviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>\n\n> ---\n> Changes since v1:\n> \n> - Use named variable to store $1 in gen-ipa-priv-key.sh\n> - Add copyright notice to ipa-sign.h\n> ---\n>  src/ipa/gen-ipa-priv-key.sh | 11 +++++++++++\n>  src/ipa/ipa-sign.sh         | 13 +++++++++++++\n>  src/ipa/meson.build         |  2 ++\n>  src/ipa/rkisp1/meson.build  | 25 +++++++++++++++++--------\n>  src/ipa/vimc/meson.build    | 12 +++++++++++-\n>  src/meson.build             |  5 +++++\n>  6 files changed, 59 insertions(+), 9 deletions(-)\n>  create mode 100755 src/ipa/gen-ipa-priv-key.sh\n>  create mode 100755 src/ipa/ipa-sign.sh\n> \n> diff --git a/src/ipa/gen-ipa-priv-key.sh b/src/ipa/gen-ipa-priv-key.sh\n> new file mode 100755\n> index 000000000000..919751f25b71\n> --- /dev/null\n> +++ b/src/ipa/gen-ipa-priv-key.sh\n> @@ -0,0 +1,11 @@\n> +#!/bin/sh\n> +# SPDX-License-Identifier: GPL-2.0-or-later\n> +# Copyright (C) 2020, Google Inc.\n> +#\n> +# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n> +#\n> +# gen-ipa-priv-key.sh - Generate an RSA private key to sign IPA modules\n> +\n> +key=\"$1\"\n> +\n> +openssl genpkey -algorithm RSA -out \"${key}\" -pkeyopt rsa_keygen_bits:2048\n> diff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh\n> new file mode 100755\n> index 000000000000..8673dad18751\n> --- /dev/null\n> +++ b/src/ipa/ipa-sign.sh\n> @@ -0,0 +1,13 @@\n> +#!/bin/sh\n> +# SPDX-License-Identifier: GPL-2.0-or-later\n> +# Copyright (C) 2020, Google Inc.\n> +#\n> +# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n> +#\n> +# ipa-sign.sh - Generate a signature for an IPA module\n> +\n> +key=\"$1\"\n> +input=\"$2\"\n> +output=\"$3\"\n> +\n> +openssl dgst -sha256 -sign \"${key}\" -out \"${output}\" \"${input}\"\n> diff --git a/src/ipa/meson.build b/src/ipa/meson.build\n> index 73278a60a99f..cb4e3ab3388f 100644\n> --- a/src/ipa/meson.build\n> +++ b/src/ipa/meson.build\n> @@ -10,6 +10,8 @@ config_h.set('IPA_MODULE_DIR',\n>  \n>  subdir('libipa')\n>  \n> +ipa_sign = find_program('ipa-sign.sh')\n> +\n>  ipas = ['rkisp1', 'vimc']\n>  \n>  foreach pipeline : get_option('pipelines')\n> diff --git a/src/ipa/rkisp1/meson.build b/src/ipa/rkisp1/meson.build\n> index 521518bd1237..6ccadcfbbe64 100644\n> --- a/src/ipa/rkisp1/meson.build\n> +++ b/src/ipa/rkisp1/meson.build\n> @@ -1,8 +1,17 @@\n> -rkisp1_ipa = shared_module('ipa_rkisp1',\n> -                           'rkisp1.cpp',\n> -                           name_prefix : '',\n> -                           include_directories : [ipa_includes, libipa_includes],\n> -                           dependencies : libcamera_dep,\n> -                           link_with : libipa,\n> -                           install : true,\n> -                           install_dir : ipa_install_dir)\n> +ipa_name = 'ipa_rkisp1'\n> +\n> +mod = shared_module(ipa_name,\n> +                    'rkisp1.cpp',\n> +                    name_prefix : '',\n> +                    include_directories : [ipa_includes, libipa_includes],\n> +                    dependencies : libcamera_dep,\n> +                    link_with : libipa,\n> +                    install : true,\n> +                    install_dir : ipa_install_dir)\n> +\n> +custom_target(ipa_name + '.so.sign',\n> +              input : mod,\n> +              output : ipa_name + '.so.sign',\n> +              command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n> +              install : true,\n> +              install_dir : ipa_install_dir)\n> diff --git a/src/ipa/vimc/meson.build b/src/ipa/vimc/meson.build\n> index e827e75f9f91..3097a12f964a 100644\n> --- a/src/ipa/vimc/meson.build\n> +++ b/src/ipa/vimc/meson.build\n> @@ -1,4 +1,7 @@\n> -ipa = shared_module('ipa_vimc', 'vimc.cpp',\n> +ipa_name = 'ipa_vimc'\n> +\n> +mod = shared_module(ipa_name,\n> +                    'vimc.cpp',\n>                      name_prefix : '',\n>                      include_directories : [ipa_includes, libipa_includes],\n>                      dependencies : libcamera_dep,\n> @@ -6,3 +9,10 @@ ipa = shared_module('ipa_vimc', 'vimc.cpp',\n>                      install : true,\n>                      install_dir : ipa_install_dir,\n>                      cpp_args : '-DLICENSE=\"LGPL-2.1-or-later\"')\n> +\n> +custom_target(ipa_name + '.so.sign',\n> +              input : mod,\n> +              output : ipa_name + '.so.sign',\n> +              command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ],\n> +              install : true,\n> +              install_dir : ipa_install_dir)\n> diff --git a/src/meson.build b/src/meson.build\n> index d818d8b86d93..dc0e0c82b900 100644\n> --- a/src/meson.build\n> +++ b/src/meson.build\n> @@ -2,6 +2,11 @@ if get_option('android')\n>      subdir('android')\n>  endif\n>  \n> +ipa_gen_priv_key = find_program('ipa/gen-ipa-priv-key.sh')\n> +ipa_priv_key = custom_target('ipa-priv-key',\n> +                             output : [ 'ipa-priv-key.pem' ],\n> +                             command : [ ipa_gen_priv_key, '@OUTPUT@' ])\n> +\n>  subdir('libcamera')\n>  subdir('ipa')\n>  subdir('cam')\n> -- \n> Regards,\n> \n> Laurent Pinchart\n> \n> _______________________________________________\n> libcamera-devel mailing list\n> libcamera-devel@lists.libcamera.org\n> https://lists.libcamera.org/listinfo/libcamera-devel","headers":{"Return-Path":"<niklas.soderlund@ragnatech.se>","Received":["from mail-lj1-x241.google.com (mail-lj1-x241.google.com\n\t[IPv6:2a00:1450:4864:20::241])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 7D4CF60407\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue, 14 Apr 2020 00:11:44 +0200 (CEST)","by mail-lj1-x241.google.com with SMTP id z26so10368655ljz.11\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tMon, 13 Apr 2020 15:11:44 -0700 (PDT)","from localhost (h-200-138.A463.priv.bahnhof.se. [176.10.200.138])\n\tby smtp.gmail.com with ESMTPSA id\n\tv12sm7835970ljh.6.2020.04.13.15.11.42\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tMon, 13 Apr 2020 15:11:42 -0700 (PDT)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=ragnatech-se.20150623.gappssmtp.com\n\theader.i=@ragnatech-se.20150623.gappssmtp.com header.b=\"fZ+vRNDX\"; \n\tdkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=ragnatech-se.20150623.gappssmtp.com; s=20150623;\n\th=date:from:to:cc:subject:message-id:references:mime-version\n\t:content-disposition:content-transfer-encoding:in-reply-to;\n\tbh=Jdql6LEDwu71qfcj7SBImBfZE8ytvRdmS9POHUHXJFQ=;\n\tb=fZ+vRNDXQgWyZxNOs+9E4q9XSrQ0ZO/lmXQ77izZP71kttXmGMkcNmKoNJXqEef6RZ\n\tpQKtglWJO1fyn3cDVK5T77RdYaw5Ndx6wTIhQRJIlRm5Cq9o7CaMLHbp7TP1RvDYKr0k\n\tNn6EE+xueipo8pm3hpQMkjH15RjsxLMWv0A6/AS012eEVO/j72mAmMPe8hDuktC12zn9\n\tOZNVJnAYKXN3h2Y1lOWyOdTnQoMKySQPqxFEQTCTzuqzPIpFz8j/S9EeCuN0v7sGXS2v\n\tJWuo+0cEO2ZyjD3MqH4UVxisyUCwIvuT80d7vDgheRHYwgcZuKxaTwXX7weBDyRPvLzp\n\t/PXw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:date:from:to:cc:subject:message-id:references\n\t:mime-version:content-disposition:content-transfer-encoding\n\t:in-reply-to;\n\tbh=Jdql6LEDwu71qfcj7SBImBfZE8ytvRdmS9POHUHXJFQ=;\n\tb=C14faMk7937XF31GO/Jm55XuZPf/zin1c3dNZgYth8ksZ1THUvyHIjisiBe3OjXB/9\n\tMN4M+qY/XR4G2DUXvQzYJrZ6SRxpWOvFUouTBYjTLe15I0xxNBGqsJrsRcURNUgffoLL\n\t5aHR/m5Sz1bygM02Y2DeFAPd+qLq8taB2Fkd/huqm28fXz+saCDF5DVLD6bbF/+2csOg\n\tRqFsKfht+0lFdIJsEwBaccCsELyJ4nflLq727Nc/ZGcYKQThA6D+rqcksCECWAnnrw31\n\tX3gO60k7LyAuLk6CaC891T+6fiPt/z9aLjbWpsvF+nx7B2+PYUVAWQLts2ZVLyYS9wTU\n\tM4tQ==","X-Gm-Message-State":"AGi0PubuU3jk3I1AeR05E1AQnHRgVwuBEMA8B0ATvrQEKEPRALYJKTi8\n\t9Oh2td0Xu/BiHt0bEGJL+h4wPsg8L7I=","X-Google-Smtp-Source":"APiQypKpRm6wuCuQgziodceh4kL6skvOvsMkhhUYP2JcjpZk3ubkEmYRtyoLL0gxQs7uabBb2ifTFg==","X-Received":"by 2002:a2e:9887:: with SMTP id b7mr327745ljj.119.1586815903530; \n\tMon, 13 Apr 2020 15:11:43 -0700 (PDT)","Date":"Tue, 14 Apr 2020 00:11:42 +0200","From":"Niklas =?iso-8859-1?q?S=F6derlund?= <niklas.soderlund@ragnatech.se>","To":"Laurent Pinchart <laurent.pinchart@ideasonboard.com>","Cc":"libcamera-devel@lists.libcamera.org","Message-ID":"<20200413221142.GA89467@oden.dyn.berto.se>","References":"<20200413133047.11913-1-laurent.pinchart@ideasonboard.com>\n\t<20200413133047.11913-3-laurent.pinchart@ideasonboard.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=iso-8859-1","Content-Disposition":"inline","Content-Transfer-Encoding":"8bit","In-Reply-To":"<20200413133047.11913-3-laurent.pinchart@ideasonboard.com>","Subject":"Re: [libcamera-devel] [PATCH v2 02/11] libcamera: Add IPA module\n\tsigning infrastructure","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Mon, 13 Apr 2020 22:11:44 -0000"}}]