3 files changed, 20 insertions, 0 deletions

diff --git a/meson.build b/meson.build
index e4c0be16..2529444d 100644
--- a/meson.build
+++ b/meson.build
@@ -76,6 +76,10 @@ if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOUR
     config_h.set('HAVE_SECURE_GETENV', 1)
 endif
 
+if get_option('allow_unsigned_ipas_in_process')
+    config_h.set('ALLOW_UNSIGNED_IPAS_IN_PROCESS', 1)
+endif
+
 common_arguments = [
     '-Wshadow',
     '-include', meson.current_build_dir() / 'config.h',
diff --git a/meson_options.txt b/meson_options.txt
index 1ba6778c..3f9fe245 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -64,3 +64,8 @@ option('pycamera',
         type : 'feature',
         value : 'disabled',
         description : 'Enable libcamera Python bindings (experimental)')
+
+option('allow_unsigned_ipas_in_process',
+        type : 'boolean',
+        value : false,
+        description : 'Allow unsigned IPAs to run in libcamera\'s address space')
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index 030ef43f..403cc42a 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -114,6 +114,14 @@ IPAManager::IPAManager()
 		LOG(IPAManager, Warning) << "Public key not valid";
 #endif
 
+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS
+	LOG(IPAManager, Warning)
+		<< "All IPAs running in-process without signature verification."
+		<< " This is recommended only for tightly-managed installs"
+		<< " in contexts where both signature verification and out-of-process"
+		<< " execution are infeasible, such as Android HALs.";
+#endif
+
 	unsigned int ipaCount = 0;
 
 	/* User-specified paths take precedence. */
@@ -281,6 +289,9 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,
 
 bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
 {
+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS
+	return true;
+#endif
 #if HAVE_IPA_PUBKEY
 	char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION");
 	if (force && force[0] != '\0') {