diff options
author | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2020-03-29 07:12:01 +0300 |
---|---|---|
committer | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2020-04-14 02:03:29 +0300 |
commit | eab143ee69064092b6bb47297022efa80f47c120 (patch) | |
tree | 891d5398197c3e221eeb58992778beca5469a6df /src/libcamera/ipa_manager.cpp | |
parent | 4b11facde4ef3499690b84428c6155bea867fba8 (diff) |
libcamera: ipa_manager: Verify IPA module signature
Decide whether to isolate the IPA module using the module signature
instead of its license.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
Diffstat (limited to 'src/libcamera/ipa_manager.cpp')
-rw-r--r-- | src/libcamera/ipa_manager.cpp | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp index 6d23f470..7de1404e 100644 --- a/src/libcamera/ipa_manager.cpp +++ b/src/libcamera/ipa_manager.cpp @@ -12,6 +12,7 @@ #include <string.h> #include <sys/types.h> +#include "file.h" #include "ipa_module.h" #include "ipa_proxy.h" #include "log.h" @@ -271,12 +272,12 @@ std::unique_ptr<IPAInterface> IPAManager::createIPA(PipelineHandler *pipe, return nullptr; /* - * Load and run the IPA module in a thread if it is open-source, or - * isolate it in a separate process otherwise. + * Load and run the IPA module in a thread if it has a valid signature, + * or isolate it in a separate process otherwise. * * \todo Implement a better proxy selection */ - const char *proxyName = m->isOpenSource() + const char *proxyName = isSignatureValid(m) ? "IPAProxyThread" : "IPAProxyLinux"; IPAProxyFactory *pf = nullptr; @@ -301,4 +302,23 @@ std::unique_ptr<IPAInterface> IPAManager::createIPA(PipelineHandler *pipe, return proxy; } +bool IPAManager::isSignatureValid(IPAModule *ipa) const +{ + File file{ ipa->path() }; + if (!file.open(File::ReadOnly)) + return false; + + Span<uint8_t> data = file.map(); + if (data.empty()) + return false; + + bool valid = pubKey_.verify(data, ipa->signature()); + + LOG(IPAManager, Debug) + << "IPA module " << ipa->path() << " signature is " + << (valid ? "valid" : "not valid"); + + return valid; +} + } /* namespace libcamera */ |