lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACYkzJ6ChW6GeG8CJiUR6w-Nu3U2OYednXgCYJmp6N5FysLc2w@mail.gmail.com>
Date: Sat, 31 May 2025 00:47:10 +0200
From: KP Singh <kpsingh@...nel.org>
To: Blaise Boscaccy <bboscaccy@...ux.microsoft.com>
Cc: Paul Moore <paul@...l-moore.com>, jarkko@...nel.org, zeffron@...tgames.com, 
	xiyou.wangcong@...il.com, kysrinivasan@...il.com, code@...icks.com, 
	linux-security-module@...r.kernel.org, roberto.sassu@...wei.com, 
	James.Bottomley@...senpartnership.com, Alexei Starovoitov <ast@...nel.org>, 
	Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, 
	Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, 
	Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, 
	Yonghong Song <yonghong.song@...ux.dev>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, 
	Jiri Olsa <jolsa@...nel.org>, David Howells <dhowells@...hat.com>, Lukas Wunner <lukas@...ner.de>, 
	Ignat Korchagin <ignat@...udflare.com>, Quentin Monnet <qmo@...nel.org>, 
	Jason Xing <kerneljasonxing@...il.com>, Willem de Bruijn <willemb@...gle.com>, 
	Anton Protopopov <aspsk@...valent.com>, Jordan Rome <linux@...danrome.com>, 
	Martin Kelly <martin.kelly@...wdstrike.com>, Alan Maguire <alan.maguire@...cle.com>, 
	Matteo Croce <teknoraver@...a.com>, bpf@...r.kernel.org, linux-kernel@...r.kernel.org, 
	keyrings@...r.kernel.org, linux-crypto@...r.kernel.org, kys@...rosoft.com
Subject: Re: [PATCH 0/3] BPF signature verification

On Sat, May 31, 2025 at 12:27 AM Blaise Boscaccy
<bboscaccy@...ux.microsoft.com> wrote:
>
> KP Singh <kpsingh@...nel.org> writes:
>
> > On Sat, May 31, 2025 at 12:14 AM Blaise Boscaccy
> > <bboscaccy@...ux.microsoft.com> wrote:
> >>
> >> KP Singh <kpsingh@...nel.org> writes:
> >>
> >> > On Fri, May 30, 2025 at 11:19 PM Blaise Boscaccy
> >> > <bboscaccy@...ux.microsoft.com> wrote:
> >> >>
> >> >> KP Singh <kpsingh@...nel.org> writes:
> >> >>
> >> >
> >> > [...]
> >> >
> >> >> >
> >> >>
> >> >> And that isn't at odds with the kernel being able to do it nor is it
> >> >> with what I posted.
> >> >>
> >> >> > If your build environment that signs the BPF program is compromised
> >> >> > and can inject arbitrary code, then signing does not help.  Can you
> >> >> > explain what a supply chain attack would look like here?
> >> >> >
> >> >>
> >> >> Most people here can read C code. The number of people that can read
> >> >> ebpf assembly metaprogramming code is much smaller. Compromising clang
> >> >> is one thing, compromising libbpf is another. Your proposal increases
> >> >> the attack surface with no observable benefit. If I was going to leave a
> >> >> hard-to-find backdoor into ring0, gen.c would be a fun place to explore
> >> >> doing it. Module and UEFI signature verification code doesn't live
> >> >> inside of GCC or Clang as set of meta-instructions that get emitted, and
> >> >> there are very good reasons for that.
> >> >>
> >> >> Further, since the signature verification code is unique for each and
> >> >> every program it needs to be verified/proved/tested for each and every
> >> >> program. Additionally, since all these checks are being forced outside
> >> >> of the kernel proper, with the insistence of keeping the LSM layer in
> >> >> the dark of the ultimate result, the only way to test that a program
> >> >> will fail if the map is corrupted is to physically corrupt each and
> >> >> every program and test that individually. That isn't "elegant" nor "user
> >> >> friendly" in any way, shape or form.
> >> >>
> >> >> >> subsystem.  Additionally, it is impossible to verify the code
> >> >> >> performing the signature verification, as it is uniquely regenerated
> >> >> >
> >> >> > The LSM needs to ensure that it allows trusted LOADER programs i.e.
> >> >> > with signatures and potentially trusted signed user-space binaries
> >> >> > with unsigned or delegated signing (this will be needed for Cilium and
> >> >> > bpftrace that dynamically generate BPF programs), that's a more
> >> >> > important aspect of the LSM policy from a BPF perspective.
> >> >> >
> >> >>
> >> >> I would like to be able to sign my programs please and have the kernel
> >> >> verify it was done correctly. Why are you insisting that I *don't* do
> >> >> that?  I'm yet to see any technical objection to doing that. Do you have
> >> >> one that you'd like to share at this point?
> >> >
> >> > The kernel allows a trusted loader that's signed with your private
> >> > key, that runs in the kernel context to delegate the verification.
> >> > This pattern of a trusted / delegated loader is going to be required
> >> > for many of the BPF use-cases that are out there (Cilium, bpftrace)
> >> > that dynamically generate eBPF programs.
> >> >
> >> > The technical objection is that:
> >> >
> >> > * It does not align with most BPF use-cases out there as most
> >> > use-cases need a trusted loader.
> >>
> >> No, it's definitely a use case. It's trivial to support both a trusted
> >> loader and a signature over the hash chain of supplied assets.
> >>
> >> > * Locks us into a UAPI, whereas a signed LOADER allows us to
> >> > incrementally build signing for all use-cases without compromising the
> >> > security properties.
> >> >
> >>
> >> Your proposal locks us into a UAPI as well. There is no way to make to
> >> do this via UAPI without making a UAPI design choice.
> >>
> >> > BPF's philosophy is that of flexibility and not locking the users into
> >> > a rigid in-kernel implementation and UAPI.
> >> >
> >>
> >> Then why are you locking us into a rigid
> >> only-signing-the-loader-is-allowed implementation?
> >
> > I explained this before, the delegated / trusted loader is needed by
> > many BPF use-cases. A UAPI is forever, thus the lock-in.
> >
>
> Again, I'm not following. What is technically wrong with supporting both
> signing a loader only and allowing for the signature of multiple
> passed-in assets? It's trivial to support both and any path forward will
> force a UAPI lock-in.
>
> Do you simply feel that it isn't a valid use case and therefore we
> shouldn't be allowed to do it?
>

I am saying both are not needed when one (trusted loader) handles all
cases. You are writing / generating the loader anyways, you have the
private key, the only thing to be done is add a few lines to the
loader to verify an embedded hash.

Let's have this discussion in the patch series, much easier to discuss
with the code.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ