diff options
author | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2020-03-29 04:48:59 +0300 |
---|---|---|
committer | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2020-04-14 02:03:09 +0300 |
commit | ec9231889156fc9b5debcdb99605fe32964ebaaa (patch) | |
tree | bce651032ef06ecdad3e705a087cb518ad8e4d95 /src/ipa | |
parent | e62bc9db73531462dc4b28b42596d0ae26369cbd (diff) |
libcamera: Add IPA module signing infrastructure
Add infrastructure to generate an RSA private key and sign IPA modules.
The signatures are stored in separate files with a .sign suffix.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
Diffstat (limited to 'src/ipa')
-rwxr-xr-x | src/ipa/gen-ipa-priv-key.sh | 11 | ||||
-rwxr-xr-x | src/ipa/ipa-sign.sh | 13 | ||||
-rw-r--r-- | src/ipa/meson.build | 2 | ||||
-rw-r--r-- | src/ipa/rkisp1/meson.build | 25 | ||||
-rw-r--r-- | src/ipa/vimc/meson.build | 12 |
5 files changed, 54 insertions, 9 deletions
diff --git a/src/ipa/gen-ipa-priv-key.sh b/src/ipa/gen-ipa-priv-key.sh new file mode 100755 index 00000000..919751f2 --- /dev/null +++ b/src/ipa/gen-ipa-priv-key.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2020, Google Inc. +# +# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com> +# +# gen-ipa-priv-key.sh - Generate an RSA private key to sign IPA modules + +key="$1" + +openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:2048 diff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh new file mode 100755 index 00000000..8673dad1 --- /dev/null +++ b/src/ipa/ipa-sign.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2020, Google Inc. +# +# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com> +# +# ipa-sign.sh - Generate a signature for an IPA module + +key="$1" +input="$2" +output="$3" + +openssl dgst -sha256 -sign "${key}" -out "${output}" "${input}" diff --git a/src/ipa/meson.build b/src/ipa/meson.build index 73278a60..cb4e3ab3 100644 --- a/src/ipa/meson.build +++ b/src/ipa/meson.build @@ -10,6 +10,8 @@ config_h.set('IPA_MODULE_DIR', subdir('libipa') +ipa_sign = find_program('ipa-sign.sh') + ipas = ['rkisp1', 'vimc'] foreach pipeline : get_option('pipelines') diff --git a/src/ipa/rkisp1/meson.build b/src/ipa/rkisp1/meson.build index 521518bd..6ccadcfb 100644 --- a/src/ipa/rkisp1/meson.build +++ b/src/ipa/rkisp1/meson.build @@ -1,8 +1,17 @@ -rkisp1_ipa = shared_module('ipa_rkisp1', - 'rkisp1.cpp', - name_prefix : '', - include_directories : [ipa_includes, libipa_includes], - dependencies : libcamera_dep, - link_with : libipa, - install : true, - install_dir : ipa_install_dir) +ipa_name = 'ipa_rkisp1' + +mod = shared_module(ipa_name, + 'rkisp1.cpp', + name_prefix : '', + include_directories : [ipa_includes, libipa_includes], + dependencies : libcamera_dep, + link_with : libipa, + install : true, + install_dir : ipa_install_dir) + +custom_target(ipa_name + '.so.sign', + input : mod, + output : ipa_name + '.so.sign', + command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ], + install : true, + install_dir : ipa_install_dir) diff --git a/src/ipa/vimc/meson.build b/src/ipa/vimc/meson.build index e827e75f..3097a12f 100644 --- a/src/ipa/vimc/meson.build +++ b/src/ipa/vimc/meson.build @@ -1,4 +1,7 @@ -ipa = shared_module('ipa_vimc', 'vimc.cpp', +ipa_name = 'ipa_vimc' + +mod = shared_module(ipa_name, + 'vimc.cpp', name_prefix : '', include_directories : [ipa_includes, libipa_includes], dependencies : libcamera_dep, @@ -6,3 +9,10 @@ ipa = shared_module('ipa_vimc', 'vimc.cpp', install : true, install_dir : ipa_install_dir, cpp_args : '-DLICENSE="LGPL-2.1-or-later"') + +custom_target(ipa_name + '.so.sign', + input : mod, + output : ipa_name + '.so.sign', + command : [ ipa_sign, ipa_priv_key, '@INPUT@', '@OUTPUT@' ], + install : true, + install_dir : ipa_install_dir) |