On Fri, 2021-12-03 at 11:37 -0800, Alexei Starovoitov wrote: > On Fri, Dec 3, 2021 at 11:36 AM Matteo Croce > <mcroce@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Fri, Dec 3, 2021 at 8:22 PM Alexei Starovoitov > > <alexei.starovoitov@xxxxxxxxx> wrote: > > > > > > On Fri, Dec 3, 2021 at 11:18 AM Matteo Croce > > > <mcroce@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > From: Matteo Croce <mcroce@xxxxxxxxxxxxx> > > > > > > > > This series add signature verification for BPF files. > > > > The first patch implements the signature validation in the > > > > kernel, > > > > the second patch optionally makes the signature mandatory, > > > > the third adds signature generation to bpftool. > > > > > > Matteo, > > > > > > I think I already mentioned that it's no-go as-is. > > > We've agreed to go with John's suggestion. > > > > Hi, > > > > my previous attempt was loading a whole ELF file and parsing it in > > kernel. > > In this series I just validate the instructions against a > > signature, > > as with kernel CO-RE libbpf doesn't need to mangle it. > > > > Which suggestion? I think I missed this one.. > > This talk and discussion: > https://linuxplumbersconf.org/event/11/contributions/947/ Thanks for the link - but for those of us who don't have ~5 hours to watch a video recording, would you mind sharing a one line summary, please? Is there an alternative patch series implementing BPF signing that you can link us so that we can look at it? Just a link or googlable reference would be more than enough. Thank you! -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part
