Re: [PATCH 0/3] BPF signature verification

[PATCH 0/3] BPF signature verification · Blaise Boscaccy <hidden> · 2025-05-28
[PATCH 1/3] bpf: Add bpf_check_signature · Blaise Boscaccy <hidden> · 2025-05-28
Re: [PATCH 1/3] bpf: Add bpf_check_signature · kernel test robot <hidden> · 2025-05-29
Re: [PATCH 1/3] bpf: Add bpf_check_signature · Lukas Wunner <lukas@wunner.de> · 2025-05-29
Re: [PATCH 1/3] bpf: Add bpf_check_signature · Blaise Boscaccy <hidden> · 2025-05-29
Re: [PATCH 1/3] bpf: Add bpf_check_signature · Lukas Wunner <lukas@wunner.de> · 2025-05-29
Re: [PATCH 1/3] bpf: Add bpf_check_signature · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-05-29
Re: [PATCH 1/3] bpf: Add bpf_check_signature · Paul Moore <paul@paul-moore.com> · 2025-06-02
Re: [PATCH 1/3] bpf: Add bpf_check_signature · Jarkko Sakkinen <jarkko@kernel.org> · 2025-06-04
[PATCH 2/3] bpf: Support light-skeleton signatures in autogenerated code · Blaise Boscaccy <hidden> · 2025-05-28
[PATCH 3/3] bpftool: Allow signing of light-skeleton programs · Blaise Boscaccy <hidden> · 2025-05-28
Re: [PATCH 0/3] BPF signature verification · KP Singh <kpsingh@kernel.org> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · Paul Moore <paul@paul-moore.com> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · KP Singh <kpsingh@kernel.org> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · Blaise Boscaccy <hidden> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · KP Singh <kpsingh@kernel.org> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · KP Singh <kpsingh@kernel.org> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · Blaise Boscaccy <hidden> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · Blaise Boscaccy <hidden> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · KP Singh <kpsingh@kernel.org> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · Blaise Boscaccy <hidden> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · KP Singh <kpsingh@kernel.org> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · Blaise Boscaccy <hidden> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · KP Singh <kpsingh@kernel.org> · 2025-05-30
Re: [PATCH 0/3] BPF signature verification · Blaise Boscaccy <hidden> · 2025-06-02
Re: [PATCH 0/3] BPF signature verification · Jarkko Sakkinen <jarkko@kernel.org> · 2025-06-04

From: Blaise Boscaccy <hidden>
Date: 2025-06-02 15:01:36
Also in: bpf, keyrings, linux-crypto, lkml

KP Singh [off-list ref] writes:

quoted

And I'm saying that they are, based on wanting visibility in the LSM
layer, passing that along to the end user, and wanting to be able to
show correctness, along with mitigating an entire vector of supply chain
attacks targeting gen.c.

What supply chain attack?I asked this earlier, you never replied, what
does a supply chain attack here really look like?

I responded to that here:
https://lore.kernel.org/linux-security-module/87iklhn6ed.fsf@microsoft.com/ (local)

Warmest Regards,
Blaise

- KP

quoted

So in summary, your objection to this is that you feel it's simply "not
needed", and those above risks/design problems aren't actually an issue?

quoted

Let's have this discussion in the patch series, much easier to discuss
with the code.

I think we've all been waiting for that. Yes, lets.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help