[libcamera-devel] [PATCH] libcamera: ipa: allow trusting modules by checksum

[Arnout Engelen]

On Mon, Jan 22, 2024, at 10:27, Laurent Pinchart wrote:
> > > Checksums in a configuration file is a no-go I'm afraid, as it means
> > > anyone could ship a closed-source IPA module and instruct users to add
> > > an entry to the configuration file, circumventing IPA module isolation.
> >
> > I'd be happy to provide a version of this patch with the
> > 'LIBCAMERA_IPA_TRUSTED_MODULE_CHECKSUMS_FILE' environment variable
> > support removed, and a meson option to enable/disable trusting
> > checksums - default value up to you. That may increase the barrier and
> > give distributions a chance to make their own trade-off?
> 
> I'm afraid I'm still not comfortable with that. If we want to use
> checksums, I think we need to embed them in the libcamera binary.

I created a variation on the patch that does this at https://lists.libcamera.org/pipermail/libcamera-devel/2024-January/040244.html. Happy to finish it if the general approach looks acceptable.

> > (I also like Elias' idea of statically linking the in-tree modules,
> > but I don't think I'm comfortable enough with the codebase to take
> > that on)
> 
> I've been sleeping over this, and it's an interesting idea to explore I
> think. There will be technical issues to solve though, as we want to
> make it possible for users to select between different IPA modules for
> the same platform.

(this might still be interesting, but if it doesn't materialize let's not stall the other solution for it :) )


Kind regards,

Arnout
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libcamera.org/pipermail/libcamera-devel/attachments/20240129/2b3ebf11/attachment.htm>