[PATCH v3 0/4] Introducing Hornet LSM
Paul Moore
paul at paul-moore.com
Mon May 5 16:22:05 UTC 2025
On Sun, May 4, 2025 at 7:25 PM KP Singh <kpsingh at kernel.org> wrote:
> On Sun, May 4, 2025 at 7:36 PM Paul Moore <paul at paul-moore.com> wrote:
> > On Fri, May 2, 2025 at 5:00 PM KP Singh <kpsingh at kernel.org> wrote:
...
> > > ... here's how we think it should be done:
> > >
> > > * The core signing logic and the tooling stays in BPF, something that the users
> > > are already using. No new tooling.
> >
> > I think we need a more detailed explanation of this approach on-list.
> > There has been a lot of vague guidance on BPF signature validation
> > from the BPF community which I believe has partly led us into the
> > situation we are in now. If you are going to require yet another
> > approach, I think we all need to see a few paragraphs on-list
> > outlining the basic design.
>
> Definitely, happy to share design / code.
At this point I think a quick paragraph or two on how you believe the
design should work would be a good start, I don't think code is
necessary unless you happen to already have something written.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list