[PATCH 00/12] Signed BPF programs
Toke Høiland-Jørgensen
toke at kernel.org
Tue Jun 10 14:25:29 UTC 2025
KP Singh <kpsingh at kernel.org> writes:
>>
>> Right, but this patch series has no mechanism for establishing a
>> userspace loader binary as trusted (right?). The paragraph I quoted
>> makes it sound like these are related, and I was trying to figure out
>> what the relation was. But it sounds like the answer is that they are
>> not?
>>
>
> The relation here is that no matter what we do, the kernel cannot be
> the only trusted blob on the system and this was aimed at answering
> questions people had earlier when I proposed the design. This patch
> does add signing support and this allows us to add the following
> policy, it does not directly add any user space support.
>
> bprm_committed_creds (check signature of program, if verifies with a
> separate key) add a blob that allows:
>
> * unsigned bpf programs
> * signed with a derived key
>
> security_bpf:
>
> * Check for the right attributes for signing.
> * restrict which program types can be loaded.
>
> (additional key hooks for restricting which keys are allowed to verify
> programs).
Right, gotcha - thanks for clarifying! :)
-Toke
More information about the Linux-security-module-archive
mailing list