[libcamera-devel] [PATCH] libcamera: ipa: allow trusting modules by checksum
Elias Naur
mail at eliasnaur.com
Sun Jan 21 15:09:52 CET 2024
Hi Arnout,
> The motivation behind adding this mechanism is that this allows rebuilding the
> library and getting a bit-by-bit identical result, without having to share the
> keys with which to sign the trusted modules. This is known as 'Reproducible
> Builds', and you can read more about its advantages on
> https://reproducible-builds.org/. With this feature, packagers that care about
> reproducible builds can disable the module signing, and enjoy equivalent
> security and performance while also allowing independent rebuilds.
Thanks for working on reproducible builds. I locally hack libcamera
to achieve bit-for-bit reproducible builds, and look forward to no longer needing
that hack.
I think the feature would even more useful if it were always enabled. In particular,
I propose to:
- Always enable checksums.
- Embed the known checksums into the binary, not in a separate configuration file.
- Don't sign IPAs that have known checksums (thus achieving bit-for-bit reproducibility).
- In your patch, I believe this is equivalent to "ipa_sign_modules" always being false.
Optionally,
- Avoid duplicating the SHA256 digest by re-using the digest done in libcamera/pub_key.cpp.
Thanks,
Elias
More information about the libcamera-devel
mailing list