[PATCH 00/12] Signed BPF programs
Toke Høiland-Jørgensen
toke at kernel.org
Mon Jun 9 08:20:36 UTC 2025
> Given that many use-cases (e.g. Cilium) generate trusted BPF programs,
> trusted loaders are an inevitability and a requirement for signing support, a
> entrusting loader programs will be a fundamental requirement for an security
> policy.
So I've been following this discussion a bit on the sidelines, and have
a question related to this:
>From your description a loader would have embedded hashes for a concrete
BPF program, which doesn't really work for dynamically generated
programs. So how would a "trusted loader" work for dynamically generated
programs?
-Toke
More information about the Linux-security-module-archive
mailing list