1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
| | From c99706475cde3d963a17f4f8871149711ce6c467 Mon Sep 17 00:00:00 2001
From: Andrew Tropin <andrew@trop.in>
Date: Wed, 4 Sep 2024 21:36:16 +0400
Subject: [PATCH] libcamera: ipa_manager: Disable signature verification
---
src/libcamera/ipa_manager.cpp | 28 +++++-----------------------
1 file changed, 5 insertions(+), 23 deletions(-)
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index cfc24d38..4fd3cf3e 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -284,33 +284,15 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,
bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
{
-#if HAVE_IPA_PUBKEY
- char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION");
- if (force && force[0] != '\0') {
- LOG(IPAManager, Debug)
- << "Isolation of IPA module " << ipa->path()
- << " forced through environment variable";
- return false;
- }
-
- File file{ ipa->path() };
- if (!file.open(File::OpenModeFlag::ReadOnly))
- return false;
-
- Span<uint8_t> data = file.map();
- if (data.empty())
- return false;
-
- bool valid = pubKey_.verify(data, ipa->signature());
+ LOG(IPAManager, Debug)
+ << "Signature verification is disabled by Guix. "
+ << "See https://issues.guix.gnu.org/72828 for more details.";
LOG(IPAManager, Debug)
<< "IPA module " << ipa->path() << " signature is "
- << (valid ? "valid" : "not valid");
+ << "not verified (verification skipped).";
- return valid;
-#else
- return false;
-#endif
+ return true;
}
} /* namespace libcamera */
--
2.45.2
|