From: Matteo Croce <mcroce@xxxxxxxxxxxxx> This series add signature verification for BPF files. The first patch implements the signature validation in the kernel, the second patch optionally makes the signature mandatory, the third adds signature generation to bpftool. This only works with CO-RE programs. Matteo Croce (3): bpf: add signature to eBPF instructions bpf: add option to require BPF signature bpftool: add signature in skeleton crypto/asymmetric_keys/asymmetric_type.c | 1 + crypto/asymmetric_keys/pkcs7_verify.c | 7 +- include/linux/verification.h | 1 + include/uapi/linux/bpf.h | 2 + kernel/bpf/Kconfig | 14 ++ kernel/bpf/syscall.c | 51 +++++- tools/bpf/bpftool/Makefile | 14 +- tools/bpf/bpftool/gen.c | 33 ++++ tools/bpf/bpftool/main.c | 28 +++ tools/bpf/bpftool/main.h | 7 + tools/bpf/bpftool/sign.c | 218 +++++++++++++++++++++++ tools/include/uapi/linux/bpf.h | 2 + tools/lib/bpf/skel_internal.h | 4 + 13 files changed, 372 insertions(+), 10 deletions(-) create mode 100644 tools/bpf/bpftool/sign.c -- 2.33.1
