[PATCH bpf-next v2 0/3] BPF signature hash chains
James Bottomley
James.Bottomley at HansenPartnership.com
Sat Oct 11 17:09:42 UTC 2025
On Sat, 2025-10-11 at 09:31 -0700, Alexei Starovoitov wrote:
> On Sat, Oct 11, 2025 at 7:52 AM James Bottomley
> <James.Bottomley at hansenpartnership.com> wrote:
> >
> > It doesn't need to, once we check both the loader and the map, the
> > integrity is verified and the loader can be trusted to run and
> > relocate the map into the bpf program
>
> You should read KP's cover letter again and then research trusted
> hash chains. Here is a quote from the first googled link:
>
> "A trusted hash chain is a cryptographic process used to verify the
> integrity and authenticity of data by creating a sequence of hash
> values, where each hash is linked to the next".
>
> In addition KP's algorithm was vetted by various security teams.
> There is nothing novel here. It's a classic algorithm used
> to verify integrity and that's what was implemented.
Both KP and Blaise's patch sets are implementations of trusted hash
chains. The security argument isn't about whether the hash chain
algorithm works, it's about where, in relation to the LSM hook, the
hash chain verification completes.
Regards,
James
More information about the Linux-security-module-archive
mailing list