| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhR6J+G7MqBSBQemwQsYXdatEhhKCDJ2o13fpXpMgfY66g@mail.gmail.com> Date: Thu, 3 Apr 2025 11:40:20 -0400 From: Paul Moore <paul@...l-moore.com> To: Blaise Boscaccy <bboscaccy@...ux.microsoft.com> Cc: Jonathan Corbet <corbet@....net>, David Howells <dhowells@...hat.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, Shuah Khan <shuah@...nel.org>, Mickaël Salaün <mic@...ikod.net>, Günther Noack <gnoack@...gle.com>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, Jarkko Sakkinen <jarkko@...nel.org>, Jan Stancek <jstancek@...hat.com>, Neal Gompa <neal@...pa.dev>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, keyrings@...r.kernel.org, linux-crypto@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kbuild@...r.kernel.org, linux-kselftest@...r.kernel.org, bpf@...r.kernel.org, llvm@...ts.linux.dev, nkapron@...gle.com, teknoraver@...a.com, roberto.sassu@...wei.com, xiyou.wangcong@...il.com Subject: Re: [RFC PATCH security-next 1/4] security: Hornet LSM On Fri, Mar 21, 2025 at 12:46 PM Blaise Boscaccy <bboscaccy@...ux.microsoft.com> wrote: > > This adds the Hornet Linux Security Module which provides signature > verification of eBPF programs. > > Hornet uses a similar signature verification scheme similar to that of > kernel modules. A pkcs#7 signature is appended to the end of an > executable file. During an invocation of bpf_prog_load, the signature > is fetched from the current task's executable file. That signature is > used to verify the integrity of the bpf instructions and maps which > where passed into the kernel. Additionally, Hornet implicitly trusts any > programs which where loaded from inside kernel rather than userspace, > which allows BPF_PRELOAD programs along with outputs for BPF_SYSCALL > programs to run. > > Hornet allows users to continue to maintain an invariant that all code > running inside of the kernel has been signed and works well with > light-skeleton based loaders, or any statically generated program that > doesn't require userspace instruction rewriting. > > Signed-off-by: Blaise Boscaccy <bboscaccy@...ux.microsoft.com> > --- > Documentation/admin-guide/LSM/Hornet.rst | 51 +++++ > crypto/asymmetric_keys/pkcs7_verify.c | 10 + > include/linux/kernel_read_file.h | 1 + > include/linux/verification.h | 1 + > include/uapi/linux/lsm.h | 1 + > security/Kconfig | 3 +- > security/Makefile | 1 + > security/hornet/Kconfig | 11 ++ > security/hornet/Makefile | 4 + > security/hornet/hornet_lsm.c | 239 +++++++++++++++++++++++ > 10 files changed, 321 insertions(+), 1 deletion(-) > create mode 100644 Documentation/admin-guide/LSM/Hornet.rst > create mode 100644 security/hornet/Kconfig > create mode 100644 security/hornet/Makefile > create mode 100644 security/hornet/hornet_lsm.c A reminder that you'll need to take responsibility for maintaining Hornet and provide a corresponding entry in the MAINTAINERS file too. I'm not nice enough to maintain Hornet for you ;) If you have any questions about any of the fields, let me know. I believe you've seen this already, but as a general FYI we do have some guidelines for new LSMs: https://web.git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git/tree/README.md -- paul-moore.com
Powered by blists - more mailing lists