[PATCH 00/12] Signed BPF programs
KP Singh
kpsingh at kernel.org
Thu Jul 10 14:49:26 UTC 2025
> >
> > This ensures that the loaded loader program (I_loader), including the
> > embedded expected hash of the metadata (H_meta), is trusted.
> > Since the loader program is now trusted, it can be entrusted to verify
> > the actual metadata (M_metadata) read from the (now exclusive and
> > frozen) map against the embedded (and trusted) H_meta. There is no
> > Time-of-Check-Time-of-Use (TOCTOU) vulnerability here because:
> >
> > * The signature covers the I_loader and its embedded H_meta.
> > * The metadata map M_metadata is frozen before the loader program is loaded
> > and associated with it.
> > * The map is made exclusive to the specific (signed and verified)
> > loader program.
> >
> > [1] https://lore.kernel.org/bpf/CACYkzJ6VQUExfyt0=-FmXz46GHJh3d=FXh5j4KfexcEFbHV-vg@mail.gmail.com/#t
> >
>
> Can we expect to see a v2 of this patchset sometime soon? We are
> planning on submitting follow-up patchsets that build on this effort.
>
I have been on PTO due to personal stuff, will try to send this in the
coming week or two.
- KP
More information about the Linux-security-module-archive
mailing list