On Wed, Aug 13, 2025 at 4:55 PM KP Singh <kpsingh@xxxxxxxxxx> wrote: > > This patch extends the BPF_PROG_LOAD command by adding three new fields > to `union bpf_attr` in the user-space API: > > - signature: A pointer to the signature blob. > - signature_size: The size of the signature blob. > - keyring_id: The serial number of a loaded kernel keyring (e.g., > the user or session keyring) containing the trusted public keys. > > When a BPF program is loaded with a signature, the kernel: > > 1. Retrieves the trusted keyring using the provided `keyring_id`. > 2. Verifies the supplied signature against the BPF program's > instruction buffer. > 3. If the signature is valid and was generated by a key in the trusted > keyring, the program load proceeds. > 4. If no signature is provided, the load proceeds as before, allowing > for backward compatibility. LSMs can chose to restrict unsigned > programs and implement a security policy. > 5. If signature verification fails for any reason, > the program is not loaded. > > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx> > --- > crypto/asymmetric_keys/pkcs7_verify.c | 1 + > include/linux/verification.h | 1 + > include/uapi/linux/bpf.h | 10 +++++++ > kernel/bpf/helpers.c | 2 +- > kernel/bpf/syscall.c | 42 ++++++++++++++++++++++++++- > tools/include/uapi/linux/bpf.h | 10 +++++++ > tools/lib/bpf/bpf.c | 2 +- > 7 files changed, 65 insertions(+), 3 deletions(-) It's nice to see a v3 revision, but it would be good to see some comments on Blaise's reply to your v2 revision. From what I can see it should enable the different use cases and requirements that have been posted. https://lore.kernel.org/linux-security-module/87sei58vy3.fsf@xxxxxxxxxxxxx -- paul-moore.com
