On Thu, 03 Apr 2025, Qunqin Zhao wrote:
> This driver supports Loongson Security Module, which provides the control
> for it's hardware encryption acceleration child devices.
>
> Co-developed-by: Yinggang Gu
> Signed-off-by: Yinggang Gu
> Signed-off-by: Qunqin Zhao
> Reviewed-by: Huacai Chen
On Fri, Mar 21, 2025 at 1:22 PM Jarkko Sakkinen wrote:
> On Thu, Mar 20, 2025 at 05:36:41PM -0400, Paul Moore wrote:
...
> > I want to address two things, the first, and most important, is that
> > while I am currently employed by Microsoft, I do not speak for
> > Microsoft and the decisions and
> On Mar 21, 2025, at 2:53 PM, James Bottomley
> wrote:
>
> On Fri, 2025-03-21 at 20:15 +, Eric Snowberg wrote:
>>> On Mar 21, 2025, at 10:55 AM, James Bottomley
>>> wrote:
> [...]
Hopefully that is not the case, since the public key ships on
just about every single PC built.
This patch series introduces the Hornet LSM. The goal of Hornet is to
provide a signature verification mechanism for eBPF programs.
eBPF has similar requirements to that of modules when it comes to
loading: find symbol addresses, fix up ELF relocations, some struct
field offset handling stuff call
This adds the Hornet Linux Security Module which provides signature
verification of eBPF programs. This allows users to continue to
maintain an invariant that all code running inside of the kernel has
been signed.
The primary target for signature verification is light-skeleton based
eBPF programs
This introduces the sign-ebpf tool. It is very similar to the existing
sign-file script, with one key difference, it will sign a file with
with a signature computed off of arbitrary input data. This can used
to sign an ebpf light skeleton loader program for verification via
Hornet.
Typical usage i
This script eases light skeleton development against Hornet by
generating a data payload which can be used for signing a light
skeleton binary using sign-ebpf. The binary payload it generates
contains the skeleton's ebpf instructions followed by the skeleton
loader's map.
Signed-off-by: Blaise Bos
This selftest contains a testcase that utilizes light skeleton eBPF
loaders. One version of the light skeleton is signed with the
autogenerated module signing key, another is not. A test driver
attempts to load the programs. With Hornet enabled, the signed version
should successfully be loaded, and