@@ -74,6 +74,10 @@ if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOUR
config_h.set('HAVE_SECURE_GETENV', 1)
endif
+if get_option('allow_unsigned_ipas_in_process')
+ config_h.set('ALLOW_UNSIGNED_IPAS_IN_PROCESS', 1)
+endif
+
common_arguments = [
'-Wshadow',
'-include', meson.current_build_dir() / 'config.h',
@@ -64,3 +64,8 @@ option('pycamera',
type : 'feature',
value : 'disabled',
description : 'Enable libcamera Python bindings (experimental)')
+
+option('allow_unsigned_ipas_in_process',
+ type : 'boolean',
+ value : false,
+ description : 'Allow unsigned IPAs to run in libcamera\'s address space')
@@ -114,6 +114,14 @@ IPAManager::IPAManager()
LOG(IPAManager, Warning) << "Public key not valid";
#endif
+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS
+ LOG(IPAManager, Warning)
+ << "All IPAs running in-process without signature verification."
+ << " This is recommended only for tightly-managed installs"
+ << " in contexts where both signature verification and out-of-process"
+ << " execution are infeasible, such as Android HALs.";
+#endif
+
unsigned int ipaCount = 0;
/* User-specified paths take precedence. */
@@ -281,6 +289,9 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,
bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
{
+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS
+ return true;
+#endif
#if HAVE_IPA_PUBKEY
char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION");
if (force && force[0] != '\0') {
From: Nicholas Roth <nicholas@rothemail.net> --- meson.build | 4 ++++ meson_options.txt | 5 +++++ src/libcamera/ipa_manager.cpp | 11 +++++++++++ 3 files changed, 20 insertions(+)