| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211203191844.69709-1-mcroce@linux.microsoft.com>
Date: Fri, 3 Dec 2021 20:18:41 +0100
From: Matteo Croce <mcroce@...ux.microsoft.com>
To: bpf@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Jakub Kicinski <kuba@...nel.org>,
Jesper Dangaard Brouer <hawk@...nel.org>,
keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
Luca Boccassi <bluca@...ian.org>,
Lorenzo Bianconi <lorenzo@...nel.org>
Subject: [PATCH bpf-next 0/3] bpf: add signature
From: Matteo Croce <mcroce@...rosoft.com>
This series add signature verification for BPF files.
The first patch implements the signature validation in the kernel,
the second patch optionally makes the signature mandatory,
the third adds signature generation to bpftool.
This only works with CO-RE programs.
Matteo Croce (3):
bpf: add signature to eBPF instructions
bpf: add option to require BPF signature
bpftool: add signature in skeleton
crypto/asymmetric_keys/asymmetric_type.c | 1 +
crypto/asymmetric_keys/pkcs7_verify.c | 7 +-
include/linux/verification.h | 1 +
include/uapi/linux/bpf.h | 2 +
kernel/bpf/Kconfig | 14 ++
kernel/bpf/syscall.c | 51 +++++-
tools/bpf/bpftool/Makefile | 14 +-
tools/bpf/bpftool/gen.c | 33 ++++
tools/bpf/bpftool/main.c | 28 +++
tools/bpf/bpftool/main.h | 7 +
tools/bpf/bpftool/sign.c | 218 +++++++++++++++++++++++
tools/include/uapi/linux/bpf.h | 2 +
tools/lib/bpf/skel_internal.h | 4 +
13 files changed, 372 insertions(+), 10 deletions(-)
create mode 100644 tools/bpf/bpftool/sign.c
--
2.33.1
Powered by blists - more mailing lists