[PATCH 00/12] Signed BPF programs
KP Singh
kpsingh at kernel.org
Tue Jun 10 12:26:40 UTC 2025
>
> Right, but this patch series has no mechanism for establishing a
> userspace loader binary as trusted (right?). The paragraph I quoted
> makes it sound like these are related, and I was trying to figure out
> what the relation was. But it sounds like the answer is that they are
> not?
>
The relation here is that no matter what we do, the kernel cannot be
the only trusted blob on the system and this was aimed at answering
questions people had earlier when I proposed the design. This patch
does add signing support and this allows us to add the following
policy, it does not directly add any user space support.
bprm_committed_creds (check signature of program, if verifies with a
separate key) add a blob that allows:
* unsigned bpf programs
* signed with a derived key
security_bpf:
* Check for the right attributes for signing.
* restrict which program types can be loaded.
(additional key hooks for restricting which keys are allowed to verify
programs).
More information about the Linux-security-module-archive
mailing list