[PATCH bpf-next 3/5] bpftool: Cover loader metadata with the program signature

[bot+bpf-ci at kernel.org]

> bpftool: Cover loader metadata with the program signature
>
>     bpftool_prog_sign() signed only the loader instructions. The metadata
>     blob the loader installs was left to an in-loader hash check, which
>     the kernel now performs at load time over insns || metadata.
>
>     Sign that same concatenation: pass the metadata blob (gen_loader_opts
>     data) through to bpftool_prog_sign() and feed insns || metadata to
>     CMS_final(). The excl_prog_hash stays a digest of the instructions
>     alone; it binds the metadata map to the loader and is matched against
>     prog->digest by the verifier, independent of what the signature covers.
>
>     The signed artifact is now plain data: both bytes the signature
>     covers are embedded verbatim in the generated skeleton, so signing
>     and verifying an lskel is an ordinary CMS operation that a signer or
>     auditor can perform (or reproduce) offline, without analyzing loader
>     bytecode to establish what the signature actually attests to [0].
>
>     Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>

This closes a gap where the loader metadata was left outside the program
signature. The signing path in bpftool_prog_sign() was introduced by commit
40863f4d6ef2 ("bpftool: Add support for signing BPF programs"), which fed
only opts->insns to the signature and set only sopts.insns/sopts.insns_sz in
gen_trace(). Should this carry a Fixes: tag?

  Fixes: 40863f4d6ef2 ("bpftool: Add support for signing BPF programs")


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/27312517811