Re: [PATCH 00/12] Signed BPF programs

[PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
[PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · kernel test robot <hidden> · 2025-06-09
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Eric Biggers <ebiggers@kernel.org> · 2025-06-12
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-16
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Eric Biggers <ebiggers@kernel.org> · 2025-06-16
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-17
[PATCH 02/12] bpf: Update the bpf_prog_calc_tag to use SHA256 · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 02/12] bpf: Update the bpf_prog_calc_tag to use SHA256 · Alexei Starovoitov <hidden> · 2025-06-09
[PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 03/12] bpf: Implement exclusive map creation · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 03/12] bpf: Implement exclusive map creation · Alexei Starovoitov <hidden> · 2025-06-11
Re: [PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-11
[PATCH 04/12] libbpf: Implement SHA256 internal helper · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 04/12] libbpf: Implement SHA256 internal helper · Andrii Nakryiko <hidden> · 2025-06-12
[PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 05/12] libbpf: Support exclusive map creation · kernel test robot <hidden> · 2025-06-07
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-06-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-06-13
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-07-14
[PATCH 06/12] selftests/bpf: Add tests for exclusive maps · KP Singh <kpsingh@kernel.org> · 2025-06-06
[PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · kernel test robot <hidden> · 2025-06-07
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · kernel test robot <hidden> · 2025-06-08
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · Alexei Starovoitov <hidden> · 2025-06-11
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-11
[PATCH 08/12] bpf: Implement signature verification for BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 08/12] bpf: Implement signature verification for BPF programs · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 08/12] bpf: Implement signature verification for BPF programs · Blaise Boscaccy <hidden> · 2025-06-10
[PATCH 09/12] libbpf: Update light skeleton for signing · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 09/12] libbpf: Update light skeleton for signing · Alexei Starovoitov <hidden> · 2025-06-09
[PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Alexei Starovoitov <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Paul Moore <paul@paul-moore.com> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Andrii Nakryiko <hidden> · 2025-06-12
[PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-08
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · Blaise Boscaccy <hidden> · 2025-06-10
[PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · Alexei Starovoitov <hidden> · 2025-06-10
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-09
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-09
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Blaise Boscaccy <hidden> · 2025-07-08
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-10

From: Toke Høiland-Jørgensen <toke@kernel.org>
Date: 2025-06-09 08:20:50
Also in: bpf

Given that many use-cases (e.g. Cilium) generate trusted BPF programs,
trusted loaders are an inevitability and a requirement for signing support, a
entrusting loader programs will be a fundamental requirement for an security
policy.

So I've been following this discussion a bit on the sidelines, and have
a question related to this:

From your description a loader would have embedded hashes for a concrete
BPF program, which doesn't really work for dynamically generated
programs. So how would a "trusted loader" work for dynamically generated
programs?

-Toke

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help