[RFC 00/11] Reintroduce Hornet LSM
Paul Moore
paul at paul-moore.com
Wed Dec 17 02:27:39 UTC 2025
On Mon, Dec 15, 2025 at 12:26 PM ryan foster <foster.ryan.r at gmail.com> wrote:
>
> Hi all,
>
> I want to confirm I understand the current semantics, and specific issues this series is addressing.
I don't want to speak for Blaise (or James for that matter), but my
understanding is that Hornet is focused on ensuring BPF program
integrity at load time; similar to KP's signature scheme which has
recently found its way into Linus tree. Where KP's and Blaise's
scheme differ is in how they perform the integrity checks.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list