From 52579639ce1b17de251fc69619d95d18b93fb377 Mon Sep 17 00:00:00 2001
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: Fri, 5 May 2023 18:03:00 +0300
Subject: apps: Add ipa-verify application

When packaging libcamera, distributions may break IPA module signatures
if the packaging process strips binaries. This can be fixed by resigning
the modules, but the process is error-prone.

Add a command line ipa-verify utility that tests the signature on an IPA
module to help packagers. The tool takes a single argument, the path to
an IPA module shared object, and expects the signature file (.sign) to
be in the same directory.

In order to access the public key needed for signature verification, add
a static function to the IPAManager class. As the class is internal to
libcamera, this doesn't affect the public API.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Umang Jain <umang.jain@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Tested-by: Javier Martinez Canillas <javierm@redhat.com>
---
 include/libcamera/internal/ipa_manager.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'include/libcamera')

diff --git a/include/libcamera/internal/ipa_manager.h b/include/libcamera/internal/ipa_manager.h
index 7f36e58e..bf823563 100644
--- a/include/libcamera/internal/ipa_manager.h
+++ b/include/libcamera/internal/ipa_manager.h
@@ -47,6 +47,13 @@ public:
 		return proxy;
 	}
 
+#if HAVE_IPA_PUBKEY
+	static const PubKey &pubKey()
+	{
+		return pubKey_;
+	}
+#endif
+
 private:
 	static IPAManager *self_;
 
-- 
cgit v1.2.1