Re: [PATCH 08/12] bpf: Implement signature verification for BPF programs

[PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
[PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · kernel test robot <hidden> · 2025-06-09
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Eric Biggers <ebiggers@kernel.org> · 2025-06-12
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-16
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Eric Biggers <ebiggers@kernel.org> · 2025-06-16
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-17
[PATCH 02/12] bpf: Update the bpf_prog_calc_tag to use SHA256 · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 02/12] bpf: Update the bpf_prog_calc_tag to use SHA256 · Alexei Starovoitov <hidden> · 2025-06-09
[PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 03/12] bpf: Implement exclusive map creation · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 03/12] bpf: Implement exclusive map creation · Alexei Starovoitov <hidden> · 2025-06-11
Re: [PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-11
[PATCH 04/12] libbpf: Implement SHA256 internal helper · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 04/12] libbpf: Implement SHA256 internal helper · Andrii Nakryiko <hidden> · 2025-06-12
[PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 05/12] libbpf: Support exclusive map creation · kernel test robot <hidden> · 2025-06-07
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-06-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-06-13
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-07-14
[PATCH 06/12] selftests/bpf: Add tests for exclusive maps · KP Singh <kpsingh@kernel.org> · 2025-06-06
[PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · kernel test robot <hidden> · 2025-06-07
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · kernel test robot <hidden> · 2025-06-08
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · Alexei Starovoitov <hidden> · 2025-06-11
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-11
[PATCH 08/12] bpf: Implement signature verification for BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 08/12] bpf: Implement signature verification for BPF programs · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 08/12] bpf: Implement signature verification for BPF programs · Blaise Boscaccy <hidden> · 2025-06-10
[PATCH 09/12] libbpf: Update light skeleton for signing · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 09/12] libbpf: Update light skeleton for signing · Alexei Starovoitov <hidden> · 2025-06-09
[PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Alexei Starovoitov <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Paul Moore <paul@paul-moore.com> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Andrii Nakryiko <hidden> · 2025-06-12
[PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-08
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · Blaise Boscaccy <hidden> · 2025-06-10
[PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · Alexei Starovoitov <hidden> · 2025-06-10
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-09
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-09
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Blaise Boscaccy <hidden> · 2025-07-08
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-10

From: Alexei Starovoitov <hidden>
Date: 2025-06-09 21:39:53
Also in: bpf

On Fri, Jun 6, 2025 at 4:29 PM KP Singh [off-list ref] wrote:

quoted hunk ↗ jump to hunk

This patch extends the BPF_PROG_LOAD command by adding three new fields
to `union bpf_attr` in the user-space API:

  - signature: A pointer to the signature blob.
  - signature_size: The size of the signature blob.
  - keyring_id: The serial number of a loaded kernel keyring (e.g.,
    the user or session keyring) containing the trusted public keys.

When a BPF program is loaded with a signature, the kernel:

1.  Retrieves the trusted keyring using the provided `keyring_id`.
2.  Verifies the supplied signature against the BPF program's
    instruction buffer.
3.  If the signature is valid and was generated by a key in the trusted
    keyring, the program load proceeds.
4.  If no signature is provided, the load proceeds as before, allowing
    for backward compatibility. LSMs can chose to restrict unsigned
    programs and implement a security policy.
5.  If signature verification fails for any reason,
    the program is not loaded.

Signed-off-by: KP Singh <kpsingh@kernel.org>
---
 include/linux/bpf.h            |  9 +++++++-
 include/uapi/linux/bpf.h       | 10 +++++++++
 kernel/bpf/syscall.c           | 39 +++++++++++++++++++++++++++++++++-
 kernel/trace/bpf_trace.c       |  6 ++++--
 tools/include/uapi/linux/bpf.h | 10 +++++++++
 tools/lib/bpf/bpf.c            |  2 +-
 6 files changed, 71 insertions(+), 5 deletions(-)

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 35f1a633d87a..32a41803d61c 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h

@@ -2778,7 +2778,14 @@ bpf_jit_find_kfunc_model(const struct bpf_prog *prog,
 int bpf_get_kfunc_addr(const struct bpf_prog *prog, u32 func_id,
                       u16 btf_fd_idx, u8 **func_addr);

-struct bpf_core_ctx {
+__bpf_kfunc struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags);

No need for __bpf_kfunc attribute in prototypes.
It's only meaningful in definition.

+__bpf_kfunc struct bpf_key *bpf_lookup_system_key(u64 id);
+__bpf_kfunc void bpf_key_put(struct bpf_key *bkey);
+__bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_p,
+                                          struct bpf_dynptr *sig_p,
+                                          struct bpf_key *trusted_keyring);
+

We probably need to move them to kernel/bpf/helper.c first.
Since kernel/trace/bpf_trace.c depends on:
config BPF_EVENTS
        depends on BPF_SYSCALL
        depends on (KPROBE_EVENTS || UPROBE_EVENTS) && PERF_EVENTS

They will still be guarded by CONFIG_KEYS, of course.

+       struct bpf_core_ctx {

drop extra tab.

        struct bpf_verifier_log *log;
        const struct btf *btf;
 };

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help