Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests

[PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
[PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · kernel test robot <hidden> · 2025-06-09
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Eric Biggers <ebiggers@kernel.org> · 2025-06-12
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-16
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · Eric Biggers <ebiggers@kernel.org> · 2025-06-16
Re: [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing · KP Singh <kpsingh@kernel.org> · 2025-06-17
[PATCH 02/12] bpf: Update the bpf_prog_calc_tag to use SHA256 · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 02/12] bpf: Update the bpf_prog_calc_tag to use SHA256 · Alexei Starovoitov <hidden> · 2025-06-09
[PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 03/12] bpf: Implement exclusive map creation · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 03/12] bpf: Implement exclusive map creation · Alexei Starovoitov <hidden> · 2025-06-11
Re: [PATCH 03/12] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-11
[PATCH 04/12] libbpf: Implement SHA256 internal helper · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 04/12] libbpf: Implement SHA256 internal helper · Andrii Nakryiko <hidden> · 2025-06-12
[PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 05/12] libbpf: Support exclusive map creation · kernel test robot <hidden> · 2025-06-07
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-06-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-06-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-06-13
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-12
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-14
Re: [PATCH 05/12] libbpf: Support exclusive map creation · Andrii Nakryiko <hidden> · 2025-07-14
[PATCH 06/12] selftests/bpf: Add tests for exclusive maps · KP Singh <kpsingh@kernel.org> · 2025-06-06
[PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · kernel test robot <hidden> · 2025-06-07
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · kernel test robot <hidden> · 2025-06-08
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · Alexei Starovoitov <hidden> · 2025-06-11
Re: [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-06-11
[PATCH 08/12] bpf: Implement signature verification for BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 08/12] bpf: Implement signature verification for BPF programs · Alexei Starovoitov <hidden> · 2025-06-09
Re: [PATCH 08/12] bpf: Implement signature verification for BPF programs · Blaise Boscaccy <hidden> · 2025-06-10
[PATCH 09/12] libbpf: Update light skeleton for signing · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 09/12] libbpf: Update light skeleton for signing · Alexei Starovoitov <hidden> · 2025-06-09
[PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Alexei Starovoitov <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Paul Moore <paul@paul-moore.com> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-11
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader · Andrii Nakryiko <hidden> · 2025-06-12
[PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-08
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 11/12] bpftool: Add support for signing BPF programs · Blaise Boscaccy <hidden> · 2025-06-10
[PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-06-06
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · Alexei Starovoitov <hidden> · 2025-06-10
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · Blaise Boscaccy <hidden> · 2025-06-10
Re: [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-09
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-09
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Toke Høiland-Jørgensen <toke@kernel.org> · 2025-06-10
Re: [PATCH 00/12] Signed BPF programs · Blaise Boscaccy <hidden> · 2025-07-08
Re: [PATCH 00/12] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-10

From: Alexei Starovoitov <hidden>
Date: 2025-06-10 00:45:40
Also in: bpf

On Fri, Jun 6, 2025 at 4:29 PM KP Singh [off-list ref] wrote:

quoted hunk ↗ jump to hunk

Convert the kernel's generated verification certificate into a C header
file using xxd.  Finally, update the main test runner to load this
certificate into the session keyring via the add_key() syscall before
executing any tests.

The kernel's module signing verification certificate is converted to a
headerfile and loaded as a session key and all light skeleton tests are
updated to be signed.

Signed-off-by: KP Singh <kpsingh@kernel.org>
---
 tools/testing/selftests/bpf/.gitignore   |  1 +
 tools/testing/selftests/bpf/Makefile     | 13 +++++++++++--
 tools/testing/selftests/bpf/test_progs.c | 13 +++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore
index e2a2c46c008b..5ab96f8ab1c9 100644
--- a/tools/testing/selftests/bpf/.gitignore
+++ b/tools/testing/selftests/bpf/.gitignore

@@ -45,3 +45,4 @@ xdp_redirect_multi
 xdp_synproxy
 xdp_hw_metadata
 xdp_features
+verification_cert.h

diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile
index cf5ed3bee573..778b54be7ef4 100644
--- a/tools/testing/selftests/bpf/Makefile
+++ b/tools/testing/selftests/bpf/Makefile

@@ -7,6 +7,7 @@ CXX ?= $(CROSS_COMPILE)g++

 CURDIR := $(abspath .)
 TOOLSDIR := $(abspath ../../..)
+CERTSDIR := $(abspath ../../../../certs)
 LIBDIR := $(TOOLSDIR)/lib
 BPFDIR := $(LIBDIR)/bpf
 TOOLSINCDIR := $(TOOLSDIR)/include

@@ -534,7 +535,7 @@ HEADERS_FOR_BPF_OBJS := $(wildcard $(BPFDIR)/*.bpf.h)               \
 # $1 - test runner base binary name (e.g., test_progs)
 # $2 - test runner extra "flavor" (e.g., no_alu32, cpuv4, bpf_gcc, etc)
 define DEFINE_TEST_RUNNER
-
+LSKEL_SIGN := -S -k $(CERTSDIR)/signing_key.pem -i $(CERTSDIR)/signing_key.x509

Can we do a fallback for setups without CONFIG_MODULE_SIG ?
Reuse setup() helper from verify_sig_setup.sh ?
Doesn't have to be right away. It can be a follow up.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help