summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLaurent Pinchart <laurent.pinchart@ideasonboard.com>2020-03-29 04:52:30 +0300
committerLaurent Pinchart <laurent.pinchart@ideasonboard.com>2020-04-14 02:03:28 +0300
commit4b11facde4ef3499690b84428c6155bea867fba8 (patch)
tree7ec5df3468ac94b253bea091adcc419a3cf2e580
parent462d6508a29c78788fe7f88d6cfe304a6aa4b8c4 (diff)
libcamera: ipa_manager: Embed IPA module signing public key
In preparation for verifying the signature of IPA modules, generate a public key from the private signing key and embed it in the IPAManager class. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
-rwxr-xr-xsrc/libcamera/gen-ipa-pub-key.py46
-rw-r--r--src/libcamera/include/ipa_manager.h5
-rw-r--r--src/libcamera/ipa_pub_key.cpp.in20
-rw-r--r--src/libcamera/meson.build8
4 files changed, 79 insertions, 0 deletions
diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py
new file mode 100755
index 00000000..ad575b18
--- /dev/null
+++ b/src/libcamera/gen-ipa-pub-key.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (C) 2020, Google Inc.
+#
+# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+#
+# ipa-gen-key.py - Generate the IPA module signing public key
+
+import string
+import subprocess
+import sys
+
+
+def main(argv):
+ if len(argv) != 4:
+ print('Usage: %s priv-key template output' % argv[0])
+ return 1
+
+ priv_key = argv[1]
+ template = argv[2]
+ output = argv[3]
+
+ try:
+ ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key,
+ '-outform', 'DER'],
+ stdout=subprocess.PIPE)
+ except FileNotFoundError:
+ print('Please install openssl to sign IPA modules')
+ return 1
+
+ ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout])
+ data = {'ipa_key': ipa_key}
+
+ template = open(template, 'rb').read()
+ template = template.decode('utf-8')
+ template = string.Template(template)
+
+ f = open(output, 'wb')
+ f.write(template.substitute(data).encode('utf-8'))
+ f.close()
+
+ return 0
+
+
+if __name__ == '__main__':
+ sys.exit(main(sys.argv))
diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h
index 467658e4..26edf087 100644
--- a/src/libcamera/include/ipa_manager.h
+++ b/src/libcamera/include/ipa_manager.h
@@ -7,6 +7,7 @@
#ifndef __LIBCAMERA_IPA_MANAGER_H__
#define __LIBCAMERA_IPA_MANAGER_H__
+#include <stdint.h>
#include <vector>
#include <ipa/ipa_interface.h>
@@ -14,6 +15,7 @@
#include "ipa_module.h"
#include "pipeline_handler.h"
+#include "pub_key.h"
namespace libcamera {
@@ -35,6 +37,9 @@ private:
void parseDir(const char *libDir, unsigned int maxDepth,
std::vector<std::string> &files);
unsigned int addDir(const char *libDir, unsigned int maxDepth = 0);
+
+ static const uint8_t publicKeyData_[];
+ static const PubKey pubKey_;
};
} /* namespace libcamera */
diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in
new file mode 100644
index 00000000..e1fe287c
--- /dev/null
+++ b/src/libcamera/ipa_pub_key.cpp.in
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ * Copyright (C) 2020, Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+ *
+ * ipa_key.cpp - IPA module signing public key
+ *
+ * This file is auto-generated. Do not edit.
+ */
+
+#include "ipa_manager.h"
+
+namespace libcamera {
+
+const uint8_t IPAManager::publicKeyData_[] = {
+ ${ipa_key}
+};
+
+const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } };
+
+} /* namespace libcamera */
diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build
index c2a657e4..c502450c 100644
--- a/src/libcamera/meson.build
+++ b/src/libcamera/meson.build
@@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()],
libcamera_sources += version_cpp
+gen_ipa_pub_key = files('gen-ipa-pub-key.py')
+ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp',
+ input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ],
+ output : 'ipa_pub_key.cpp',
+ command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ])
+
+libcamera_sources += ipa_pub_key_cpp
+
libcamera_deps = [
libatomic,
libdl,