Re: [PATCH v7 1/6] mfd: Add support for Loongson Security Module

2025-04-04 Thread Lee Jones
On Thu, 03 Apr 2025, Qunqin Zhao wrote: > This driver supports Loongson Security Module, which provides the control > for it's hardware encryption acceleration child devices. > > Co-developed-by: Yinggang Gu > Signed-off-by: Yinggang Gu > Signed-off-by: Qunqin Zhao > Reviewed-by: Huacai Chen

Re: [RFC PATCH v3 00/13] Clavis LSM

2025-04-04 Thread Paul Moore
On Fri, Mar 21, 2025 at 1:22 PM Jarkko Sakkinen wrote: > On Thu, Mar 20, 2025 at 05:36:41PM -0400, Paul Moore wrote: ... > > I want to address two things, the first, and most important, is that > > while I am currently employed by Microsoft, I do not speak for > > Microsoft and the decisions and

Re: [RFC PATCH v3 00/13] Clavis LSM

2025-04-04 Thread Eric Snowberg
> On Mar 21, 2025, at 2:53 PM, James Bottomley > wrote: > > On Fri, 2025-03-21 at 20:15 +, Eric Snowberg wrote: >>> On Mar 21, 2025, at 10:55 AM, James Bottomley >>> wrote: > [...] Hopefully that is not the case, since the public key ships on just about every single PC built.

[PATCH v2 security-next 0/4] Introducing Hornet LSM

2025-04-04 Thread Blaise Boscaccy
This patch series introduces the Hornet LSM. The goal of Hornet is to provide a signature verification mechanism for eBPF programs. eBPF has similar requirements to that of modules when it comes to loading: find symbol addresses, fix up ELF relocations, some struct field offset handling stuff call

[PATCH v2 security-next 1/4] security: Hornet LSM

2025-04-04 Thread Blaise Boscaccy
This adds the Hornet Linux Security Module which provides signature verification of eBPF programs. This allows users to continue to maintain an invariant that all code running inside of the kernel has been signed. The primary target for signature verification is light-skeleton based eBPF programs

[PATCH v2 security-next 2/4] hornet: Introduce sign-ebpf

2025-04-04 Thread Blaise Boscaccy
This introduces the sign-ebpf tool. It is very similar to the existing sign-file script, with one key difference, it will sign a file with with a signature computed off of arbitrary input data. This can used to sign an ebpf light skeleton loader program for verification via Hornet. Typical usage i

[PATCH v2 security-next 3/4] hornet: Add a light skeleton data extractor script

2025-04-04 Thread Blaise Boscaccy
This script eases light skeleton development against Hornet by generating a data payload which can be used for signing a light skeleton binary using sign-ebpf. The binary payload it generates contains the skeleton's ebpf instructions followed by the skeleton loader's map. Signed-off-by: Blaise Bos

[PATCH v2 security-next 4/4] selftests/hornet: Add a selftest for the Hornet LSM

2025-04-04 Thread Blaise Boscaccy
This selftest contains a testcase that utilizes light skeleton eBPF loaders. One version of the light skeleton is signed with the autogenerated module signing key, another is not. A test driver attempts to load the programs. With Hornet enabled, the signed version should successfully be loaded, and