[PATCH bpf-next v6 5/8] bpftool: Cover loader metadata with the program signature

Quentin Monnet qmo at kernel.org
Wed Jul 8 08:55:28 UTC 2026


On 08/07/2026 08:53, Daniel Borkmann wrote:
> bpftool_prog_sign() signed only the loader instructions. The metadata
> blob the loader installs was left to an in-loader hash check, which
> the kernel now performs at load time over insns || metadata.
> 
> Sign that same concatenation: pass the metadata blob (gen_loader_opts
> data) through to bpftool_prog_sign() and feed insns || metadata to
> CMS_final(). The excl_prog_hash stays a digest of the instructions
> alone; it binds the metadata map to the loader and is matched against
> prog->digest by the verifier, independent of what the signature covers.
> 
> The signed artifact is now plain data: both bytes the signature
> covers are embedded verbatim in the generated skeleton, so signing
> and verifying an lskel is an ordinary CMS operation that a signer or
> auditor can perform (or reproduce) offline, without analyzing loader
> bytecode to establish what the signature actually attests to.
> 
> Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>


Reviewed-by: Quentin Monnet <qmo at kernel.org>

Thanks!



More information about the Linux-security-module-archive mailing list