From patchwork Mon Jan 22 11:40:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnout Engelen X-Patchwork-Id: 19443 Return-Path: X-Original-To: parsemail@patchwork.libcamera.org Delivered-To: parsemail@patchwork.libcamera.org Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com [92.243.16.209]) by patchwork.libcamera.org (Postfix) with ESMTPS id AE0AFC323E for ; Mon, 22 Jan 2024 11:41:03 +0000 (UTC) Received: from lancelot.ideasonboard.com (localhost [IPv6:::1]) by lancelot.ideasonboard.com (Postfix) with ESMTP id 4932862936; Mon, 22 Jan 2024 12:41:03 +0100 (CET) Authentication-Results: lancelot.ideasonboard.com; dkim=pass (2048-bit key; unprotected) header.d=bzzt.net header.i=@bzzt.net header.b="n5tsi8el"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="fuzaXxwn"; dkim-atps=neutral Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 4B42A61D30 for ; Mon, 22 Jan 2024 12:41:00 +0100 (CET) Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailout.nyi.internal (Postfix) with ESMTP id 888F85C00EA; Mon, 22 Jan 2024 06:40:56 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Mon, 22 Jan 2024 06:40:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bzzt.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm1; t=1705923656; x=1706010056; bh=UrjGqEKy9/kotn8nB2vie 1hONZL9qqH4548yYxjONhE=; b=n5tsi8el6y1sMMUv/1C4woivF6Q1ahoI9S2xK TGvNoyln+5nYCGxcRjGyU64bT4FQpxB1wLIjSB4Q6fEv+1mfTDc9oBVorxXzW4y5 Bqp//0kPnrVmc+kb05ysizJBlGtmSMo0YB26tGCi+OGnkrbo2tomj3JmuUrJSICQ leSareC7DzwABzkKpGin4fNhpWN9joQSG9la7H/i70SEWtbz/sxIINp3RDrZXxgw XZ/o9WyyJtyC2hJgpGzil0RVvOLpB2ozIflmjLEHnL0/uGxPPsH/uh2sXf4X5wxj dtUbiatp4YZ+EkrkeuKr+UNhmlhGRGYg68XW1moN6cxpki2zg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1705923656; x=1706010056; bh=UrjGqEKy9/kotn8nB2vie1hONZL9 qqH4548yYxjONhE=; b=fuzaXxwnoKXoN/TPNKvR96yXvLbdvy9Pad5IEt+GSF2z XlciMj/21gPTHEXUvND9dXsdPpwzGjvBTKB9gPVRzMuiUNX6Mff8fqQ9t1VzQKEZ EqEarfdK0fEKX6iAuJV28zyNscbvwiWVuYW1MfpjvuKi1Dc4C+bVy1RXeL+B/NAT AnCN4HgR9jyaPYXA17joU+R8eX7OxThJ5HGCwmWLicGG9Slt3LVdHm8U5hdoY6Sa sYJRqLG1f93IkXqlQCCXFH1W41WoxvJOSuq13soUXRE4orhH10TzfwZCxl3Dgk2U H92I+dj2G5SXfgcMB5+yexMIUodt5AtnF27jop+A6g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdekiedgvdelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgggfestdekredtredttdenucfhrhhomheplhhisggtrghm vghrrgessgiiiihtrdhnvghtnecuggftrfgrthhtvghrnhepuedvudejkeeujeevveefke fgueffheevueeukeffudfhhedugeetudelueffkeeunecuffhomhgrihhnpehlihgstggr mhgvrhgrrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheplhhisggtrghmvghrrgessgiiiihtrdhnvght X-ME-Proxy: Feedback-ID: i7559471f:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 22 Jan 2024 06:40:55 -0500 (EST) From: libcamera@bzzt.net To: libcamera-devel@lists.libcamera.org Subject: [PATCH 0/1] libcamera: ipa: allow trusting modules by checksum Date: Mon, 22 Jan 2024 12:40:39 +0100 Message-ID: <20240122114040.275771-1-libcamera@bzzt.net> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arnout Engelen Errors-To: libcamera-devel-bounces@lists.libcamera.org Sender: "libcamera-devel" From: Arnout Engelen This is a variation on https://lists.libcamera.org/pipermail/libcamera-devel/2024-January/040186.html that embeds the checksums in the installed binary instead of loading a configuration file. Post-processing the library like this is of course rather icky, but testing with `ipa_verify` it does appear to work. I have not tested this in a 'real' application yet, and have not tested yet with more than a single module available, as I wanted to collect feedback on the approach first. Arnout Engelen (1): libcamera: ipa: allow trusting modules by checksum include/libcamera/internal/ipa_manager.h | 9 ++- include/libcamera/internal/ipa_module.h | 2 + meson_options.txt | 8 +++ src/apps/ipa-verify/main.cpp | 43 +++++++++++- src/apps/ipa-verify/meson.build | 2 +- src/ipa/ipa-checksum-install.sh | 24 +++++++ src/ipa/meson.build | 7 ++ src/libcamera/ipa_manager.cpp | 88 +++++++++++++++++++++--- src/libcamera/ipa_module.cpp | 30 ++++++++ src/meson.build | 18 ++++- 10 files changed, 215 insertions(+), 16 deletions(-) create mode 100644 src/ipa/ipa-checksum-install.sh