[libcamera-devel] [PATCH 09/11] libcamera: ipa_manager: Embed IPA module signing public key

Laurent Pinchart laurent.pinchart at ideasonboard.com
Wed Apr 8 00:59:08 CEST 2020 

Hi Niklas,

On Tue, Apr 07, 2020 at 10:36:32PM +0200, Niklas Söderlund wrote:
> On 2020-04-04 04:56:22 +0300, Laurent Pinchart wrote:
> > In preparation for verifying the signature of IPA modules, generate a
> > public key from the private signing key and embed it in the IPAManager
> > class.
> > 
> > Signed-off-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
> 
> I have not take the python script for a spin nor linted it so I might 
> have missed a miss spelled variable or function, but I trust you have 
> tested it and it generates the correct template file ;-)

As far as I can tell, it does, and I've trusted checkstyle.py to report
issues :-)

> Reviewed-by: Niklas Söderlund <niklas.soderlund at ragnatech.se>
> 
> > ---
> >  src/libcamera/gen-ipa-pub-key.py    | 46 +++++++++++++++++++++++++++++
> >  src/libcamera/include/ipa_manager.h |  5 ++++
> >  src/libcamera/ipa_pub_key.cpp.in    | 20 +++++++++++++
> >  src/libcamera/meson.build           |  8 +++++
> >  4 files changed, 79 insertions(+)
> >  create mode 100755 src/libcamera/gen-ipa-pub-key.py
> >  create mode 100644 src/libcamera/ipa_pub_key.cpp.in
> > 
> > diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py
> > new file mode 100755
> > index 000000000000..ad575b18c922
> > --- /dev/null
> > +++ b/src/libcamera/gen-ipa-pub-key.py
> > @@ -0,0 +1,46 @@
> > +#!/usr/bin/env python3
> > +# SPDX-License-Identifier: GPL-2.0-or-later
> > +# Copyright (C) 2020, Google Inc.
> > +#
> > +# Author: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
> > +#
> > +# ipa-gen-key.py - Generate the IPA module signing public key
> > +
> > +import string
> > +import subprocess
> > +import sys
> > +
> > +
> > +def main(argv):
> > +    if len(argv) != 4:
> > +        print('Usage: %s priv-key template output' % argv[0])
> > +        return 1
> > +
> > +    priv_key = argv[1]
> > +    template = argv[2]
> > +    output = argv[3]
> > +
> > +    try:
> > +        ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key,
> > +                              '-outform', 'DER'],
> > +                             stdout=subprocess.PIPE)
> > +    except FileNotFoundError:
> > +        print('Please install openssl to sign IPA modules')
> > +        return 1
> > +
> > +    ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout])
> > +    data = {'ipa_key': ipa_key}
> > +
> > +    template = open(template, 'rb').read()
> > +    template = template.decode('utf-8')
> > +    template = string.Template(template)
> > +
> > +    f = open(output, 'wb')
> > +    f.write(template.substitute(data).encode('utf-8'))
> > +    f.close()
> > +
> > +    return 0
> > +
> > +
> > +if __name__ == '__main__':
> > +    sys.exit(main(sys.argv))
> > diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h
> > index 467658e40ce9..26edf087461e 100644
> > --- a/src/libcamera/include/ipa_manager.h
> > +++ b/src/libcamera/include/ipa_manager.h
> > @@ -7,6 +7,7 @@
> >  #ifndef __LIBCAMERA_IPA_MANAGER_H__
> >  #define __LIBCAMERA_IPA_MANAGER_H__
> >  
> > +#include <stdint.h>
> >  #include <vector>
> >  
> >  #include <ipa/ipa_interface.h>
> > @@ -14,6 +15,7 @@
> >  
> >  #include "ipa_module.h"
> >  #include "pipeline_handler.h"
> > +#include "pub_key.h"
> >  
> >  namespace libcamera {
> >  
> > @@ -35,6 +37,9 @@ private:
> >  	void parseDir(const char *libDir, unsigned int maxDepth,
> >  		      std::vector<std::string> &files);
> >  	unsigned int addDir(const char *libDir, unsigned int maxDepth = 0);
> > +
> > +	static const uint8_t publicKeyData_[];
> > +	static const PubKey pubKey_;
> >  };
> >  
> >  } /* namespace libcamera */
> > diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in
> > new file mode 100644
> > index 000000000000..e1fe287c160e
> > --- /dev/null
> > +++ b/src/libcamera/ipa_pub_key.cpp.in
> > @@ -0,0 +1,20 @@
> > +/* SPDX-License-Identifier: LGPL-2.1-or-later */
> > +/*
> > + * Copyright (C) 2020, Laurent Pinchart <laurent.pinchart at ideasonboard.com>
> > + *
> > + * ipa_key.cpp - IPA module signing public key
> > + *
> > + * This file is auto-generated. Do not edit.
> > + */
> > +
> > +#include "ipa_manager.h"
> > +
> > +namespace libcamera {
> > +
> > +const uint8_t IPAManager::publicKeyData_[] = {
> > +	${ipa_key}
> > +};
> > +
> > +const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } };
> > +
> > +} /* namespace libcamera */
> > diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build
> > index c2a657e4938c..c502450c4b2d 100644
> > --- a/src/libcamera/meson.build
> > +++ b/src/libcamera/meson.build
> > @@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()],
> >  
> >  libcamera_sources += version_cpp
> >  
> > +gen_ipa_pub_key = files('gen-ipa-pub-key.py')
> > +ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp',
> > +                                input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ],
> > +                                output : 'ipa_pub_key.cpp',
> > +                                command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ])
> > +
> > +libcamera_sources += ipa_pub_key_cpp
> > +
> >  libcamera_deps = [
> >      libatomic,
> >      libdl,

-- 
Regards,

Laurent Pinchart

More information about the libcamera-devel mailing list