On Fri, Dec 3, 2021 at 8:22 PM Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > > On Fri, Dec 3, 2021 at 11:18 AM Matteo Croce <mcroce@xxxxxxxxxxxxxxxxxxx> wrote: > > > > From: Matteo Croce <mcroce@xxxxxxxxxxxxx> > > > > This series add signature verification for BPF files. > > The first patch implements the signature validation in the kernel, > > the second patch optionally makes the signature mandatory, > > the third adds signature generation to bpftool. > > Matteo, > > I think I already mentioned that it's no-go as-is. > We've agreed to go with John's suggestion. Hi, my previous attempt was loading a whole ELF file and parsing it in kernel. In this series I just validate the instructions against a signature, as with kernel CO-RE libbpf doesn't need to mangle it. Which suggestion? I think I missed this one.. -- per aspera ad upstream
