[PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader
James Bottomley
James.Bottomley at HansenPartnership.com
Wed Jun 11 13:18:21 UTC 2025
On Wed, 2025-06-11 at 14:33 +0200, KP Singh wrote:
> [...]
> I have read and understood the code, there is no technical
> misalignment.
>
> I am talking about a trusted user space loader. You seem to confuse
> the trusted BPF loader program as userspace, no this is not
> userspace, it runs in the kernel context.
So your criticism isn't that it doesn't cover your use case from the
signature point of view but that it didn't include a loader for it?
The linked patch was a sketch of how to verify signatures not a full
implementation. The pieces like what the loader looks like and which
keyring gets used are implementation details which can be filled in
later by combining the patch series with review and discussion. It's
not a requirement that one person codes everyone's use case before they
get theirs in, it's usually a collaborative effort ... I mean, why
would you want Microsoft coding up the loader? If they don't have a
use case for it they don't have much incentive to test it thoroughly
whereas you do.
Regards,
James
More information about the Linux-security-module-archive
mailing list